Procfs

From Gentoo Wiki
Jump to:navigation Jump to:search
This page is a translated version of the page Procfs and the translation is 31% complete.
Outdated translations are marked like this.

procfs (process filesystem) is a virtual filesystem (i.e. it takes up no disk space) that can be used to show and change system and process information. It is generated by the kernel and mounted at /proc.

sysfs ist eine ähnliche, neuere Implementierung, die mehr und mehr Elemente von procfs ersetzt.

Installation

Kernel

Activate the following kernel options:

KERNEL Enable procfs support
File systems  --->
    Pseudo filesystems  --->
        <*> /proc file system support

Konfiguration

OpenRC

/proc is mounted by OpenRC's /lib/rc/sh/init.sh[1]:

user $mount | grep proc
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)

The init service /etc/init.d/procfs goes in runlevel boot:

user $/sbin/rc-update | grep procfs
procfs | boot

Den Zugriff auf PID-Verzeichnisse einschränken

procfs provides the hidepid mount option to restrict access to the /proc/<pid> directories by other users. This is a hardening technique that can make it more difficult for malicious local users to gather information about the processes of other users[2].

Value Description
hidepid=0 The file located in /proc/<pid>/* will be world readable. This is the default behavior.
hidepid=1 The /proc/<pid> directories are visible by all users, but users can only access the /proc/<pid> directories they own. This will protect files such as /proc/<pid>/cmdline, which may contain sensitive information.
hidepid=2 Same as hidepid=1 but the /proc/<pid> directories of other users are hidden. Since this will hide process information from all users except root, it may be useful to allow access to privileged users such as those belonging to the wheel group.

The hidepid mount option can be configured to be used automatically when mounting /proc/, for example:

DATEI /etc/fstabHiding process information from other users except those in the wheel group
proc     /proc     proc     nosuid,nodev,noexec,hidepid=2,gid=wheel     0 0

Bedienung

See the Wikipedia article for a description of each file's purpose.

Use cat to read information. For example, users can get the version of the currently running kernel with the following command:

user $cat /proc/version

Use echo to set values at runtime (if possible). For example, users can enable the Magic SysRq keys with the following command:

root #echo 1 > /proc/sys/kernel.sysrq

sysctl

Siehe auch
Sysctl usage information is available at: Sysctl

Siehe auch

Referenzen