Mount options

The proc filesystem supports the following mount options:

hidepid=n (since Linux 3.3)

This option controls who can access the information in /proc/pid directories. The argument, n, is one of the following values:

gid=gid (since Linux 3.3)

Specifies the ID of a group whose members are authorized to learn process information otherwise prohibited by hidepid (i.e., users in this group behave as though /proc was mounted with hidepid=0). This group should be used instead of approaches such as putting nonroot users into the sudoers(5) file.

Overview

Underneath /proc, there are the following general groups of files and subdirectories:

/proc/pid subdirectories

Each one of these subdirectories contains files and subdirectories exposing information about the process with the corresponding process ID.

Underneath each of the /proc/pid directories, a task subdirectory contains subdirectories of the form task/tid, which contain corresponding information about each of the threads in the process, where tid is the kernel thread ID of the thread.

The /proc/pid subdirectories are visible when iterating through /proc with getdents(2) (and thus are visible when one uses ls(1) to view the contents of /proc).

/proc/tid subdirectories

Each one of these subdirectories contains files and subdirectories exposing information about the thread with the corresponding thread ID. The contents of these directories are the same as the corresponding /proc/pid/task/tid directories.

The /proc/tid subdirectories are not visible when iterating through /proc with getdents(2) (and thus are not visible when one uses ls(1) to view the contents of /proc).

/proc/self

When a process accesses this magic symbolic link, it resolves to the process's own /proc/pid directory.

/proc/thread-self

When a thread accesses this magic symbolic link, it resolves to the process's own /proc/self/task/tid directory.

/proc/[a-z]*

Various other files and subdirectories under /proc expose system-wide information.

All of the above are described in more detail below.

Files and directories

The following list provides details of many of the files and directories under the /proc hierarchy.

/proc/pid

There is a numerical subdirectory for each running process; the subdirectory is named by the process ID. Each /proc/pid subdirectory contains the pseudo-files and directories described below.

The files inside each /proc/pid directory are normally owned by the effective user and effective group ID of the process. However, as a security measure, the ownership is made root:root if the process's "dumpable" attribute is set to a value other than 1.

Before Linux 4.11, root:root meant the "global" root user ID and group ID (i.e., UID 0 and GID 0 in the initial user namespace). Since Linux 4.11, if the process is in a noninitial user namespace that has a valid mapping for user (group) ID 0 inside the namespace, then the user (group) ownership of the files under /proc/pid is instead made the same as the root user (group) ID of the namespace. This means that inside a container, things work as expected for the container "root" user.

The process's "dumpable" attribute may change for the following reasons:

Resetting the "dumpable" attribute to 1 reverts the ownership of the /proc/pid/* files to the process's effective UID and GID. Note, however, that if the effective UID or GID is subsequently modified, then the "dumpable" attribute may be reset, as described in prctl(2). Therefore, it may be desirable to reset the "dumpable" attribute after making any desired changes to the process's effective UID or GID.

/proc/pid/attr

The files in this directory provide an API for security modules. The contents of this directory are files that can be read and written in order to set security-related attributes. This directory was added to support SELinux, but the intention was that the API be general enough to support other security modules. For the purpose of explanation, examples of how SELinux uses these files are provided below.

This directory is present only if the kernel was configured with CONFIG_SECURITY.

/proc/pid/attr/current (since Linux 2.6.0)

The contents of this file represent the current security attributes of the process.

In SELinux, this file is used to get the security context of a process. Prior to Linux 2.6.11, this file could not be used to set the security context (a write was always denied), since SELinux limited process security transitions to execve(2) (see the description of /proc/pid/attr/exec, below). Since Linux 2.6.11, SELinux lifted this restriction and began supporting "set" operations via writes to this node if authorized by policy, although use of this operation is only suitable for applications that are trusted to maintain any desired separation between the old and new security contexts.

Prior to Linux 2.6.28, SELinux did not allow threads within a multithreaded process to set their security context via this node as it would yield an inconsistency among the security contexts of the threads sharing the same memory space. Since Linux 2.6.28, SELinux lifted this restriction and began supporting "set" operations for threads within a multithreaded process if the new security context is bounded by the old security context, where the bounded relation is defined in policy and guarantees that the new security context has a subset of the permissions of the old security context.

Other security modules may choose to support "set" operations via writes to this node.

/proc/pid/attr/exec (since Linux 2.6.0)

This file represents the attributes to assign to the process upon a subsequent execve(2).

In SELinux, this is needed to support role/domain transitions, and execve(2) is the preferred point to make such transitions because it offers better control over the initialization of the process in the new security label and the inheritance of state. In SELinux, this attribute is reset on execve(2) so that the new program reverts to the default behavior for any execve(2) calls that it may make. In SELinux, a process can set only its own /proc/pid/attr/exec attribute.

/proc/pid/attr/fscreate (since Linux 2.6.0)

This file represents the attributes to assign to files created by subsequent calls to open(2), mkdir(2), symlink(2), and mknod(2)

SELinux employs this file to support creation of a file (using the aforementioned system calls) in a secure state, so that there is no risk of inappropriate access being obtained between the time of creation and the time that attributes are set. In SELinux, this attribute is reset on execve(2), so that the new program reverts to the default behavior for any file creation calls it may make, but the attribute will persist across multiple file creation calls within a program unless it is explicitly reset. In SELinux, a process can set only its own /proc/pid/attr/fscreate attribute.

/proc/pid/attr/keycreate (since Linux 2.6.18)

If a process writes a security context into this file, all subsequently created keys (add_key(2)) will be labeled with this context. For further information, see the kernel source file Documentation/security/keys/core.rst (or file Documentation/security/keys.txt between Linux 3.0 and Linux 4.13, or Documentation/keys.txt before Linux 3.0).

/proc/pid/attr/prev (since Linux 2.6.0)

This file contains the security context of the process before the last execve(2); that is, the previous value of /proc/pid/attr/current.

/proc/pid/attr/socketcreate (since Linux 2.6.18)

If a process writes a security context into this file, all subsequently created sockets will be labeled with this context.

/proc/pid/autogroup (since Linux 2.6.38)

See sched(7).

/proc/pid/auxv (since Linux 2.6.0)

This contains the contents of the ELF interpreter information passed to the process at exec time. The format is one unsigned long ID plus one unsigned long value for each entry. The last entry contains two zeros. See also getauxval(3).

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

/proc/pid/cgroup (since Linux 2.6.24)

See cgroups(7).

/proc/pid/clear_refs (since Linux 2.6.22)

This is a write-only file, writable only by owner of the process.

The following values may be written to the file:

Clearing the PG_Referenced and ACCESSED/YOUNG bits provides a method to measure approximately how much memory a process is using. One first inspects the values in the "Referenced" fields for the VMAs shown in /proc/pid/smaps to get an idea of the memory footprint of the process. One then clears the PG_Referenced and ACCESSED/YOUNG bits and, after some measured time interval, once again inspects the values in the "Referenced" fields to get an idea of the change in memory footprint of the process during the measured interval. If one is interested only in inspecting the selected mapping types, then the value 2 or 3 can be used instead of 1.

Further values can be written to affect different properties:

Writing any value to /proc/pid/clear_refs other than those listed above has no effect.

The /proc/pid/clear_refs file is present only if the CONFIG_PROC_PAGE_MONITOR kernel configuration option is enabled.

/proc/pid/cmdline

This read-only file holds the complete command line for the process, unless the process is a zombie. In the latter case, there is nothing in this file: that is, a read on this file will return 0 characters.

For processes which are still running, the command-line arguments appear in this file in the same layout as they do in process memory: If the process is well-behaved, it is a set of strings separated by null bytes ('\0'), with a further null byte after the last string.

This is the common case, but processes have the freedom to override the memory region and break assumptions about the contents or format of the /proc/pid/cmdline file.

If, after an execve(2), the process modifies its argv strings, those changes will show up here. This is not the same thing as modifying the argv array.

Furthermore, a process may change the memory location that this file refers via prctl(2) operations such as PR_SET_MM_ARG_START.

Think of this file as the command line that the process wants you to see.

/proc/pid/comm (since Linux 2.6.33)

This file exposes the process's comm value—that is, the command name associated with the process. Different threads in the same process may have different comm values, accessible via /proc/pid/task/tid/comm. A thread may modify its comm value, or that of any of other thread in the same thread group (see the discussion of CLONE_THREAD in clone(2)), by writing to the file /proc/self/task/tid/comm. Strings longer than TASK_COMM_LEN (16) characters (including the terminating null byte) are silently truncated.

This file provides a superset of the prctl(2) PR_SET_NAME and PR_GET_NAME operations, and is employed by pthread_setname_np(3) when used to rename threads other than the caller. The value in this file is used for the %e specifier in /proc/sys/kernel/core_pattern; see core(5).

/proc/pid/coredump_filter (since Linux 2.6.23)

See core(5).

/proc/pid/cpuset (since Linux 2.6.12)

See cpuset(7).

/proc/pid/cwd

This is a symbolic link to the current working directory of the process. To find out the current working directory of process 20, for instance, you can do this:

$ cd /proc/20/cwd; pwd -P
    

In a multithreaded process, the contents of this symbolic link are not available if the main thread has already terminated (typically by calling pthread_exit(3)).

Permission to dereference or read (readlink(2)) this symbolic link is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

/proc/pid/environ

This file contains the initial environment that was set when the currently executing program was started via execve(2). The entries are separated by null bytes ('\0'), and there may be a null byte at the end. Thus, to print out the environment of process 1, you would do:

$ cat /proc/1/environ | tr '\000' '\n'
    

If, after an execve(2), the process modifies its environment (e.g., by calling functions such as putenv(3) or modifying the environ(7) variable directly), this file will not reflect those changes.

Furthermore, a process may change the memory location that this file refers via prctl(2) operations such as PR_SET_MM_ENV_START.

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

/proc/pid/exe

Under Linux 2.2 and later, this file is a symbolic link containing the actual pathname of the executed command. This symbolic link can be dereferenced normally; attempting to open it will open the executable. You can even type /proc/pid/exe to run another copy of the same executable that is being run by process pid. If the pathname has been unlinked, the symbolic link will contain the string ' (deleted)' appended to the original pathname. In a multithreaded process, the contents of this symbolic link are not available if the main thread has already terminated (typically by calling pthread_exit(3)).

Permission to dereference or read (readlink(2)) this symbolic link is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

Under Linux 2.0 and earlier, /proc/pid/exe is a pointer to the binary which was executed, and appears as a symbolic link. A readlink(2) call on this file under Linux 2.0 returns a string in the format:

[device]:inode
    

For example, [0301]:1502 would be inode 1502 on device major 03 (IDE, MFM, etc. drives) minor 01 (first partition on the first drive).

find(1) with the -inum option can be used to locate the file.

/proc/pid/fd/

This is a subdirectory containing one entry for each file which the process has open, named by its file descriptor, and which is a symbolic link to the actual file. Thus, 0 is standard input, 1 standard output, 2 standard error, and so on.

For file descriptors for pipes and sockets, the entries will be symbolic links whose content is the file type with the inode. A readlink(2) call on this file returns a string in the format:

type:[inode]
    

For example, socket:[2248868] will be a socket and its inode is 2248868. For sockets, that inode can be used to find more information in one of the files under /proc/net/.

For file descriptors that have no corresponding inode (e.g., file descriptors produced by bpf(2), epoll_create(2), eventfd(2), inotify_init(2), perf_event_open(2), signalfd(2), timerfd_create(2), and userfaultfd(2)), the entry will be a symbolic link with contents of the form

anon_inode:file-type
    

In many cases (but not all), the file-type is surrounded by square brackets.

For example, an epoll file descriptor will have a symbolic link whose content is the string anon_inode:[eventpoll].

In a multithreaded process, the contents of this directory are not available if the main thread has already terminated (typically by calling pthread_exit(3)).

Programs that take a filename as a command-line argument, but don't take input from standard input if no argument is supplied, and programs that write to a file named as a command-line argument, but don't send their output to standard output if no argument is supplied, can nevertheless be made to use standard input or standard output by using /proc/pid/fd files as command-line arguments. For example, assuming that -i is the flag designating an input file and -o is the flag designating an output file:

$ foobar -i /proc/self/fd/0 -o /proc/self/fd/1 ...
    

and you have a working filter.

/proc/self/fd/N is approximately the same as /dev/fd/N in some UNIX and UNIX-like systems. Most Linux MAKEDEV scripts symbolically link /dev/fd to /proc/self/fd, in fact.

Most systems provide symbolic links /dev/stdin, /dev/stdout, and /dev/stderr, which respectively link to the files 0, 1, and 2 in /proc/self/fd. Thus the example command above could be written as:

$ foobar -i /dev/stdin -o /dev/stdout ...
    

Permission to dereference or read (readlink(2)) the symbolic links in this directory is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

Note that for file descriptors referring to inodes (pipes and sockets, see above), those inodes still have permission bits and ownership information distinct from those of the /proc/pid/fd entry, and that the owner may differ from the user and group IDs of the process. An unprivileged process may lack permissions to open them, as in this example:

$ echo test | sudo -u nobody cat
test
$ echo test | sudo -u nobody cat /proc/self/fd/0
cat: /proc/self/fd/0: Permission denied
    

File descriptor 0 refers to the pipe created by the shell and owned by that shell's user, which is not nobody, so cat does not have permission to create a new file descriptor to read from that inode, even though it can still read from its existing file descriptor 0.

/proc/pid/fdinfo/ (since Linux 2.6.22)

This is a subdirectory containing one entry for each file which the process has open, named by its file descriptor. The files in this directory are readable only by the owner of the process. The contents of each file can be read to obtain information about the corresponding file descriptor. The content depends on the type of file referred to by the corresponding file descriptor.

For regular files and directories, we see something like:

$ cat /proc/12015/fdinfo/4
pos:    1000
flags:  01002002
mnt_id: 21
    

The fields are as follows:

For eventfd file descriptors (see eventfd(2)), we see (since Linux 3.8) the following fields:

pos:	0
flags:	02
mnt_id:	10
eventfd-count:               40
    

eventfd-count is the current value of the eventfd counter, in hexadecimal.

For epoll file descriptors (see epoll(7)), we see (since Linux 3.8) the following fields:

pos:	0
flags:	02
mnt_id:	10
tfd:        9 events:       19 data: 74253d2500000009
tfd:        7 events:       19 data: 74253d2500000007
    

Each of the lines beginning tfd describes one of the file descriptors being monitored via the epoll file descriptor (see epoll_ctl(2) for some details). The tfd field is the number of the file descriptor. The events field is a hexadecimal mask of the events being monitored for this file descriptor. The data field is the data value associated with this file descriptor.

For signalfd file descriptors (see signalfd(2)), we see (since Linux 3.8) the following fields:

pos:	0
flags:	02
mnt_id:	10
sigmask:	0000000000000006
    

sigmask is the hexadecimal mask of signals that are accepted via this signalfd file descriptor. (In this example, bits 2 and 3 are set, corresponding to the signals SIGINT and SIGQUIT; see signal(7).)

For inotify file descriptors (see inotify(7)), we see (since Linux 3.8) the following fields:

pos:	0
flags:	00
mnt_id:	11
inotify wd:2 ino:7ef82a sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:2af87e00220ffd73
inotify wd:1 ino:192627 sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:27261900802dfd73
    

Each of the lines beginning with "inotify" displays information about one file or directory that is being monitored. The fields in this line are as follows:

If the kernel was built with exportfs support, the path to the target file is exposed as a file handle, via three hexadecimal fields: fhandle-bytes, fhandle-type, and f_handle.

For fanotify file descriptors (see fanotify(7)), we see (since Linux 3.8) the following fields:

pos:	0
flags:	02
mnt_id:	11
fanotify flags:0 event-flags:88002
fanotify ino:19264f sdev:800001 mflags:0 mask:1 ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:4f261900a82dfd73
    

The fourth line displays information defined when the fanotify group was created via fanotify_init(2):

Each additional line shown in the file contains information about one of the marks in the fanotify group. Most of these fields are as for inotify, except:

For details on these fields, see fanotify_mark(2).

For timerfd file descriptors (see timerfd(2)), we see (since Linux 3.17) the following fields:

pos:    0
flags:  02004002
mnt_id: 13
clockid: 0
ticks: 0
settime flags: 03
it_value: (7695568592, 640020877)
it_interval: (0, 0)
    

/proc/pid/gid_map (since Linux 3.5)

See user_namespaces(7).

/proc/pid/io (since Linux 2.6.20)

This file contains I/O statistics for the process, for example:

# cat /proc/3828/io
rchar: 323934931
wchar: 323929600
syscr: 632687
syscw: 632675
read_bytes: 0
write_bytes: 323932160
cancelled_write_bytes: 0
    

The fields are as follows:

Note: In the current implementation, things are a bit racy on 32-bit systems: if process A reads process B's /proc/pid/io while process B is updating one of these 64-bit counters, process A could see an intermediate result.

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

/proc/pid/limits (since Linux 2.6.24)

This file displays the soft limit, hard limit, and units of measurement for each of the process's resource limits (see getrlimit(2)). Up to and including Linux 2.6.35, this file is protected to allow reading only by the real UID of the process. Since Linux 2.6.36, this file is readable by all users on the system.

/proc/pid/map_files/ (since Linux 3.3)

This subdirectory contains entries corresponding to memory-mapped files (see mmap(2)). Entries are named by memory region start and end address pair (expressed as hexadecimal numbers), and are symbolic links to the mapped files themselves. Here is an example, with the output wrapped and reformatted to fit on an 80-column display:

# ls -l /proc/self/map_files/
lr--------. 1 root root 64 Apr 16 21:31


            3252e00000-3252e20000 -> /usr/lib64/ld-2.15.so
...
    

Although these entries are present for memory regions that were mapped with the MAP_FILE flag, the way anonymous shared memory (regions created with the MAP_ANON | MAP_SHARED flags) is implemented in Linux means that such regions also appear on this directory. Here is an example where the target file is the deleted /dev/zero one:

lrw-------. 1 root root 64 Apr 16 21:33


            7fc075d2f000-7fc075e6f000 -> /dev/zero (deleted)
    

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

Until Linux 4.3, this directory appeared only if the CONFIG_CHECKPOINT_RESTORE kernel configuration option was enabled.

Capabilities are required to read the contents of the symbolic links in this directory: before Linux 5.9, the reading process requires CAP_SYS_ADMIN in the initial user namespace; since Linux 5.9, the reading process must have either CAP_SYS_ADMIN or CAP_CHECKPOINT_RESTORE in the initial (i.e. root) user namespace.

/proc/pid/maps

A file containing the currently mapped memory regions and their access permissions. See mmap(2) for some further information about memory mappings.

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

The format of the file is:

address           perms offset  dev   inode       pathname
00400000-00452000 r-xp 00000000 08:02 173521      /usr/bin/dbus-daemon
00651000-00652000 r--p 00051000 08:02 173521      /usr/bin/dbus-daemon
00652000-00655000 rw-p 00052000 08:02 173521      /usr/bin/dbus-daemon
00e03000-00e24000 rw-p 00000000 00:00 0           [heap]
00e24000-011f7000 rw-p 00000000 00:00 0           [heap]
...
35b1800000-35b1820000 r-xp 00000000 08:02 135522  /usr/lib64/ld-2.15.so
35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522  /usr/lib64/ld-2.15.so
35b1a20000-35b1a21000 rw-p 00020000 08:02 135522  /usr/lib64/ld-2.15.so
35b1a21000-35b1a22000 rw-p 00000000 00:00 0
35b1c00000-35b1dac000 r-xp 00000000 08:02 135870  /usr/lib64/libc-2.15.so
35b1dac000-35b1fac000 ---p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870  /usr/lib64/libc-2.15.so
...
f2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0    [stack:986]
...
7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0   [stack]
7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0   [vdso]
    

The address field is the address space in the process that the mapping occupies. The perms field is a set of permissions:

r = read
w = write
x = execute
s = shared
p = private (copy on write)
    

The offset field is the offset into the file/whatever; dev is the device (major:minor); inode is the inode on that device. 0 indicates that no inode is associated with the memory region, as would be the case with BSS (uninitialized data).

The pathname field will usually be the file that is backing the mapping. For ELF files, you can easily coordinate with the offset field by looking at the Offset field in the ELF program headers (readelf -l).

There are additional helpful pseudo-paths:

If the pathname field is blank, this is an anonymous mapping as obtained via mmap(2). There is no easy way to coordinate this back to a process's source, short of running it through gdb(1), strace(1), or similar.

pathname is shown unescaped except for newline characters, which are replaced with an octal escape sequence. As a result, it is not possible to determine whether the original pathname contained a newline character or the literal \012 character sequence.

If the mapping is file-backed and the file has been deleted, the string " (deleted)" is appended to the pathname. Note that this is ambiguous too.

Under Linux 2.0, there is no field giving pathname.

/proc/pid/mem

This file can be used to access the pages of a process's memory through open(2), read(2), and lseek(2).

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).

/proc/pid/mountinfo (since Linux 2.6.26)

This file contains information about mounts in the process's mount namespace (see mount_namespaces(7)). It supplies various information (e.g., propagation state, root of mount for bind mounts, identifier for each mount and its parent) that is missing from the (older) /proc/pid/mounts file, and fixes various other problems with that file (e.g., nonextensibility, failure to distinguish per-mount versus per-superblock options).

The file contains lines of the form:

36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
(1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
    

The numbers in parentheses are labels for the descriptions below:

Currently, the possible optional fields are shared, master, propagate_from, and unbindable. See mount_namespaces(7) for a description of these fields. Parsers should ignore all unrecognized optional fields.

For more information on mount propagation see Documentation/filesystems/sharedsubtree.rst (or Documentation/filesystems/sharedsubtree.txt before Linux 5.8) in the Linux kernel source tree.

/proc/pid/mounts (since Linux 2.4.19)

This file lists all the filesystems currently mounted in the process's mount namespace (see mount_namespaces(7)). The format of this file is documented in fstab(5).

Since Linux 2.6.15, this file is pollable: after opening the file for reading, a change in this file (i.e., a filesystem mount or unmount) causes select(2) to mark the file descriptor as having an exceptional condition, and poll(2) and epoll_wait(2) mark the file as having a priority event (POLLPRI). (Before Linux 2.6.30, a change in this file was indicated by the file descriptor being marked as readable for select(2), and being marked as having an error condition for poll(2) and epoll_wait(2).)

/proc/pid/mountstats (since Linux 2.6.17)

This file exports information (statistics, configuration information) about the mounts in the process's mount namespace (see mount_namespaces(7)). Lines in this file have the form:

device /dev/sda7 mounted on /home with fstype ext3 [stats]
(       1      )            ( 2 )             (3 ) (  4  )
    

The fields in each line are:

This file is readable only by the owner of the process.

/proc/pid/net (since Linux 2.6.25)

See the description of /proc/net.

/proc/pid/ns/ (since Linux 3.0)

This is a subdirectory containing one entry for each namespace that supports being manipulated by setns(2). For more information, see namespaces(7).

/proc/pid/numa_maps (since Linux 2.6.14)

See numa(7).

/proc/pid/oom_adj (since Linux 2.6.11)

This file can be used to adjust the score used to select which process should be killed in an out-of-memory (OOM) situation. The kernel uses this value for a bit-shift operation of the process's oom_score value: valid values are in the range -16 to +15, plus the special value -17, which disables OOM-killing altogether for this process. A positive score increases the likelihood of this process being killed by the OOM-killer; a negative score decreases the likelihood.

The default value for this file is 0; a new process inherits its parent's oom_adj setting. A process must be privileged (CAP_SYS_RESOURCE) to update this file, although a process can always increase its own oom_adj setting (since Linux 2.6.20).

Since Linux 2.6.36, use of this file is deprecated in favor of /proc/pid/oom_score_adj, and finally removed in Linux 3.7.

/proc/pid/oom_score (since Linux 2.6.11)

This file displays the current score that the kernel gives to this process for the purpose of selecting a process for the OOM-killer. A higher score means that the process is more likely to be selected by the OOM-killer. The basis for this score is the amount of memory used by the process, with increases (+) or decreases (-) for factors including:

Before Linux 2.6.36 the following factors were also used in the calculation of oom_score:

The oom_score also reflects the adjustment specified by the oom_score_adj or oom_adj setting for the process.

/proc/pid/oom_score_adj (since Linux 2.6.36)

This file can be used to adjust the badness heuristic used to select which process gets killed in out-of-memory conditions.

The badness heuristic assigns a value to each candidate task ranging from 0 (never kill) to 1000 (always kill) to determine which process is targeted. The units are roughly a proportion along that range of allowed memory the process may allocate from, based on an estimation of its current memory and swap use. For example, if a task is using all allowed memory, its badness score will be 1000. If it is using half of its allowed memory, its score will be 500.

There is an additional factor included in the badness score: root processes are given 3% extra memory over other tasks.

The amount of "allowed" memory depends on the context in which the OOM-killer was called. If it is due to the memory assigned to the allocating task's cpuset being exhausted, the allowed memory represents the set of mems assigned to that cpuset (see cpuset(7)). If it is due to a mempolicy's node(s) being exhausted, the allowed memory represents the set of mempolicy nodes. If it is due to a memory limit (or swap limit) being reached, the allowed memory is that configured limit. Finally, if it is due to the entire system being out of memory, the allowed memory represents all allocatable resources.

The value of oom_score_adj is added to the badness score before it is used to determine which task to kill. Acceptable values range from -1000 (OOM_SCORE_ADJ_MIN) to +1000 (OOM_SCORE_ADJ_MAX). This allows user space to control the preference for OOM-killing, ranging from always preferring a certain task or completely disabling it from OOM-killing. The lowest possible value, -1000, is equivalent to disabling OOM-killing entirely for that task, since it will always report a badness score of 0.

Consequently, it is very simple for user space to define the amount of memory to consider for each task. Setting an oom_score_adj value of +500, for example, is roughly equivalent to allowing the remainder of tasks sharing the same system, cpuset, mempolicy, or memory controller resources to use at least 50% more memory. A value of -500, on the other hand, would be roughly equivalent to discounting 50% of the task's allowed memory from being considered as scoring against the task.

For backward compatibility with previous kernels, /proc/pid/oom_adj can still be used to tune the badness score. Its value is scaled linearly with oom_score_adj.

Writing to /proc/pid/oom_score_adj or /proc/pid/oom_adj will change the other with its scaled value.

The choom(1) program provides a command-line interface for adjusting the oom_score_adj value of a running process or a newly executed command.

/proc/pid/pagemap (since Linux 2.6.25)

This file shows the mapping of each of the process's virtual pages into physical page frames or swap area. It contains one 64-bit value for each virtual page, with the bits set as follows:

Before Linux 3.11, bits 60–55 were used to encode the base-2 log of the page size.

To employ /proc/pid/pagemap efficiently, use /proc/pid/maps to determine which areas of memory are actually mapped and seek to skip over unmapped regions.

The /proc/pid/pagemap file is present only if the CONFIG_PROC_PAGE_MONITOR kernel configuration option is enabled.

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

/proc/pid/personality (since Linux 2.6.28)

This read-only file exposes the process's execution domain, as set by personality(2). The value is displayed in hexadecimal notation.

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).

/proc/pid/root

UNIX and Linux support the idea of a per-process root of the filesystem, set by the chroot(2) system call. This file is a symbolic link that points to the process's root directory, and behaves in the same way as exe, and fd/*.

Note however that this file is not merely a symbolic link. It provides the same view of the filesystem (including namespaces and the set of per-process mounts) as the process itself. An example illustrates this point. In one terminal, we start a shell in new user and mount namespaces, and in that shell we create some new mounts:

$ PS1='sh1# ' unshare -Urnm
sh1# mount -t tmpfs tmpfs /etc  # Mount empty tmpfs at /etc
sh1# mount --bind /usr /dev     # Mount /usr at /dev
sh1# echo $$
27123
    

In a second terminal window, in the initial mount namespace, we look at the contents of the corresponding mounts in the initial and new namespaces:

$ PS1='sh2# ' sudo sh
sh2# ls /etc | wc -l                  # In initial NS
309
sh2# ls /proc/27123/root/etc | wc -l  # /etc in other NS
0                                     # The empty tmpfs dir
sh2# ls /dev | wc -l                  # In initial NS
205
sh2# ls /proc/27123/root/dev | wc -l  # /dev in other NS
11                                    # Actually bind


                                      # mounted to /usr
sh2# ls /usr | wc -l                  # /usr in initial NS
11
    

In a multithreaded process, the contents of the /proc/pid/root symbolic link are not available if the main thread has already terminated (typically by calling pthread_exit(3)).

Permission to dereference or read (readlink(2)) this symbolic link is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

/proc/pid/projid_map (since Linux 3.7)

See user_namespaces(7).

/proc/pid/seccomp (Linux 2.6.12 to Linux 2.6.22)

This file can be used to read and change the process's secure computing (seccomp) mode setting. It contains the value 0 if the process is not in seccomp mode, and 1 if the process is in strict seccomp mode (see seccomp(2)). Writing 1 to this file places the process irreversibly in strict seccomp mode. (Further attempts to write to the file fail with the EPERM error.)

In Linux 2.6.23, this file went away, to be replaced by the prctl(2) PR_GET_SECCOMP and PR_SET_SECCOMP operations (and later by seccomp(2) and the Seccomp field in /proc/pid/status).

/proc/pid/setgroups (since Linux 3.19)

See user_namespaces(7).

/proc/pid/smaps (since Linux 2.6.14)

This file shows memory consumption for each of the process's mappings. (The pmap(1) command displays similar information, in a form that may be easier for parsing.) For each mapping there is a series of lines such as the following:

00400000-0048a000 r-xp 00000000 fd:03 960637       /bin/bash
Size:                552 kB
Rss:                 460 kB
Pss:                 100 kB
Shared_Clean:        452 kB
Shared_Dirty:          0 kB
Private_Clean:         8 kB
Private_Dirty:         0 kB
Referenced:          460 kB
Anonymous:             0 kB
AnonHugePages:         0 kB
ShmemHugePages:        0 kB
ShmemPmdMapped:        0 kB
Swap:                  0 kB
KernelPageSize:        4 kB
MMUPageSize:           4 kB
Locked:                0 kB
ProtectionKey:         0
VmFlags: rd ex mr mw me dw
    

The first of these lines shows the same information as is displayed for the mapping in /proc/pid/maps. The following lines show the size of the mapping, the amount of the mapping that is currently resident in RAM ("Rss"), the process's proportional share of this mapping ("Pss"), the number of clean and dirty shared pages in the mapping, and the number of clean and dirty private pages in the mapping. "Referenced" indicates the amount of memory currently marked as referenced or accessed. "Anonymous" shows the amount of memory that does not belong to any file. "Swap" shows how much would-be-anonymous memory is also used, but out on swap.

The "KernelPageSize" line (available since Linux 2.6.29) is the page size used by the kernel to back the virtual memory area. This matches the size used by the MMU in the majority of cases. However, one counter-example occurs on PPC64 kernels whereby a kernel using 64 kB as a base page size may still use 4 kB pages for the MMU on older processors. To distinguish the two attributes, the "MMUPageSize" line (also available since Linux 2.6.29) reports the page size used by the MMU.

The "Locked" indicates whether the mapping is locked in memory or not.

The "ProtectionKey" line (available since Linux 4.9, on x86 only) contains the memory protection key (see pkeys(7)) associated with the virtual memory area. This entry is present only if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS configuration option (since Linux 4.6).

The "VmFlags" line (available since Linux 3.8) represents the kernel flags associated with the virtual memory area, encoded using the following two-letter codes:

The /proc/pid/smaps file is present only if the CONFIG_PROC_PAGE_MONITOR kernel configuration option is enabled.

/proc/pid/stack (since Linux 2.6.29)

This file provides a symbolic trace of the function calls in this process's kernel stack. This file is provided only if the kernel was built with the CONFIG_STACKTRACE configuration option.

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).

/proc/pid/stat

Status information about the process. This is used by ps(1). It is defined in the kernel source file fs/proc/array.c.

The fields, in order, with their proper scanf(3) format specifiers, are listed below. Whether or not certain of these fields display valid information is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT check (refer to ptrace(2)). If the check denies access, then the field value is displayed as 0. The affected fields are indicated with the marking [PT].

/proc/pid/statm

Provides information about memory usage, measured in pages. The columns are:

size       (1) total program size


           (same as VmSize in /proc/pid/status)
resident   (2) resident set size


           (inaccurate; same as VmRSS in /proc/pid/status)
shared     (3) number of resident shared pages


           (i.e., backed by a file)


           (inaccurate; same as RssFile+RssShmem in


           /proc/pid/status)
text       (4) text (code)
lib        (5) library (unused since Linux 2.6; always 0)
data       (6) data + stack
dt         (7) dirty pages (unused since Linux 2.6; always 0)
    

Some of these values are inaccurate because of a kernel-internal scalability optimization. If accurate values are required, use /proc/pid/smaps or /proc/pid/smaps_rollup instead, which are much slower but provide accurate, detailed information.

/proc/pid/status

Provides much of the information in /proc/pid/stat and /proc/pid/statm in a format that's easier for humans to parse. Here's an example:

$ cat /proc/$$/status
Name:   bash
Umask:  0022
State:  S (sleeping)
Tgid:   17248
Ngid:   0
Pid:    17248
PPid:   17200
TracerPid:      0
Uid:    1000    1000    1000    1000
Gid:    100     100     100     100
FDSize: 256
Groups: 16 33 100
NStgid: 17248
NSpid:  17248
NSpgid: 17248
NSsid:  17200
VmPeak:	  131168 kB
VmSize:	  131168 kB
VmLck:	       0 kB
VmPin:	       0 kB
VmHWM:	   13484 kB
VmRSS:	   13484 kB
RssAnon:	   10264 kB
RssFile:	    3220 kB
RssShmem:	       0 kB
VmData:	   10332 kB
VmStk:	     136 kB
VmExe:	     992 kB
VmLib:	    2104 kB
VmPTE:	      76 kB
VmPMD:	      12 kB
VmSwap:	       0 kB
HugetlbPages:          0 kB		# 4.4
CoreDumping:	0                       # 4.15
Threads:        1
SigQ:   0/3067
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000010000
SigIgn: 0000000000384004
SigCgt: 000000004b813efb
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: ffffffffffffffff
CapAmb:	0000000000000000
NoNewPrivs:     0
Seccomp:        0
Speculation_Store_Bypass:       vulnerable
Cpus_allowed:   00000001
Cpus_allowed_list:      0
Mems_allowed:   1
Mems_allowed_list:      0
voluntary_ctxt_switches:        150
nonvoluntary_ctxt_switches:     545
    

The fields are as follows:

/proc/pid/syscall (since Linux 2.6.27)

This file exposes the system call number and argument registers for the system call currently being executed by the process, followed by the values of the stack pointer and program counter registers. The values of all six argument registers are exposed, although most system calls use fewer registers.

If the process is blocked, but not in a system call, then the file displays -1 in place of the system call number, followed by just the values of the stack pointer and program counter. If process is not blocked, then the file contains just the string "running".

This file is present only if the kernel was configured with CONFIG_HAVE_ARCH_TRACEHOOK.

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).

/proc/pid/task (since Linux 2.6.0)

This is a directory that contains one subdirectory for each thread in the process. The name of each subdirectory is the numerical thread ID (tid) of the thread (see gettid(2)).

Within each of these subdirectories, there is a set of files with the same names and contents as under the /proc/pid directories. For attributes that are shared by all threads, the contents for each of the files under the task/tid subdirectories will be the same as in the corresponding file in the parent /proc/pid directory (e.g., in a multithreaded process, all of the task/tid/cwd files will have the same value as the /proc/pid/cwd file in the parent directory, since all of the threads in a process share a working directory). For attributes that are distinct for each thread, the corresponding files under task/tid may have different values (e.g., various fields in each of the task/tid/status files may be different for each thread), or they might not exist in /proc/pid at all.

In a multithreaded process, the contents of the /proc/pid/task directory are not available if the main thread has already terminated (typically by calling pthread_exit(3)).

/proc/pid/task/tid/children (since Linux 3.5)

A space-separated list of child tasks of this task. Each child task is represented by its TID.

This option is intended for use by the checkpoint-restore (CRIU) system, and reliably provides a list of children only if all of the child processes are stopped or frozen. It does not work properly if children of the target task exit while the file is being read! Exiting children may cause non-exiting children to be omitted from the list. This makes this interface even more unreliable than classic PID-based approaches if the inspected task and its children aren't frozen, and most code should probably not use this interface.

Until Linux 4.2, the presence of this file was governed by the CONFIG_CHECKPOINT_RESTORE kernel configuration option. Since Linux 4.2, it is governed by the CONFIG_PROC_CHILDREN option.

/proc/pid/timers (since Linux 3.10)

A list of the POSIX timers for this process. Each timer is listed with a line that starts with the string "ID:". For example:

ID: 1
signal: 60/00007fff86e452a8
notify: signal/pid.2634
ClockID: 0
ID: 0
signal: 60/00007fff86e452a8
notify: signal/pid.2634
ClockID: 1
    

The lines shown for each timer have the following meanings:

This file is available only when the kernel was configured with CONFIG_CHECKPOINT_RESTORE.

/proc/pid/timerslack_ns (since Linux 4.6)

This file exposes the process's "current" timer slack value, expressed in nanoseconds. The file is writable, allowing the process's timer slack value to be changed. Writing 0 to this file resets the "current" timer slack to the "default" timer slack value. For further details, see the discussion of PR_SET_TIMERSLACK in prctl(2).

Initially, permission to access this file was governed by a ptrace access mode PTRACE_MODE_ATTACH_FSCREDS check (see ptrace(2)). However, this was subsequently deemed too strict a requirement (and had the side effect that requiring a process to have the CAP_SYS_PTRACE capability would also allow it to view and change any process's memory). Therefore, since Linux 4.9, only the (weaker) CAP_SYS_NICE capability is required to access this file.

/proc/pid/uid_map (since Linux 3.5)

See user_namespaces(7).

/proc/pid/wchan (since Linux 2.6.0)

The symbolic name corresponding to the location in the kernel where the process is sleeping.

Permission to access this file is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

/proc/tid

There is a numerical subdirectory for each running thread that is not a thread group leader (i.e., a thread whose thread ID is not the same as its process ID); the subdirectory is named by the thread ID. Each one of these subdirectories contains files and subdirectories exposing information about the thread with the thread ID tid. The contents of these directories are the same as the corresponding /proc/pid/task/tid directories.

The /proc/tid subdirectories are not visible when iterating through /proc with getdents(2) (and thus are not visible when one uses ls(1) to view the contents of /proc). However, the pathnames of these directories are visible to (i.e., usable as arguments in) system calls that operate on pathnames.

/proc/apm

Advanced power management version and battery information when CONFIG_APM is defined at kernel compilation time.

/proc/buddyinfo

This file contains information which is used for diagnosing memory fragmentation issues. Each line starts with the identification of the node and the name of the zone which together identify a memory region. This is then followed by the count of available chunks of a certain order in which these zones are split. The size in bytes of a certain order is given by the formula:

(2^order) * PAGE_SIZE
    

The binary buddy allocator algorithm inside the kernel will split one chunk into two chunks of a smaller order (thus with half the size) or combine two contiguous chunks into one larger chunk of a higher order (thus with double the size) to satisfy allocation requests and to counter memory fragmentation. The order matches the column number, when starting to count at zero.

For example on an x86-64 system:

Node 0, zone     DMA     1    1    1    0    2    1    1    0    1    1    3
Node 0, zone   DMA32    65   47    4   81   52   28   13   10    5    1  404
Node 0, zone  Normal   216   55  189  101   84   38   37   27    5    3  587

In this example, there is one node containing three zones and there are 11 different chunk sizes. If the page size is 4 kilobytes, then the first zone called DMA (on x86 the first 16 megabyte of memory) has 1 chunk of 4 kilobytes (order 0) available and has 3 chunks of 4 megabytes (order 10) available.

If the memory is heavily fragmented, the counters for higher order chunks will be zero and allocation of large contiguous areas will fail.

Further information about the zones can be found in /proc/zoneinfo.

/proc/bus

Contains subdirectories for installed buses.

/proc/bus/pccard

Subdirectory for PCMCIA devices when CONFIG_PCMCIA is set at kernel compilation time.

/proc/bus/pccard/drivers

/proc/bus/pci

Contains various bus subdirectories and pseudo-files containing information about PCI buses, installed devices, and device drivers. Some of these files are not ASCII.

/proc/bus/pci/devices

Information about PCI devices. They may be accessed through lspci(8) and setpci(8).

/proc/cgroups (since Linux 2.6.24)

See cgroups(7).

/proc/cmdline

Arguments passed to the Linux kernel at boot time. Often done via a boot manager such as lilo(8) or grub(8). Any arguments embedded in the kernel image or initramfs via CONFIG_BOOT_CONFIG will also be displayed.

/proc/config.gz (since Linux 2.6)

This file exposes the configuration options that were used to build the currently running kernel, in the same format as they would be shown in the .config file that resulted when configuring the kernel (using make xconfig, make config, or similar). The file contents are compressed; view or search them using zcat(1) and zgrep(1). As long as no changes have been made to the following file, the contents of /proc/config.gz are the same as those provided by:

cat /lib/modules/$(uname -r)/build/.config
    

/proc/config.gz is provided only if the kernel is configured with CONFIG_IKCONFIG_PROC.

/proc/crypto

A list of the ciphers provided by the kernel crypto API. For details, see the kernel Linux Kernel Crypto API documentation available under the kernel source directory Documentation/crypto/ (or Documentation/DocBook before Linux 4.10; the documentation can be built using a command such as make htmldocs in the root directory of the kernel source tree).

/proc/cpuinfo

This is a collection of CPU and system architecture dependent items, for each supported architecture a different list. Two common entries are processor which gives CPU number and bogomips; a system constant that is calculated during kernel initialization. SMP machines have information for each CPU. The lscpu(1) command gathers its information from this file.

/proc/devices

Text listing of major numbers and device groups. This can be used by MAKEDEV scripts for consistency with the kernel.

/proc/diskstats (since Linux 2.5.69)

This file contains disk I/O statistics for each disk device. See the Linux kernel source file Documentation/admin-guide/iostats.rst (or Documentation/iostats.txt before Linux 5.3) for further information.

/proc/dma

This is a list of the registered ISA DMA (direct memory access) channels in use.

/proc/driver

Empty subdirectory.

/proc/execdomains

Used to list ABI personalities before Linux 4.1; now contains a constant string for userspace compatibility.

/proc/fb

Frame buffer information when CONFIG_FB is defined during kernel compilation.

/proc/filesystems

A text listing of the filesystems which are supported by the kernel, namely filesystems which were compiled into the kernel or whose kernel modules are currently loaded. (See also filesystems(5).) If a filesystem is marked with "nodev", this means that it does not require a block device to be mounted (e.g., virtual filesystem, network filesystem).

Incidentally, this file may be used by mount(8) when no filesystem is specified and it didn't manage to determine the filesystem type. Then filesystems contained in this file are tried (excepted those that are marked with "nodev").

/proc/fs

Contains subdirectories that in turn contain files with information about (certain) mounted filesystems.

/proc/ide

This directory exists on systems with the IDE bus. There are directories for each IDE channel and attached device. Files include:

cache              buffer size in KB
capacity           number of sectors
driver             driver version
geometry           physical and logical geometry
identify           in hexadecimal
media              media type
model              manufacturer's model number
settings           drive settings
smart_thresholds   IDE disk management thresholds (in hex)
smart_values       IDE disk management values (in hex)
    

The hdparm(8) utility provides access to this information in a friendly format.

/proc/interrupts

This is used to record the number of interrupts per CPU per IO device. Since Linux 2.6.24, for the i386 and x86-64 architectures, at least, this also includes interrupts internal to the system (that is, not associated with a device as such), such as NMI (nonmaskable interrupt), LOC (local timer interrupt), and for SMP systems, TLB (TLB flush interrupt), RES (rescheduling interrupt), CAL (remote function call interrupt), and possibly others. Very easy to read formatting, done in ASCII.

/proc/iomem

I/O memory map in Linux 2.4.

/proc/ioports

This is a list of currently registered Input-Output port regions that are in use.

/proc/kallsyms (since Linux 2.5.71)

This holds the kernel exported symbol definitions used by the modules(X) tools to dynamically link and bind loadable modules. In Linux 2.5.47 and earlier, a similar file with slightly different syntax was named ksyms.

/proc/kcore

This file represents the physical memory of the system and is stored in the ELF core file format. With this pseudo-file, and an unstripped kernel (/usr/src/linux/vmlinux) binary, GDB can be used to examine the current state of any kernel data structures.

The total length of the file is the size of physical memory (RAM) plus 4 KiB.

/proc/keys (since Linux 2.6.10)

See keyrings(7).

/proc/key-users (since Linux 2.6.10)

See keyrings(7).

/proc/kmsg

This file can be used instead of the syslog(2) system call to read kernel messages. A process must have superuser privileges to read this file, and only one process should read this file. This file should not be read if a syslog process is running which uses the syslog(2) system call facility to log kernel messages.

Information in this file is retrieved with the dmesg(1) program.

/proc/kpagecgroup (since Linux 4.3)

This file contains a 64-bit inode number of the memory cgroup each page is charged to, indexed by page frame number (see the discussion of /proc/pid/pagemap).

The /proc/kpagecgroup file is present only if the CONFIG_MEMCG kernel configuration option is enabled.

/proc/kpagecount (since Linux 2.6.25)

This file contains a 64-bit count of the number of times each physical page frame is mapped, indexed by page frame number (see the discussion of /proc/pid/pagemap).

The /proc/kpagecount file is present only if the CONFIG_PROC_PAGE_MONITOR kernel configuration option is enabled.

/proc/kpageflags (since Linux 2.6.25)

This file contains 64-bit masks corresponding to each physical page frame; it is indexed by page frame number (see the discussion of /proc/pid/pagemap). The bits are as follows:

For further details on the meanings of these bits, see the kernel source file Documentation/admin-guide/mm/pagemap.rst. Before Linux 2.6.29, KPF_WRITEBACK, KPF_RECLAIM, KPF_BUDDY, and KPF_LOCKED did not report correctly.

The /proc/kpageflags file is present only if the CONFIG_PROC_PAGE_MONITOR kernel configuration option is enabled.

/proc/ksyms (Linux 1.1.23–2.5.47)

See /proc/kallsyms.

/proc/loadavg

The first three fields in this file are load average figures giving the number of jobs in the run queue (state R) or waiting for disk I/O (state D) averaged over 1, 5, and 15 minutes. They are the same as the load average numbers given by uptime(1) and other programs. The fourth field consists of two numbers separated by a slash (/). The first of these is the number of currently runnable kernel scheduling entities (processes, threads). The value after the slash is the number of kernel scheduling entities that currently exist on the system. The fifth field is the PID of the process that was most recently created on the system.

/proc/locks

This file shows current file locks (flock(2) and fcntl(2)) and leases (fcntl(2)).

An example of the content shown in this file is the following:

1: POSIX  ADVISORY  READ  5433 08:01:7864448 128 128
2: FLOCK  ADVISORY  WRITE 2001 08:01:7864554 0 EOF
3: FLOCK  ADVISORY  WRITE 1568 00:2f:32388 0 EOF
4: POSIX  ADVISORY  WRITE 699 00:16:28457 0 EOF
5: POSIX  ADVISORY  WRITE 764 00:16:21448 0 0
6: POSIX  ADVISORY  READ  3548 08:01:7867240 1 1
7: POSIX  ADVISORY  READ  3548 08:01:7865567 1826 2335
8: OFDLCK ADVISORY  WRITE -1 08:01:8713209 128 191
    

The fields shown in each line are as follows:

Since Linux 4.9, the list of locks shown in /proc/locks is filtered to show just the locks for the processes in the PID namespace (see pid_namespaces(7)) for which the /proc filesystem was mounted. (In the initial PID namespace, there is no filtering of the records shown in this file.)

The lslocks(8) command provides a bit more information about each lock.

/proc/malloc (only up to and including Linux 2.2)

This file is present only if CONFIG_DEBUG_MALLOC was defined during compilation.

/proc/meminfo

This file reports statistics about memory usage on the system. It is used by free(1) to report the amount of free and used memory (both physical and swap) on the system as well as the shared memory and buffers used by the kernel. Each line of the file consists of a parameter name, followed by a colon, the value of the parameter, and an option unit of measurement (e.g., "kB"). The list below describes the parameter names and the format specifier required to read the field value. Except as noted below, all of the fields have been present since at least Linux 2.6.0. Some fields are displayed only if the kernel was configured with various options; those dependencies are noted in the list.

/proc/modules

A text list of the modules that have been loaded by the system. See also lsmod(8).

/proc/mounts

Before Linux 2.4.19, this file was a list of all the filesystems currently mounted on the system. With the introduction of per-process mount namespaces in Linux 2.4.19 (see mount_namespaces(7)), this file became a link to /proc/self/mounts, which lists the mounts of the process's own mount namespace. The format of this file is documented in fstab(5).

/proc/mtrr

Memory Type Range Registers. See the Linux kernel source file Documentation/x86/mtrr.rst (or Documentation/x86/mtrr.txt before Linux 5.2, or Documentation/mtrr.txt before Linux 2.6.28) for details.

/proc/net

This directory contains various files and subdirectories containing information about the networking layer. The files contain ASCII structures and are, therefore, readable with cat(1). However, the standard netstat(8) suite provides much cleaner access to these files.

With the advent of network namespaces, various information relating to the network stack is virtualized (see network_namespaces(7)). Thus, since Linux 2.6.25, /proc/net is a symbolic link to the directory /proc/self/net, which contains the same files and directories as listed below. However, these files and directories now expose information for the network namespace of which the process is a member.

/proc/net/arp

This holds an ASCII readable dump of the kernel ARP table used for address resolutions. It will show both dynamically learned and preprogrammed ARP entries. The format is:

IP address     HW type   Flags     HW address          Mask   Device
192.168.0.50   0x1       0x2       00:50:BF:25:68:F3   *      eth0
192.168.0.250  0x1       0xc       00:00:00:00:00:00   *      eth0
    

Here "IP address" is the IPv4 address of the machine and the "HW type" is the hardware type of the address from RFC 826. The flags are the internal flags of the ARP structure (as defined in /usr/include/linux/if_arp.h) and the "HW address" is the data link layer mapping for that IP address if it is known.

/proc/net/dev

The dev pseudo-file contains network device status information. This gives the number of received and sent packets, the number of errors and collisions and other basic statistics. These are used by the ifconfig(8) program to report device status. The format is:

Inter-|   Receive                                                |  Transmit


 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed


    lo: 2776770   11307    0    0    0     0          0         0  2776770   11307    0    0    0     0       0          0


  eth0: 1215645    2751    0    0    0     0          0         0  1782404    4324    0    0    0   427       0          0


  ppp0: 1622270    5552    1    0    0     0          0         0   354130    5669    0    0    0     0       0          0


  tap0:    7714      81    0    0    0     0          0         0     7714      81    0    0    0     0       0          0
    

/proc/net/dev_mcast

Defined in /usr/src/linux/net/core/dev_mcast.c:

indx interface_name  dmi_u dmi_g dmi_address
2    eth0            1     0     01005e000001
3    eth1            1     0     01005e000001
4    eth2            1     0     01005e000001
    

/proc/net/igmp

Internet Group Management Protocol. Defined in /usr/src/linux/net/core/igmp.c.

/proc/net/rarp

This file uses the same format as the arp file and contains the current reverse mapping database used to provide rarp(8) reverse address lookup services. If RARP is not configured into the kernel, this file will not be present.

/proc/net/raw

Holds a dump of the RAW socket table. Much of the information is not of use apart from debugging. The "sl" value is the kernel hash slot for the socket, the "local_address" is the local address and protocol number pair. "St" is the internal status of the socket. The "tx_queue" and "rx_queue" are the outgoing and incoming data queue in terms of kernel memory usage. The "tr", "tm->when", and "rexmits" fields are not used by RAW. The "uid" field holds the effective UID of the creator of the socket.

/proc/net/snmp

This file holds the ASCII data needed for the IP, ICMP, TCP, and UDP management information bases for an SNMP agent.

/proc/net/tcp

Holds a dump of the TCP socket table. Much of the information is not of use apart from debugging. The "sl" value is the kernel hash slot for the socket, the "local_address" is the local address and port number pair. The "rem_address" is the remote address and port number pair (if connected). "St" is the internal status of the socket. The "tx_queue" and "rx_queue" are the outgoing and incoming data queue in terms of kernel memory usage. The "tr", "tm->when", and "rexmits" fields hold internal information of the kernel socket state and are useful only for debugging. The "uid" field holds the effective UID of the creator of the socket.

/proc/net/udp

Holds a dump of the UDP socket table. Much of the information is not of use apart from debugging. The "sl" value is the kernel hash slot for the socket, the "local_address" is the local address and port number pair. The "rem_address" is the remote address and port number pair (if connected). "St" is the internal status of the socket. The "tx_queue" and "rx_queue" are the outgoing and incoming data queue in terms of kernel memory usage. The "tr", "tm->when", and "rexmits" fields are not used by UDP. The "uid" field holds the effective UID of the creator of the socket. The format is:

sl  local_address rem_address   st tx_queue rx_queue tr rexmits  tm->when uid


 1: 01642C89:0201 0C642C89:03FF 01 00000000:00000001 01:000071BA 00000000 0


 1: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 6F000100 0


 1: 00000000:0201 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0
    

/proc/net/unix

Lists the UNIX domain sockets present within the system and their status. The format is:

Num RefCount Protocol Flags    Type St Inode Path


 0: 00000002 00000000 00000000 0001 03    42


 1: 00000001 00000000 00010000 0001 01  1948 /dev/printer
    

The fields are as follows:

/proc/net/netfilter/nfnetlink_queue

This file contains information about netfilter user-space queueing, if used. Each line represents a queue. Queues that have not been subscribed to by user space are not shown.

   1   4207     0  2 65535     0     0        0  1


  (1)   (2)    (3)(4)  (5)    (6)   (7)      (8)
    

The fields in each line are:

The last number exists only for compatibility reasons and is always 1.

/proc/partitions

Contains the major and minor numbers of each partition as well as the number of 1024-byte blocks and the partition name.

/proc/pci

This is a listing of all PCI devices found during kernel initialization and their configuration.

This file has been deprecated in favor of a new /proc interface for PCI (/proc/bus/pci). It became optional in Linux 2.2 (available with CONFIG_PCI_OLD_PROC set at kernel compilation). It became once more nonoptionally enabled in Linux 2.4. Next, it was deprecated in Linux 2.6 (still available with CONFIG_PCI_LEGACY_PROC set), and finally removed altogether since Linux 2.6.17.

/proc/profile (since Linux 2.4)

This file is present only if the kernel was booted with the profile=1 command-line option. It exposes kernel profiling information in a binary format for use by readprofile(1). Writing (e.g., an empty string) to this file resets the profiling counters; on some architectures, writing a binary integer "profiling multiplier" of size sizeof(int) sets the profiling interrupt frequency.

/proc/scsi

A directory with the scsi mid-level pseudo-file and various SCSI low-level driver directories, which contain a file for each SCSI host in this system, all of which give the status of some part of the SCSI IO subsystem. These files contain ASCII structures and are, therefore, readable with cat(1).

You can also write to some of the files to reconfigure the subsystem or switch certain features on or off.

/proc/scsi/scsi

This is a listing of all SCSI devices known to the kernel. The listing is similar to the one seen during bootup. scsi currently supports only the add-single-device command which allows root to add a hotplugged device to the list of known devices.

The command

echo 'scsi add-single-device 1 0 5 0' > /proc/scsi/scsi
    

will cause host scsi1 to scan on SCSI channel 0 for a device on ID 5 LUN 0. If there is already a device known on this address or the address is invalid, an error will be returned.

/proc/scsi/drivername

drivername can currently be NCR53c7xx, aha152x, aha1542, aha1740, aic7xxx, buslogic, eata_dma, eata_pio, fdomain, in2000, pas16, qlogic, scsi_debug, seagate, t128, u15-24f, ultrastore, or wd7000. These directories show up for all drivers that registered at least one SCSI HBA. Every directory contains one file per registered host. Every host-file is named after the number the host was assigned during initialization.

Reading these files will usually show driver and host configuration, statistics, and so on.

Writing to these files allows different things on different hosts. For example, with the latency and nolatency commands, root can switch on and off command latency measurement code in the eata_dma driver. With the lockup and unlock commands, root can control bus lockups simulated by the scsi_debug driver.

/proc/self

This directory refers to the process accessing the /proc filesystem, and is identical to the /proc directory named by the process ID of the same process.

/proc/slabinfo

Information about kernel caches. See slabinfo(5) for details.

/proc/stat

kernel/system statistics. Varies with architecture. Common entries include:

/proc/swaps

Swap areas in use. See also swapon(8).

/proc/sys

This directory (present since Linux 1.3.57) contains a number of files and subdirectories corresponding to kernel variables. These variables can be read and in some cases modified using the /proc filesystem, and the (deprecated) sysctl(2) system call.

String values may be terminated by either '\0' or '\n'.

Integer and long values may be written either in decimal or in hexadecimal notation (e.g., 0x3FFF). When writing multiple integer or long values, these may be separated by any of the following whitespace characters: ' ', '\t', or '\n'. Using other separators leads to the error EINVAL.

/proc/sys/abi (since Linux 2.4.10)

This directory may contain files with application binary information. See the Linux kernel source file Documentation/sysctl/abi.rst (or Documentation/sysctl/abi.txt before Linux 5.3) for more information.

/proc/sys/debug

This directory may be empty.

/proc/sys/dev

This directory contains device-specific information (e.g., dev/cdrom/info). On some systems, it may be empty.

/proc/sys/fs

This directory contains the files and subdirectories for kernel variables related to filesystems.

/proc/sys/fs/aio-max-nr and /proc/sys/fs/aio-nr (since Linux 2.6.4)

aio-nr is the running total of the number of events specified by io_setup(2) calls for all currently active AIO contexts. If aio-nr reaches aio-max-nr, then io_setup(2) will fail with the error EAGAIN. Raising aio-max-nr does not result in the preallocation or resizing of any kernel data structures.

/proc/sys/fs/binfmt_misc

Documentation for files in this directory can be found in the Linux kernel source in the file Documentation/admin-guide/binfmt-misc.rst (or in Documentation/binfmt_misc.txt on older kernels).

/proc/sys/fs/dentry-state (since Linux 2.2)

This file contains information about the status of the directory cache (dcache). The file contains six numbers, nr_dentry, nr_unused, age_limit (age in seconds), want_pages (pages requested by system) and two dummy values.

/proc/sys/fs/dir-notify-enable

This file can be used to disable or enable the dnotify interface described in fcntl(2) on a system-wide basis. A value of 0 in this file disables the interface, and a value of 1 enables it.

/proc/sys/fs/dquot-max

This file shows the maximum number of cached disk quota entries. On some (2.4) systems, it is not present. If the number of free cached disk quota entries is very low and you have some awesome number of simultaneous system users, you might want to raise the limit.

/proc/sys/fs/dquot-nr

This file shows the number of allocated disk quota entries and the number of free disk quota entries.

/proc/sys/fs/epoll (since Linux 2.6.28)

This directory contains the file max_user_watches, which can be used to limit the amount of kernel memory consumed by the epoll interface. For further details, see epoll(7).

/proc/sys/fs/file-max

This file defines a system-wide limit on the number of open files for all processes. System calls that fail when encountering this limit fail with the error ENFILE. (See also setrlimit(2), which can be used by a process to set the per-process limit, RLIMIT_NOFILE, on the number of files it may open.) If you get lots of error messages in the kernel log about running out of file handles (open file descriptions) (look for "VFS: file-max limit <number> reached"), try increasing this value:

echo 100000 > /proc/sys/fs/file-max
    

Privileged processes (CAP_SYS_ADMIN) can override the file-max limit.

/proc/sys/fs/file-nr

This (read-only) file contains three numbers: the number of allocated file handles (i.e., the number of open file descriptions; see open(2)); the number of free file handles; and the maximum number of file handles (i.e., the same value as /proc/sys/fs/file-max). If the number of allocated file handles is close to the maximum, you should consider increasing the maximum. Before Linux 2.6, the kernel allocated file handles dynamically, but it didn't free them again. Instead the free file handles were kept in a list for reallocation; the "free file handles" value indicates the size of that list. A large number of free file handles indicates that there was a past peak in the usage of open file handles. Since Linux 2.6, the kernel does deallocate freed file handles, and the "free file handles" value is always zero.

/proc/sys/fs/inode-max (only present until Linux 2.2)

This file contains the maximum number of in-memory inodes. This value should be 3–4 times larger than the value in file-max, since stdin, stdout and network sockets also need an inode to handle them. When you regularly run out of inodes, you need to increase this value.

Starting with Linux 2.4, there is no longer a static limit on the number of inodes, and this file is removed.

/proc/sys/fs/inode-nr

This file contains the first two values from inode-state.

/proc/sys/fs/inode-state

This file contains seven numbers: nr_inodes, nr_free_inodes, preshrink, and four dummy values (always zero).

nr_inodes is the number of inodes the system has allocated. nr_free_inodes represents the number of free inodes.

preshrink is nonzero when the nr_inodes > inode-max and the system needs to prune the inode list instead of allocating more; since Linux 2.4, this field is a dummy value (always zero).

/proc/sys/fs/inotify (since Linux 2.6.13)

This directory contains files max_queued_events, max_user_instances, and max_user_watches, that can be used to limit the amount of kernel memory consumed by the inotify interface. For further details, see inotify(7).

/proc/sys/fs/lease-break-time

This file specifies the grace period that the kernel grants to a process holding a file lease (fcntl(2)) after it has sent a signal to that process notifying it that another process is waiting to open the file. If the lease holder does not remove or downgrade the lease within this grace period, the kernel forcibly breaks the lease.

/proc/sys/fs/leases-enable

This file can be used to enable or disable file leases (fcntl(2)) on a system-wide basis. If this file contains the value 0, leases are disabled. A nonzero value enables leases.

/proc/sys/fs/mount-max (since Linux 4.9)

The value in this file specifies the maximum number of mounts that may exist in a mount namespace. The default value in this file is 100,000.

/proc/sys/fs/mqueue (since Linux 2.6.6)

This directory contains files msg_max, msgsize_max, and queues_max, controlling the resources used by POSIX message queues. See mq_overview(7) for details.

/proc/sys/fs/nr_open (since Linux 2.6.25)

This file imposes a ceiling on the value to which the RLIMIT_NOFILE resource limit can be raised (see getrlimit(2)). This ceiling is enforced for both unprivileged and privileged process. The default value in this file is 1048576. (Before Linux 2.6.25, the ceiling for RLIMIT_NOFILE was hard-coded to the same value.)

/proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid

These files allow you to change the value of the fixed UID and GID. The default is 65534. Some filesystems support only 16-bit UIDs and GIDs, although in Linux UIDs and GIDs are 32 bits. When one of these filesystems is mounted with writes enabled, any UID or GID that would exceed 65535 is translated to the overflow value before being written to disk.

/proc/sys/fs/pipe-max-size (since Linux 2.6.35)

See pipe(7).

/proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)

See pipe(7).

/proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)

See pipe(7).

/proc/sys/fs/protected_fifos (since Linux 4.19)

The value in this file is/can be set to one of the following:

The intent of the above protections is to avoid unintentional writes to an attacker-controlled FIFO when a program expected to create a regular file.

/proc/sys/fs/protected_hardlinks (since Linux 3.6)

When the value in this file is 0, no restrictions are placed on the creation of hard links (i.e., this is the historical behavior before Linux 3.6). When the value in this file is 1, a hard link can be created to a target file only if one of the following conditions is true:

The default value in this file is 0. Setting the value to 1 prevents a longstanding class of security issues caused by hard-link-based time-of-check, time-of-use races, most commonly seen in world-writable directories such as /tmp. The common method of exploiting this flaw is to cross privilege boundaries when following a given hard link (i.e., a root process follows a hard link created by another user). Additionally, on systems without separated partitions, this stops unauthorized users from "pinning" vulnerable set-user-ID and set-group-ID files against being upgraded by the administrator, or linking to special files.

/proc/sys/fs/protected_regular (since Linux 4.19)

The value in this file is/can be set to one of the following:

The intent of the above protections is similar to protected_fifos, but allows an application to avoid writes to an attacker-controlled regular file, where the application expected to create one.

/proc/sys/fs/protected_symlinks (since Linux 3.6)

When the value in this file is 0, no restrictions are placed on following symbolic links (i.e., this is the historical behavior before Linux 3.6). When the value in this file is 1, symbolic links are followed only in the following circumstances:

A system call that fails to follow a symbolic link because of the above restrictions returns the error EACCES in errno.

The default value in this file is 0. Setting the value to 1 avoids a longstanding class of security issues based on time-of-check, time-of-use races when accessing symbolic links.

/proc/sys/fs/suid_dumpable (since Linux 2.6.13)

The value in this file is assigned to a process's "dumpable" flag in the circumstances described in prctl(2). In effect, the value in this file determines whether core dump files are produced for set-user-ID or otherwise protected/tainted binaries. The "dumpable" setting also affects the ownership of files in a process's /proc/pid directory, as described above.

Three different integer values can be specified:

For details of the effect of a process's "dumpable" setting on ptrace access mode checking, see ptrace(2).

/proc/sys/fs/super-max

This file controls the maximum number of superblocks, and thus the maximum number of mounted filesystems the kernel can have. You need increase only super-max if you need to mount more filesystems than the current value in super-max allows you to.

/proc/sys/fs/super-nr

This file contains the number of filesystems currently mounted.

/proc/sys/kernel

This directory contains files controlling a range of kernel parameters, as described below.

/proc/sys/kernel/acct

This file contains three numbers: highwater, lowwater, and frequency. If BSD-style process accounting is enabled, these values control its behavior. If free space on filesystem where the log lives goes below lowwater percent, accounting suspends. If free space gets above highwater percent, accounting resumes. frequency determines how often the kernel checks the amount of free space (value is in seconds). Default values are 4, 2, and 30. That is, suspend accounting if 2% or less space is free; resume it if 4% or more space is free; consider information about amount of free space valid for 30 seconds.

/proc/sys/kernel/auto_msgmni (Linux 2.6.27 to Linux 3.18)

From Linux 2.6.27 to Linux 3.18, this file was used to control recomputing of the value in /proc/sys/kernel/msgmni upon the addition or removal of memory or upon IPC namespace creation/removal. Echoing "1" into this file enabled msgmni automatic recomputing (and triggered a recomputation of msgmni based on the current amount of available memory and number of IPC namespaces). Echoing "0" disabled automatic recomputing. (Automatic recomputing was also disabled if a value was explicitly assigned to /proc/sys/kernel/msgmni.) The default value in auto_msgmni was 1.

Since Linux 3.19, the content of this file has no effect (because msgmni defaults to near the maximum value possible), and reads from this file always return the value "0".

/proc/sys/kernel/cap_last_cap (since Linux 3.2)

See capabilities(7).

/proc/sys/kernel/cap-bound (from Linux 2.2 to Linux 2.6.24)

This file holds the value of the kernel capability bounding set (expressed as a signed decimal number). This set is ANDed against the capabilities permitted to a process during execve(2). Starting with Linux 2.6.25, the system-wide capability bounding set disappeared, and was replaced by a per-thread bounding set; see capabilities(7).

/proc/sys/kernel/core_pattern

See core(5).

/proc/sys/kernel/core_pipe_limit

See core(5).

/proc/sys/kernel/core_uses_pid

See core(5).

/proc/sys/kernel/ctrl-alt-del

This file controls the handling of Ctrl-Alt-Del from the keyboard. When the value in this file is 0, Ctrl-Alt-Del is trapped and sent to the init(1) program to handle a graceful restart. When the value is greater than zero, Linux's reaction to a Vulcan Nerve Pinch (tm) will be an immediate reboot, without even syncing its dirty buffers. Note: when a program (like dosemu) has the keyboard in "raw" mode, the Ctrl-Alt-Del is intercepted by the program before it ever reaches the kernel tty layer, and it's up to the program to decide what to do with it.

/proc/sys/kernel/dmesg_restrict (since Linux 2.6.37)

The value in this file determines who can see kernel syslog contents. A value of 0 in this file imposes no restrictions. If the value is 1, only privileged users can read the kernel syslog. (See syslog(2) for more details.) Since Linux 3.4, only users with the CAP_SYS_ADMIN capability may change the value in this file.

/proc/sys/kernel/domainname and /proc/sys/kernel/hostname

can be used to set the NIS/YP domainname and the hostname of your box in exactly the same way as the commands domainname(1) and hostname(1), that is:

# echo 'darkstar' > /proc/sys/kernel/hostname
# echo 'mydomain' > /proc/sys/kernel/domainname
    

has the same effect as

# hostname 'darkstar'
# domainname 'mydomain'
    

Note, however, that the classic darkstar.frop.org has the hostname "darkstar" and DNS (Internet Domain Name Server) domainname "frop.org", not to be confused with the NIS (Network Information Service) or YP (Yellow Pages) domainname. These two domain names are in general different. For a detailed discussion see the hostname(1) man page.

/proc/sys/kernel/hotplug

This file contains the pathname for the hotplug policy agent. The default value in this file is /sbin/hotplug.

/proc/sys/kernel/htab-reclaim (before Linux 2.4.9.2)

(PowerPC only) If this file is set to a nonzero value, the PowerPC htab (see kernel file Documentation/powerpc/ppc_htab.txt) is pruned each time the system hits the idle loop.

/proc/sys/kernel/keys/*

This directory contains various files that define parameters and limits for the key-management facility. These files are described in keyrings(7).

/proc/sys/kernel/kptr_restrict (since Linux 2.6.38)

The value in this file determines whether kernel addresses are exposed via /proc files and other interfaces. A value of 0 in this file imposes no restrictions. If the value is 1, kernel pointers printed using the %pK format specifier will be replaced with zeros unless the user has the CAP_SYSLOG capability. If the value is 2, kernel pointers printed using the %pK format specifier will be replaced with zeros regardless of the user's capabilities. The initial default value for this file was 1, but the default was changed to 0 in Linux 2.6.39. Since Linux 3.4, only users with the CAP_SYS_ADMIN capability can change the value in this file.

/proc/sys/kernel/l2cr

(PowerPC only) This file contains a flag that controls the L2 cache of G3 processor boards. If 0, the cache is disabled. Enabled if nonzero.

/proc/sys/kernel/modprobe

This file contains the pathname for the kernel module loader. The default value is /sbin/modprobe. The file is present only if the kernel is built with the CONFIG_MODULES (CONFIG_KMOD in Linux 2.6.26 and earlier) option enabled. It is described by the Linux kernel source file Documentation/kmod.txt (present only in Linux 2.4 and earlier).

/proc/sys/kernel/modules_disabled (since Linux 2.6.31)

A toggle value indicating if modules are allowed to be loaded in an otherwise modular kernel. This toggle defaults to off (0), but can be set true (1). Once true, modules can be neither loaded nor unloaded, and the toggle cannot be set back to false. The file is present only if the kernel is built with the CONFIG_MODULES option enabled.

/proc/sys/kernel/msgmax (since Linux 2.2)

This file defines a system-wide limit specifying the maximum number of bytes in a single message written on a System V message queue.

/proc/sys/kernel/msgmni (since Linux 2.4)

This file defines the system-wide limit on the number of message queue identifiers. See also /proc/sys/kernel/auto_msgmni.

/proc/sys/kernel/msgmnb (since Linux 2.2)

This file defines a system-wide parameter used to initialize the msg_qbytes setting for subsequently created message queues. The msg_qbytes setting specifies the maximum number of bytes that may be written to the message queue.

/proc/sys/kernel/ngroups_max (since Linux 2.6.4)

This is a read-only file that displays the upper limit on the number of a process's group memberships.

/proc/sys/kernel/ns_last_pid (since Linux 3.3)

See pid_namespaces(7).

/proc/sys/kernel/ostype and /proc/sys/kernel/osrelease

These files give substrings of /proc/version.

/proc/sys/kernel/overflowgid and /proc/sys/kernel/overflowuid

These files duplicate the files /proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid.

/proc/sys/kernel/panic

This file gives read/write access to the kernel variable panic_timeout. If this is zero, the kernel will loop on a panic; if nonzero, it indicates that the kernel should autoreboot after this number of seconds. When you use the software watchdog device driver, the recommended setting is 60.

/proc/sys/kernel/panic_on_oops (since Linux 2.5.68)

This file controls the kernel's behavior when an oops or BUG is encountered. If this file contains 0, then the system tries to continue operation. If it contains 1, then the system delays a few seconds (to give klogd time to record the oops output) and then panics. If the /proc/sys/kernel/panic file is also nonzero, then the machine will be rebooted.

/proc/sys/kernel/pid_max (since Linux 2.5.34)

This file specifies the value at which PIDs wrap around (i.e., the value in this file is one greater than the maximum PID). PIDs greater than this value are not allocated; thus, the value in this file also acts as a system-wide limit on the total number of processes and threads. The default value for this file, 32768, results in the same range of PIDs as on earlier kernels. On 32-bit platforms, 32768 is the maximum value for pid_max. On 64-bit systems, pid_max can be set to any value up to 2^22 (PID_MAX_LIMIT, approximately 4 million).

/proc/sys/kernel/powersave-nap (PowerPC only)

This file contains a flag. If set, Linux-PPC will use the "nap" mode of powersaving, otherwise the "doze" mode will be used.

/proc/sys/kernel/printk

See syslog(2).

/proc/sys/kernel/pty (since Linux 2.6.4)

This directory contains two files relating to the number of UNIX 98 pseudoterminals (see pts(4)) on the system.

/proc/sys/kernel/pty/max

This file defines the maximum number of pseudoterminals.

/proc/sys/kernel/pty/nr

This read-only file indicates how many pseudoterminals are currently in use.

/proc/sys/kernel/random

This directory contains various parameters controlling the operation of the file /dev/random. See random(4) for further information.

/proc/sys/kernel/random/uuid (since Linux 2.4)

Each read from this read-only file returns a randomly generated 128-bit UUID, as a string in the standard UUID format.

/proc/sys/kernel/randomize_va_space (since Linux 2.6.12)

Select the address space layout randomization (ASLR) policy for the system (on architectures that support ASLR). Three values are supported for this file:

/proc/sys/kernel/real-root-dev

This file is documented in the Linux kernel source file Documentation/admin-guide/initrd.rst (or Documentation/initrd.txt before Linux 4.10).

/proc/sys/kernel/reboot-cmd (Sparc only)

This file seems to be a way to give an argument to the SPARC ROM/Flash boot loader. Maybe to tell it what to do after rebooting?

/proc/sys/kernel/rtsig-max

(Up to and including Linux 2.6.7; see setrlimit(2)) This file can be used to tune the maximum number of POSIX real-time (queued) signals that can be outstanding in the system.

/proc/sys/kernel/rtsig-nr

(Up to and including Linux 2.6.7.) This file shows the number of POSIX real-time signals currently queued.

/proc/pid/sched_autogroup_enabled (since Linux 2.6.38)

See sched(7).

/proc/sys/kernel/sched_child_runs_first (since Linux 2.6.23)

If this file contains the value zero, then, after a fork(2), the parent is first scheduled on the CPU. If the file contains a nonzero value, then the child is scheduled first on the CPU. (Of course, on a multiprocessor system, the parent and the child might both immediately be scheduled on a CPU.)

/proc/sys/kernel/sched_rr_timeslice_ms (since Linux 3.9)

See sched_rr_get_interval(2).

/proc/sys/kernel/sched_rt_period_us (since Linux 2.6.25)

See sched(7).

/proc/sys/kernel/sched_rt_runtime_us (since Linux 2.6.25)

See sched(7).

/proc/sys/kernel/seccomp (since Linux 4.14)

This directory provides additional seccomp information and configuration. See seccomp(2) for further details.

/proc/sys/kernel/sem (since Linux 2.4)

This file contains 4 numbers defining limits for System V IPC semaphores. These fields are, in order:

/proc/sys/kernel/sg-big-buff

This file shows the size of the generic SCSI device (sg) buffer. You can't tune it just yet, but you could change it at compile time by editing include/scsi/sg.h and changing the value of SG_BIG_BUFF. However, there shouldn't be any reason to change this value.

/proc/sys/kernel/shm_rmid_forced (since Linux 3.1)

If this file is set to 1, all System V shared memory segments will be marked for destruction as soon as the number of attached processes falls to zero; in other words, it is no longer possible to create shared memory segments that exist independently of any attached process.

The effect is as though a shmctl(2) IPC_RMID is performed on all existing segments as well as all segments created in the future (until this file is reset to 0). Note that existing segments that are attached to no process will be immediately destroyed when this file is set to 1. Setting this option will also destroy segments that were created, but never attached, upon termination of the process that created the segment with shmget(2).

Setting this file to 1 provides a way of ensuring that all System V shared memory segments are counted against the resource usage and resource limits (see the description of RLIMIT_AS in getrlimit(2)) of at least one process.

Because setting this file to 1 produces behavior that is nonstandard and could also break existing applications, the default value in this file is 0. Set this file to 1 only if you have a good understanding of the semantics of the applications using System V shared memory on your system.

/proc/sys/kernel/shmall (since Linux 2.2)

This file contains the system-wide limit on the total number of pages of System V shared memory.

/proc/sys/kernel/shmmax (since Linux 2.2)

This file can be used to query and set the run-time limit on the maximum (System V IPC) shared memory segment size that can be created. Shared memory segments up to 1 GB are now supported in the kernel. This value defaults to SHMMAX.

/proc/sys/kernel/shmmni (since Linux 2.4)

This file specifies the system-wide maximum number of System V shared memory segments that can be created.

/proc/sys/kernel/sysctl_writes_strict (since Linux 3.16)

The value in this file determines how the file offset affects the behavior of updating entries in files under /proc/sys. The file has three possible values:

/proc/sys/kernel/sysrq

This file controls the functions allowed to be invoked by the SysRq key. By default, the file contains 1 meaning that every possible SysRq request is allowed (in older kernel versions, SysRq was disabled by default, and you were required to specifically enable it at run-time, but this is not the case any more). Possible values in this file are:

This file is present only if the CONFIG_MAGIC_SYSRQ kernel configuration option is enabled. For further details see the Linux kernel source file Documentation/admin-guide/sysrq.rst (or Documentation/sysrq.txt before Linux 4.10).

/proc/sys/kernel/version

This file contains a string such as:

#5 Wed Feb 25 21:49:24 MET 1998
    

The "#5" means that this is the fifth kernel built from this source base and the date following it indicates the time the kernel was built.

/proc/sys/kernel/threads-max (since Linux 2.3.11)

This file specifies the system-wide limit on the number of threads (tasks) that can be created on the system.

Since Linux 4.1, the value that can be written to threads-max is bounded. The minimum value that can be written is 20. The maximum value that can be written is given by the constant FUTEX_TID_MASK (0x3fffffff). If a value outside of this range is written to threads-max, the error EINVAL occurs.

The value written is checked against the available RAM pages. If the thread structures would occupy too much (more than 1/8th) of the available RAM pages, threads-max is reduced accordingly.

/proc/sys/kernel/yama/ptrace_scope (since Linux 3.5)

See ptrace(2).

/proc/sys/kernel/zero-paged (PowerPC only)

This file contains a flag. When enabled (nonzero), Linux-PPC will pre-zero pages in the idle loop, possibly speeding up get_free_pages.

/proc/sys/net

This directory contains networking stuff. Explanations for some of the files under this directory can be found in tcp(7) and ip(7).

/proc/sys/net/core/bpf_jit_enable

See bpf(2).

/proc/sys/net/core/somaxconn

This file defines a ceiling value for the backlog argument of listen(2); see the listen(2) manual page for details.

/proc/sys/proc

This directory may be empty.

/proc/sys/sunrpc

This directory supports Sun remote procedure call for network filesystem (NFS). On some systems, it is not present.

/proc/sys/user (since Linux 4.9)

See namespaces(7).

/proc/sys/vm

This directory contains files for memory management tuning, buffer, and cache management.

/proc/sys/vm/admin_reserve_kbytes (since Linux 3.10)

This file defines the amount of free memory (in KiB) on the system that should be reserved for users with the capability CAP_SYS_ADMIN.

The default value in this file is the minimum of [3% of free pages, 8MiB] expressed as KiB. The default is intended to provide enough for the superuser to log in and kill a process, if necessary, under the default overcommit 'guess' mode (i.e., 0 in /proc/sys/vm/overcommit_memory).

Systems running in "overcommit never" mode (i.e., 2 in /proc/sys/vm/overcommit_memory) should increase the value in this file to account for the full virtual memory size of the programs used to recover (e.g., login(1) ssh(1), and top(1)) Otherwise, the superuser may not be able to log in to recover the system. For example, on x86-64 a suitable value is 131072 (128MiB reserved).

Changing the value in this file takes effect whenever an application requests memory.

/proc/sys/vm/compact_memory (since Linux 2.6.35)

When 1 is written to this file, all zones are compacted such that free memory is available in contiguous blocks where possible. The effect of this action can be seen by examining /proc/buddyinfo.

Present only if the kernel was configured with CONFIG_COMPACTION.

/proc/sys/vm/drop_caches (since Linux 2.6.16)

Writing to this file causes the kernel to drop clean caches, dentries, and inodes from memory, causing that memory to become free. This can be useful for memory management testing and performing reproducible filesystem benchmarks. Because writing to this file causes the benefits of caching to be lost, it can degrade overall system performance.

To free pagecache, use:

echo 1 > /proc/sys/vm/drop_caches
    

To free dentries and inodes, use:

echo 2 > /proc/sys/vm/drop_caches
    

To free pagecache, dentries, and inodes, use:

echo 3 > /proc/sys/vm/drop_caches
    

Because writing to this file is a nondestructive operation and dirty objects are not freeable, the user should run sync(1) first.

/proc/sys/vm/sysctl_hugetlb_shm_group (since Linux 2.6.7)

This writable file contains a group ID that is allowed to allocate memory using huge pages. If a process has a filesystem group ID or any supplementary group ID that matches this group ID, then it can make huge-page allocations without holding the CAP_IPC_LOCK capability; see memfd_create(2), mmap(2), and shmget(2).

/proc/sys/vm/legacy_va_layout (since Linux 2.6.9)

If nonzero, this disables the new 32-bit memory-mapping layout; the kernel will use the legacy (2.4) layout for all processes.

/proc/sys/vm/memory_failure_early_kill (since Linux 2.6.32)

Control how to kill processes when an uncorrected memory error (typically a 2-bit error in a memory module) that cannot be handled by the kernel is detected in the background by hardware. In some cases (like the page still having a valid copy on disk), the kernel will handle the failure transparently without affecting any applications. But if there is no other up-to-date copy of the data, it will kill processes to prevent any data corruptions from propagating.

The file has one of the following values:

The kill is performed using a SIGBUS signal with si_code set to BUS_MCEERR_AO. Processes can handle this if they want to; see sigaction(2) for more details.

This feature is active only on architectures/platforms with advanced machine check handling and depends on the hardware capabilities.

Applications can override the memory_failure_early_kill setting individually with the prctl(2) PR_MCE_KILL operation.

Present only if the kernel was configured with CONFIG_MEMORY_FAILURE.

/proc/sys/vm/memory_failure_recovery (since Linux 2.6.32)

Enable memory failure recovery (when supported by the platform).

Present only if the kernel was configured with CONFIG_MEMORY_FAILURE.

/proc/sys/vm/oom_dump_tasks (since Linux 2.6.25)

Enables a system-wide task dump (excluding kernel threads) to be produced when the kernel performs an OOM-killing. The dump includes the following information for each task (thread, process): thread ID, real user ID, thread group ID (process ID), virtual memory size, resident set size, the CPU that the task is scheduled on, oom_adj score (see the description of /proc/pid/oom_adj), and command name. This is helpful to determine why the OOM-killer was invoked and to identify the rogue task that caused it.

If this contains the value zero, this information is suppressed. On very large systems with thousands of tasks, it may not be feasible to dump the memory state information for each one. Such systems should not be forced to incur a performance penalty in OOM situations when the information may not be desired.

If this is set to nonzero, this information is shown whenever the OOM-killer actually kills a memory-hogging task.

The default value is 0.

/proc/sys/vm/oom_kill_allocating_task (since Linux 2.6.24)

This enables or disables killing the OOM-triggering task in out-of-memory situations.

If this is set to zero, the OOM-killer will scan through the entire tasklist and select a task based on heuristics to kill. This normally selects a rogue memory-hogging task that frees up a large amount of memory when killed.

If this is set to nonzero, the OOM-killer simply kills the task that triggered the out-of-memory condition. This avoids a possibly expensive tasklist scan.

If /proc/sys/vm/panic_on_oom is nonzero, it takes precedence over whatever value is used in /proc/sys/vm/oom_kill_allocating_task.

The default value is 0.

/proc/sys/vm/overcommit_kbytes (since Linux 3.14)

This writable file provides an alternative to /proc/sys/vm/overcommit_ratio for controlling the CommitLimit when /proc/sys/vm/overcommit_memory has the value 2. It allows the amount of memory overcommitting to be specified as an absolute value (in kB), rather than as a percentage, as is done with overcommit_ratio. This allows for finer-grained control of CommitLimit on systems with extremely large memory sizes.

Only one of overcommit_kbytes or overcommit_ratio can have an effect: if overcommit_kbytes has a nonzero value, then it is used to calculate CommitLimit, otherwise overcommit_ratio is used. Writing a value to either of these files causes the value in the other file to be set to zero.

/proc/sys/vm/overcommit_memory

This file contains the kernel virtual memory accounting mode. Values are:

In mode 0, calls of mmap(2) with MAP_NORESERVE are not checked, and the default check is very weak, leading to the risk of getting a process "OOM-killed".

In mode 1, the kernel pretends there is always enough memory, until memory actually runs out. One use case for this mode is scientific computing applications that employ large sparse arrays. Before Linux 2.6.0, any nonzero value implies mode 1.

In mode 2 (available since Linux 2.6), the total virtual address space that can be allocated (CommitLimit in /proc/meminfo) is calculated as

CommitLimit = (total_RAM - total_huge_TLB) *
	      overcommit_ratio / 100 + total_swap
    

where:

For example, on a system with 16 GB of physical RAM, 16 GB of swap, no space dedicated to huge pages, and an overcommit_ratio of 50, this formula yields a CommitLimit of 24 GB.

Since Linux 3.14, if the value in /proc/sys/vm/overcommit_kbytes is nonzero, then CommitLimit is instead calculated as:

CommitLimit = overcommit_kbytes + total_swap
    

See also the description of /proc/sys/vm/admin_reserve_kbytes and /proc/sys/vm/user_reserve_kbytes.

/proc/sys/vm/overcommit_ratio (since Linux 2.6.0)

This writable file defines a percentage by which memory can be overcommitted. The default value in the file is 50. See the description of /proc/sys/vm/overcommit_memory.

/proc/sys/vm/panic_on_oom (since Linux 2.6.18)

This enables or disables a kernel panic in an out-of-memory situation.

If this file is set to the value 0, the kernel's OOM-killer will kill some rogue process. Usually, the OOM-killer is able to kill a rogue process and the system will survive.

If this file is set to the value 1, then the kernel normally panics when out-of-memory happens. However, if a process limits allocations to certain nodes using memory policies (mbind(2) MPOL_BIND) or cpusets (cpuset(7)) and those nodes reach memory exhaustion status, one process may be killed by the OOM-killer. No panic occurs in this case: because other nodes' memory may be free, this means the system as a whole may not have reached an out-of-memory situation yet.

If this file is set to the value 2, the kernel always panics when an out-of-memory condition occurs.

The default value is 0. 1 and 2 are for failover of clustering. Select either according to your policy of failover.

/proc/sys/vm/swappiness

The value in this file controls how aggressively the kernel will swap memory pages. Higher values increase aggressiveness, lower values decrease aggressiveness. The default value is 60.

/proc/sys/vm/user_reserve_kbytes (since Linux 3.10)

Specifies an amount of memory (in KiB) to reserve for user processes. This is intended to prevent a user from starting a single memory hogging process, such that they cannot recover (kill the hog). The value in this file has an effect only when /proc/sys/vm/overcommit_memory is set to 2 ("overcommit never" mode). In this case, the system reserves an amount of memory that is the minimum of [3% of current process size, user_reserve_kbytes].

The default value in this file is the minimum of [3% of free pages, 128MiB] expressed as KiB.

If the value in this file is set to zero, then a user will be allowed to allocate all free memory with a single process (minus the amount reserved by /proc/sys/vm/admin_reserve_kbytes). Any subsequent attempts to execute a command will result in "fork: Cannot allocate memory".

Changing the value in this file takes effect whenever an application requests memory.

/proc/sys/vm/unprivileged_userfaultfd (since Linux 5.2)

This (writable) file exposes a flag that controls whether unprivileged processes are allowed to employ userfaultfd(2). If this file has the value 1, then unprivileged processes may use userfaultfd(2). If this file has the value 0, then only processes that have the CAP_SYS_PTRACE capability may employ userfaultfd(2). The default value in this file is 1.

/proc/sysrq-trigger (since Linux 2.4.21)

Writing a character to this file triggers the same SysRq function as typing ALT-SysRq-<character> (see the description of /proc/sys/kernel/sysrq). This file is normally writable only by root. For further details see the Linux kernel source file Documentation/admin-guide/sysrq.rst (or Documentation/sysrq.txt before Linux 4.10).

/proc/sysvipc

Subdirectory containing the pseudo-files msg, sem and shm. These files list the System V Interprocess Communication (IPC) objects (respectively: message queues, semaphores, and shared memory) that currently exist on the system, providing similar information to that available via ipcs(1). These files have headers and are formatted (one IPC object per line) for easy understanding. sysvipc(7) provides further background on the information shown by these files.

/proc/thread-self (since Linux 3.17)

This directory refers to the thread accessing the /proc filesystem, and is identical to the /proc/self/task/tid directory named by the process thread ID (tid) of the same thread.

/proc/timer_list (since Linux 2.6.21)

This read-only file exposes a list of all currently pending (high-resolution) timers, all clock-event sources, and their parameters in a human-readable form.

/proc/timer_stats (from Linux 2.6.21 until Linux 4.10)

This is a debugging facility to make timer (ab)use in a Linux system visible to kernel and user-space developers. It can be used by kernel and user-space developers to verify that their code does not make undue use of timers. The goal is to avoid unnecessary wakeups, thereby optimizing power consumption.

If enabled in the kernel (CONFIG_TIMER_STATS), but not used, it has almost zero run-time overhead and a relatively small data-structure overhead. Even if collection is enabled at run time, overhead is low: all the locking is per-CPU and lookup is hashed.

The /proc/timer_stats file is used both to control sampling facility and to read out the sampled information.

The timer_stats functionality is inactive on bootup. A sampling period can be started using the following command:

# echo 1 > /proc/timer_stats
    

The following command stops a sampling period:

# echo 0 > /proc/timer_stats
    

The statistics can be retrieved by:

$ cat /proc/timer_stats
    

While sampling is enabled, each readout from /proc/timer_stats will see newly updated statistics. Once sampling is disabled, the sampled information is kept until a new sample period is started. This allows multiple readouts.

Sample output from /proc/timer_stats:

$ cat /proc/timer_stats
Timer Stats Version: v0.3
Sample period: 1.764 s
Collection: active


  255,     0 swapper/3        hrtimer_start_range_ns (tick_sched_timer)


   71,     0 swapper/1        hrtimer_start_range_ns (tick_sched_timer)


   58,     0 swapper/0        hrtimer_start_range_ns (tick_sched_timer)


    4,  1694 gnome-shell      mod_delayed_work_on (delayed_work_timer_fn)


   17,     7 rcu_sched        rcu_gp_kthread (process_timeout)
...


    1,  4911 kworker/u16:0    mod_delayed_work_on (delayed_work_timer_fn)


   1D,  2522 kworker/0:0      queue_delayed_work_on (delayed_work_timer_fn)
1029 total events, 583.333 events/sec
    

The output columns are:

During the Linux 4.11 development cycle, this file was removed because of security concerns, as it exposes information across namespaces. Furthermore, it is possible to obtain the same information via in-kernel tracing facilities such as ftrace.

/proc/tty

Subdirectory containing the pseudo-files and subdirectories for tty drivers and line disciplines.

/proc/uptime

This file contains two numbers (values in seconds): the uptime of the system (including time spent in suspend) and the amount of time spent in the idle process.

/proc/version

This string identifies the kernel version that is currently running. It includes the contents of /proc/sys/kernel/ostype, /proc/sys/kernel/osrelease, and /proc/sys/kernel/version. For example:

Linux version 1.0.9 (quinlan@phaze) #1 Sat May 14 01:51:54 EDT 1994
    

/proc/vmstat (since Linux 2.6.0)

This file displays various virtual memory statistics. Each line of this file contains a single name-value pair, delimited by white space. Some lines are present only if the kernel was configured with suitable options. (In some cases, the options required for particular files have changed across kernel versions, so they are not listed here. Details can be found by consulting the kernel source code.) The following fields may be present:

/proc/zoneinfo (since Linux 2.6.13)

This file displays information about memory zones. This is useful for analyzing virtual memory behavior.