Procfs

This page is a translated version of the page Procfs and the translation is 31% complete.

Outdated translations are marked like this.

Other languages:

Resources

procfs (process filesystem) is a virtual filesystem (i.e. it takes up no disk space) that can be used to show and change system and process information. It is generated by the kernel and mounted at /proc.

sysfs ist eine ähnliche, neuere Implementierung, die mehr und mehr Elemente von procfs ersetzt.

Installation

Kernel

Activate the following kernel options:

KERNEL Enable procfs support

File systems  --->
    Pseudo filesystems  --->
        <*> /proc file system support

Konfiguration

OpenRC

/proc is mounted by OpenRC's /lib/rc/sh/init.sh^[1]:

user $mount | grep proc

proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)

The init service /etc/init.d/procfs goes in runlevel boot:

user $/sbin/rc-update | grep procfs

procfs | boot

Den Zugriff auf PID-Verzeichnisse einschränken

procfs provides the hidepid mount option to restrict access to the /proc/<pid> directories by other users. This is a hardening technique that can make it more difficult for malicious local users to gather information about the processes of other users^[2].

Value	Description
`hidepid=0`	The file located in /proc/<pid>/* will be world readable. This is the default behavior.
`hidepid=1`	The /proc/<pid> directories are visible by all users, but users can only access the /proc/<pid> directories they own. This will protect files such as /proc/<pid>/cmdline, which may contain sensitive information.
`hidepid=2`	Same as `hidepid=1` but the /proc/<pid> directories of other users are hidden. Since this will hide process information from all users except root, it may be useful to allow access to privileged users such as those belonging to the wheel group.

The hidepid mount option can be configured to be used automatically when mounting /proc/, for example:

DATEI /etc/fstabHiding process information from other users except those in the wheel group

proc     /proc     proc     nosuid,nodev,noexec,hidepid=2,gid=wheel     0 0

Bedienung

See the Wikipedia article for a description of each file's purpose.

Use cat to read information. For example, users can get the version of the currently running kernel with the following command:

user $cat /proc/version

Use echo to set values at runtime (if possible). For example, users can enable the Magic SysRq keys with the following command:

root #echo 1 > /proc/sys/kernel.sysrq

sysctl

Siehe auch
Sysctl usage information is available at: Sysctl

Siehe auch

sysfs — a virtual filesystem (virtual means it takes up no disk space).
The proc filesystem (Security Handbook)

Referenzen

↑ Bug 406263 – Remove the two lines concerning proc and shm since they don't reflect the /etc/fstab file that is default in current state3 installation, Gentoo's Bugzilla Main Page, (Last modified) April 29th, 2012. Retrieved on October 23rd, 2015.
↑ Vasiliy Kulikov. procfs: add hidepid= and gid= mount options, Linux kernel source tree, January 10th, 2012. Retrieved on July 31st, 2015.

[bug406263-1] Bug 406263 – Remove the two lines concerning proc and shm since they don't reflect the /etc/fstab file that is default in current state3 installation, Gentoo's Bugzilla Main Page, (Last modified) April 29th, 2012. Retrieved on October 23rd, 2015.

[2] Vasiliy Kulikov. procfs: add hidepid= and gid= mount options, Linux kernel source tree, January 10th, 2012. Retrieved on July 31st, 2015.

[1]

[2]