| blob | bdc47456bdcef3e3d59a17416c5950c8b9259b28 |
1 .\" Copyright (C) 1994, 1995, Daniel Quinlan <quinlan@yggdrasil.com>
2 .\" Copyright (C) 2002-2008, 2017, Michael Kerrisk <mtk.manpages@gmail.com>
3 .\" Copyright (C) 2023, Alejandro Colomar <alx@kernel.org>
4 .\"
5 .\" SPDX-License-Identifier: GPL-3.0-or-later
6 .\"
7 .TH proc 5 (date) "Linux man-pages (unreleased)"
8 .SH NAME
9 proc \- process information, system information, and sysctl pseudo-filesystem
10 .SH DESCRIPTION
11 The
12 .B proc
13 filesystem is a pseudo-filesystem which provides an interface to
14 kernel data structures.
15 It is commonly mounted at
16 .IR /proc .
17 Typically, it is mounted automatically by the system,
18 but it can also be mounted manually using a command such as:
19 .P
20 .in +4n
21 .EX
22 mount \-t proc proc /proc
23 .EE
24 .in
25 .P
26 Most of the files in the
27 .B proc
28 filesystem are read-only,
29 but some files are writable, allowing kernel variables to be changed.
30 .\"
31 .SS Mount options
32 The
33 .B proc
34 filesystem supports the following mount options:
35 .TP
36 .BR hidepid "=\fIn\fP (since Linux 3.3)"
37 .\" commit 0499680a42141d86417a8fbaa8c8db806bea1201
38 This option controls who can access the information in
39 .IR /proc/ pid
40 directories.
41 The argument,
42 .IR n ,
43 is one of the following values:
44 .RS
45 .TP 4
46 0
47 Everybody may access all
48 .IR /proc/ pid
49 directories.
50 This is the traditional behavior,
51 and the default if this mount option is not specified.
52 .TP
53 1
54 Users may not access files and subdirectories inside any
55 .IR /proc/ pid
56 directories but their own (the
57 .IR /proc/ pid
58 directories themselves remain visible).
59 Sensitive files such as
60 .IR /proc/ pid /cmdline
61 and
62 .IR /proc/ pid /status
63 are now protected against other users.
64 This makes it impossible to learn whether any user is running a
65 specific program
66 (so long as the program doesn't otherwise reveal itself by its behavior).
67 .\" As an additional bonus, since
68 .\" .IR /proc/[pid]/cmdline
69 .\" is inaccessible for other users,
70 .\" poorly written programs passing sensitive information via
71 .\" program arguments are now protected against local eavesdroppers.
72 .TP
73 2
74 As for mode 1, but in addition the
75 .IR /proc/ pid
76 directories belonging to other users become invisible.
77 This means that
78 .IR /proc/ pid
79 entries can no longer be used to discover the PIDs on the system.
80 This doesn't hide the fact that a process with a specific PID value exists
81 (it can be learned by other means, for example, by "kill \-0 $PID"),
82 but it hides a process's UID and GID,
83 which could otherwise be learned by employing
84 .BR stat (2)
85 on a
86 .IR /proc/ pid
87 directory.
88 This greatly complicates an attacker's task of gathering
89 information about running processes (e.g., discovering whether
90 some daemon is running with elevated privileges,
91 whether another user is running some sensitive program,
92 whether other users are running any program at all, and so on).
93 .RE
94 .TP
95 .BR gid "=\fIgid\fP (since Linux 3.3)"
96 .\" commit 0499680a42141d86417a8fbaa8c8db806bea1201
97 Specifies the ID of a group whose members are authorized to
98 learn process information otherwise prohibited by
99 .B hidepid
100 (i.e., users in this group behave as though
101 .I /proc
102 was mounted with
103 .IR hidepid=0 ).
104 This group should be used instead of approaches such as putting
105 nonroot users into the
106 .BR sudoers (5)
107 file.
108 .\"
109 .SS Overview
110 Underneath
111 .IR /proc ,
112 there are the following general groups of files and subdirectories:
113 .TP
114 .IR /proc/ "pid subdirectories"
115 Each one of these subdirectories contains files and subdirectories
116 exposing information about the process with the corresponding process ID.
117 .IP
118 Underneath each of the
119 .IR /proc/ pid
120 directories, a
121 .I task
122 subdirectory contains subdirectories of the form
123 .IR task/ tid,
124 which contain corresponding information about each of the threads
125 in the process, where
126 .I tid
127 is the kernel thread ID of the thread.
128 .IP
129 The
130 .IR /proc/ pid
131 subdirectories are visible when iterating through
132 .I /proc
133 with
134 .BR getdents (2)
135 (and thus are visible when one uses
136 .BR ls (1)
137 to view the contents of
138 .IR /proc ).
139 .TP
140 .IR /proc/ "tid subdirectories"
141 Each one of these subdirectories contains files and subdirectories
142 exposing information about the thread with the corresponding thread ID.
143 The contents of these directories are the same as the corresponding
144 .IR /proc/ pid /task/ tid
145 directories.
146 .IP
147 The
148 .IR /proc/ tid
149 subdirectories are
150 .I not
151 visible when iterating through
152 .I /proc
153 with
154 .BR getdents (2)
155 (and thus are
156 .I not
157 visible when one uses
158 .BR ls (1)
159 to view the contents of
160 .IR /proc ).
161 .TP
162 .I /proc/self
163 When a process accesses this magic symbolic link,
164 it resolves to the process's own
165 .IR /proc/ pid
166 directory.
167 .TP
168 .I /proc/thread\-self
169 When a thread accesses this magic symbolic link,
170 it resolves to the process's own
171 .IR /proc/self/task/ tid
172 directory.
173 .TP
174 .I /proc/[a\-z]*
175 Various other files and subdirectories under
176 .I /proc
177 expose system-wide information.
178 .P
179 All of the above are described in more detail below.
180 .\"
181 .\" .SH FILES
182 .\" FIXME Describe /proc/[pid]/sessionid
183 .\" commit 1e0bd7550ea9cf474b1ad4c6ff5729a507f75fdc
184 .\" CONFIG_AUDITSYSCALL
185 .\" Added in Linux 2.6.25; read-only; only readable by real UID
186 .\"
187 .\" FIXME Describe /proc/[pid]/sched
188 .\" Added in Linux 2.6.23
189 .\" CONFIG_SCHED_DEBUG, and additional fields if CONFIG_SCHEDSTATS
190 .\" Displays various scheduling parameters
191 .\" This file can be written, to reset stats
192 .\" The set of fields exposed by this file have changed
193 .\" significantly over time.
194 .\" commit 43ae34cb4cd650d1eb4460a8253a8e747ba052ac
195 .\"
196 .\" FIXME Describe /proc/[pid]/schedstats and
197 .\" /proc/[pid]/task/[tid]/schedstats
198 .\" Added in Linux 2.6.9
199 .\" CONFIG_SCHEDSTATS
200 .\" FIXME Document /proc/sched_debug (since Linux 2.6.23)
201 .\" See also /proc/[pid]/sched
202 .\" FIXME 2.6.13 seems to have /proc/vmcore implemented; document this
203 .\" See Documentation/kdump/kdump.txt
204 .\" commit 666bfddbe8b8fd4fd44617d6c55193d5ac7edb29
205 .\" Needs CONFIG_VMCORE
206 .\"
207 .SH NOTES
208 Many files contain strings (e.g., the environment and command line)
209 that are in the internal format,
210 with subfields terminated by null bytes (\[aq]\e0\[aq]).
211 When inspecting such files, you may find that the results are more readable
212 if you use a command of the following form to display them:
213 .P
214 .in +4n
215 .EX
216 .RB "$" " cat \fIfile\fP | tr \[aq]\e000\[aq] \[aq]\en\[aq]"
217 .EE
218 .in
219 .\" .SH ACKNOWLEDGEMENTS
220 .\" The material on /proc/sys/fs and /proc/sys/kernel is closely based on
221 .\" kernel source documentation files written by Rik van Riel.
222 .SH SEE ALSO
223 .BR cat (1),
224 .BR dmesg (1),
225 .BR find (1),
226 .BR free (1),
227 .BR htop (1),
228 .BR init (1),
229 .BR ps (1),
230 .BR pstree (1),
231 .BR tr (1),
232 .BR uptime (1),
233 .BR chroot (2),
234 .BR mmap (2),
235 .BR readlink (2),
236 .BR syslog (2),
237 .BR slabinfo (5),
238 .BR sysfs (5),
239 .BR hier (7),
240 .BR namespaces (7),
241 .BR time (7),
242 .BR arp (8),
243 .BR hdparm (8),
244 .BR ifconfig (8),
245 .BR lsmod (8),
246 .BR lspci (8),
247 .BR mount (8),
248 .BR netstat (8),
249 .BR procinfo (8),
250 .BR route (8),
251 .BR sysctl (8)
252 .P
253 The Linux kernel source files:
254 .IR Documentation/filesystems/proc.rst ,
255 .IR Documentation/admin\-guide/sysctl/fs.rst ,
256 .IR Documentation/admin\-guide/sysctl/kernel.rst ,
257 .IR Documentation/admin\-guide/sysctl/net.rst ,
258 and
259 .IR Documentation/admin\-guide/sysctl/vm.rst .