What is /proc filesystem for? Applications may require specific information about system state, therefore Linux kernel should share this information. It opens access to other file systems. These file systems have directories and files, so the system state information is stored in them.
So /proc is one of these file systems. It gives access to process state information and something more. The system itself and other applications use this info while working. The kernel and applications can thus communicate between. Moreover, this can be done by user using simple commands like echo >> (writing in a file) and cat (reading from the file). Thus we can change and learn the system state on the fly.
As we know, file systems (ext4, fat32, ntfs) are usually stored on disk. But in the case of /proc file system it is stored in RAM and mounts by kernel, it doesn’t require the disk. Therefore all the operations with /proc is fast and don’t load the disk.
Try this command:
ls -lh /proc ... -r--r--r-- 1 root root 0 Apr 25 08:40 filesystems -r--r--r-- 1 root root 0 Apr 25 08:40 cpuinfo -r-------- 1 root root 128T Apr 25 08:40 kcore
As we can see, almost all files have 0 filesize. This is because /proc filesystem belongs to VFS (Virtual file system). When we request a file or directory /proc creates them with actual information.
But, kcore has 128T filesize? How can it be? This is a file which maps directly to every available byte in our virtual memory. In other words it’s just max supported RAM value.
We can mount /proc to any directory
We can mount it in any separate directory (with read-only permissions, for example), it will not delete the main /proc in root:
sudo mount -o ro -t proc proc /mnt/example/
Then we can have one more proc filesystem but it’s the same as main /proc filesystem in root /.
Working with files in /proc
When we try to open a virtual file with a text editor, this file is created on the fly based on the information contained in the kernel. Using files in /proc, we can get information about the state of the kernel, processes, computer hardware, etc.
By /proc, we can see a list of currently loaded modules:
cat /proc/modules ... nouveau 2162688 4 - Live 0x0000000000000000 ext4 741376 2 - Live 0x0000000000000000 coretemp 16384 0 - Live 0x0000000000000000
Or take a look at processor information:
cat /proc/cpuinfo ... processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 23 model name : Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz stepping : 7 microcode : 0x705 cpu MHz : 2000.048 cache size : 2048 KB -----There are much more information about processor, therefore i cut it-----
In addition, there are many other useful files such as /proc/meminfo (RAM info), /proc/devices, /proc/mounts (currently mounted filesystems).
Directories of process status info
There are /proc/PID directories in /proc. It contains information about the process.
Let’s see the info about mpg123 running process. It’s audio player that I use.
First, find the process id (PID):
pidof mpg123 ... 23973
Then, for example, find where the executable file is located, it’s something like symlink:
ls -l /proc/23973/exe ... lrwxrwxrwx 1 user user_group 0 Apr 25 15:30 /proc/23973/exe -> /usr/bin/mpg123.bin
Grab a link to the current working directory:
ls -l /proc/23973/cwd ... /proc/23973/cwd -> /home/user/Music
Check memory maps to executables and library files:
cat /proc/23973/maps ... 55c31f728000-55c31f72b000 rw-p 00021000 08:02 797082 /usr/bin/mpg123.bin 7f5d5c689000-7f5d5c68a000 rw-p 0004e000 08:02 797047 /usr/lib/x86_64-linux-gnu/libmpg123.so.0.44.8 7f5d5bce1000-7f5d5bee0000 ---p 00002000 08:02 797093 /usr/lib/x86_64-linux-gnu/mpg123/output_pulse.so 7f5d5b888000-7f5d5b889000 rw-p 00083000 08:02 1317252 /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-11.1.so 7f5d58892000-7f5d58893000 rw-p 0002b000 08:02 797056 /usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.8 7f5d58893000-7f5d5889b000 r-xp 00000000 08:02 797034 /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2 7f5d58d13000-7f5d58d14000 rw-p 00077000 08:02 797036 /usr/lib/x86_64-linux-gnu/libFLAC.so.8.3.0
Show with what parameters mpg123 was launched:
cat /proc/23973/cmdline ... mpg123 -o pulse [email protected]/home/user/Music/Radio/nightbreed.m3u
It has no spaces between parameters, so I added them.
There are much more files in /proc/PID directory which is really useful. For example, there are ways to diagnose applications using only /proc/PID/syscall, /proc/PID/syscall and bash.