Learn about system and processes using /proc filesystem

What is /proc filesystem for? Applications may require specific information about system state, therefore Linux kernel should share this information. It opens access to other file systems. These file systems have directories and files, so the system state information is stored in them.

So /proc is one of these file systems. It gives access to process state information and something more. The system itself and other applications use this info while working. The kernel and applications can thus communicate between. Moreover, this can be done by user using simple commands like echo >> (writing in a file) and cat (reading from the file). Thus we can change and learn the system state on the fly.

As we know, file systems (ext4, fat32, ntfs) are usually stored on disk. But in the case of /proc file system it is stored in RAM and mounts by kernel, it doesn’t require the disk. Therefore all the operations with /proc is fast and don’t load the disk.

Try this command:

ls -lh /proc
...
-r--r--r--  1 root             root                0 Apr 25 08:40 filesystems
-r--r--r--  1 root             root                0 Apr 25 08:40 cpuinfo
-r--------  1 root             root             128T Apr 25 08:40 kcore

As we can see, almost all files have 0 filesize. This is because /proc filesystem belongs to VFS (Virtual file system). When we request a file or directory /proc creates them with actual information.

But, kcore has 128T filesize? How can it be? This is a file which maps directly to every available byte in our virtual memory. In other words it’s just max supported RAM value.

We can mount /proc to any directory

We can mount it in any separate directory (with read-only permissions, for example), it will not delete the main /proc in root:

sudo mount -o ro -t proc proc /mnt/example/

Then we can have one more proc filesystem but it’s the same as main /proc filesystem in root /.

Working with files in /proc

When we try to open a virtual file with a text editor, this file is created on the fly based on the information contained in the kernel. Using files in /proc, we can get information about the state of the kernel, processes, computer hardware, etc.

By /proc, we can see a list of currently loaded modules:

cat /proc/modules 
...
nouveau 2162688 4 - Live 0x0000000000000000
ext4 741376 2 - Live 0x0000000000000000
coretemp 16384 0 - Live 0x0000000000000000

Or take a look at processor information:

cat /proc/cpuinfo
...
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 23
model name	: Intel(R) Core(TM)2 Quad  CPU   Q8200  @ 2.33GHz
stepping	: 7
microcode	: 0x705
cpu MHz		: 2000.048
cache size	: 2048 KB
-----There are much more information about processor, therefore i cut it-----

In addition, there are many other useful files such as /proc/meminfo (RAM info), /proc/devices, /proc/mounts (currently mounted filesystems).

Directories of process status info

There are /proc/PID directories in /proc. It contains information about the process.

Let’s see the info about mpg123 running process. It’s audio player that I use.

First, find the process id (PID):

pidof mpg123
...
23973

Then, for example, find where the executable file is located, it’s something like symlink:

ls -l /proc/23973/exe
...
lrwxrwxrwx 1 user user_group 0 Apr 25 15:30 /proc/23973/exe -> /usr/bin/mpg123.bin

Grab a link to the current working directory:

ls -l /proc/23973/cwd
...
/proc/23973/cwd -> /home/user/Music

Check memory maps to executables and library files:

cat /proc/23973/maps
...
55c31f728000-55c31f72b000 rw-p 00021000 08:02 797082                     /usr/bin/mpg123.bin
7f5d5c689000-7f5d5c68a000 rw-p 0004e000 08:02 797047                     /usr/lib/x86_64-linux-gnu/libmpg123.so.0.44.8
7f5d5bce1000-7f5d5bee0000 ---p 00002000 08:02 797093                     /usr/lib/x86_64-linux-gnu/mpg123/output_pulse.so
7f5d5b888000-7f5d5b889000 rw-p 00083000 08:02 1317252                    /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-11.1.so

7f5d58892000-7f5d58893000 rw-p 0002b000 08:02 797056                     /usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.8
7f5d58893000-7f5d5889b000 r-xp 00000000 08:02 797034                     /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2
7f5d58d13000-7f5d58d14000 rw-p 00077000 08:02 797036                     /usr/lib/x86_64-linux-gnu/libFLAC.so.8.3.0

Show with what parameters mpg123 was launched:

cat /proc/23973/cmdline
...
mpg123 -o pulse [email protected]/home/user/Music/Radio/nightbreed.m3u

It has no spaces between parameters, so I added them.

There are much more files in /proc/PID directory which is really useful. For example, there are ways to diagnose applications using only /proc/PID/syscall, /proc/PID/syscall and bash.