I would appreciate it if you could read the details in Read all the contents of proc / [pid].
# sleep 365d > /dev/null &  3792 # ls /proc/3792 attr cwd map_files oom_adj schedstat task autogroup environ maps oom_score sessionid timers auxv exe mem oom_score_adj setgroups uid_map cgroup fd mountinfo pagemap smaps wchan clear_refs fdinfo mounts patch_state stack cmdline gid_map mountstats personality stat comm io net projid_map statm coredump_filter limits ns root status cpuset loginuid numa_maps sched syscall # cd /proc/3792
# ls attr/ current exec fscreate keycreate prev sockcreate # cat current unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 # cat prev unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
It was an empty file except for
Upon examination, these files seem to be referenced by SELinux features.
In Linux, you can manage read, write, and execute permissions for files and directories with a function called permissions, and an extension of that is a function called SELinux.
It seems that it is managed by the value of SELinux context instead of permission.
It seems that
current describes the SELinux context of this process itself, and
prev describes the SELinux context of the immediately executed process. (It is not well understood)
The SELinux context set in the file created by this process seems to be written in ʻexec
, Since / proc / 3792 / exec` this time is an empty file, it seems to be created with the default value.
You can check the default value here.
# semanage login -l Login Name SELinux User MLS/MCS Range Service __default__ unconfined_u s0-s0:c0.c1023 * root unconfined_u s0-s0:c0.c1023 * system_u system_u s0-s0:c0.c1023 *
I will study SELinux in the future.
# cat autogroup /autogroup-401 nice 0
It seems that the value used by the CPU for scheduling is described.
# ll | grep auxv -r--------. 1 root root 0 Jan 12 05:09 auxv # cat auxv ! Temple d@@Awa d 捐 beef ゚ class P sucking # od -x auxv 0000000 0021 0000 0000 0000 0000 9fbb 7fff 0000 0000020 0010 0000 0000 0000 fbff 1f8b 0000 0000 0000040 0006 0000 0000 0000 1000 0000 0000 0000 0000060 0011 0000 0000 0000 0064 0000 0000 0000 0000100 0003 0000 0000 0000 0040 0040 0000 0000 0000120 0004 0000 0000 0000 0038 0000 0000 0000 ....
Contains ELF interpreter information passed to the process at run time. http://surf.ml.seikei.ac.jp/~nakano/JMwww/html/LDP_man-pages/man5/proc.5.html
And that. It seems that auxv is an auxiliary vector.
I tried ʻod
, but I couldn't understand it because of the enumeration of numbers. Even if you hit file aux v
, it will be displayed as ./auxv: empty`, probably because it is a special file.
It seems that the purpose is to read through some function.
It seems that the executable file has a format called ELF. It seems that the header information is described. I didn't know how to fix the garbled characters.
# cat cgroup 11:cpuset:/ 10:blkio:/ 9:devices:/user.slice 8:hugetlb:/ 7:net_prio,net_cls:/ 6:perf_event:/ 5:memory:/ 4:cpuacct,cpu:/ 3:pids:/ 2:freezer:/ 1:name=systemd:/user.slice/user-1000.slice/session-89.scope
cgroup is a feature that allows you to set limits on processes. It seems that you can set the CPU usage rate and the upper limit of memory in detail. Upward compatible with autogroup.
From left: Hierarchy ID number: Set of subsystems associated with the hierarchy: Control group in the hierarchy to which the process belongs
That's right. Study required.
# cat clear_refs cat: clear_refs: Invalid argument
I got angry when I cated.
# ll clear_refs --w-------. 1 root root 0 Jan 11 06:40 clear_refs
I had only write privileges with root privileges.
I opened it with
vi clear_refs but it was an empty file.
Refer to when measuring memory? It seems. I didn't understand too much.
If the permissions are only for writing, such as -w -------, It is intended to do something by writing data to that file.
I received a comment. It seems that some operation is performed through this file. I want to be able to read the source code of the kernel? CentOS ?. cmdline
# cat cmdline sleep365d # tr \\0 _ < cmdline sleep_365d_
The command executed when the process started. It seems that arguments (such as ls -l) are also displayed. The delimiter was \ 0 (NULL).
# cat comm sleep
The command name displayed by
# cat coredump_filter 00000033
It seems that it is a bit filter setting of the error that is thrown when the process terminates abnormally. I don't know what mask each 00000033 is.
# cat cpuset /
It seems to be referenced by cgroup. I searched a lot, but I'm sorry.
There were too many things I didn't understand. I'm worried if the article I tweet is meaningful if I don't understand it. In the first place, there were many contents such as "Is this item used now ...?", And I could not distinguish it. I definitely want to hold down the cgroup.
http://blue-9.hatenadiary.com/entry/2017/03/14/212929 http://www.usupi.org/sysad/024.html http://man7.org/linux/man-pages/man5/proc.5.html https://www.atmarkit.co.jp/flinux/rensai/watch2007/watch10a.html https://access.redhat.com/documentation/ja-jp/red_hat_enterprise_linux/6/html/resource_management_guide/sec-cpuset https://blog.goo.ne.jp/tell14/e/d03e57fbe77a73f7991da7016824cfbf http://manpages.ubuntu.com/manpages/bionic/ja/man5/proc.5.html