Linux advanced
/proc/
/proc/<pid>/
: PID n°\<pid>.
/proc/self/
: The link self
points to the process reading the file system.
File | Content |
---|---|
/proc/<pid>/clear_refs |
Clears page referenced bits shown in smaps output |
/proc/<pid>/cmdline |
Command line arguments |
/proc/<pid>/cpu |
Current and last cpu in which it was executed |
/proc/<pid>/cwd |
Symlink to the current working directory |
/proc/<pid>/environ |
Values of environment variables |
/proc/<pid>/exe |
Link to the executable of this process |
/proc/<pid>/fd |
Directory, which contains all file descriptors |
/proc/<pid>/maps |
Memory maps to executables and library files |
/proc/<pid>/mem |
Memory held by this process |
/proc/<pid>/root |
Link to the root directory of this process |
/proc/<pid>/stat |
Process status |
/proc/<pid>/statm |
Process memory status information |
/proc/<pid>/status |
Process status in human readable form |
/proc/<pid>/wchan |
Present with CONFIG_KALLSYMS=y: it shows the kernel function symbol the task is blocked in - or “0” if not blocked. |
/proc/<pid>/pagemap |
Page table |
/proc/<pid>/stack |
Report full stack trace, enable via CONFIG_STACKTRACE |
/proc/<pid>/smaps |
An extension based on maps, showing the memory consumption of each mapping and flags associated with it |
/proc/<pid>/smaps_rollup |
Accumulated smaps stats for all mappings of the process. This can be derived from smaps, but is faster and more convenient |
/proc/<pid>/numa_maps |
An extension based on maps, showing the memory locality and binding policy as well as mem usage (in pages) of each mapping. |
Source kernel.org.
Capabilities
Display capabilities :
$ capsh --print
Example of usage
I want to use python HTTP server on port < 1024 without using sudo
.
$ python3 -m http.server 80
Traceback (most recent call last):
File "/usr/lib/python3.9/runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/lib/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/usr/lib/python3.9/http/server.py", line 1290, in <module>
test(
File "/usr/lib/python3.9/http/server.py", line 1245, in test
with ServerClass(addr, HandlerClass) as httpd:
File "/usr/lib/python3.9/socketserver.py", line 452, in __init__
self.server_bind()
File "/usr/lib/python3.9/http/server.py", line 1288, in server_bind
return super().server_bind()
File "/usr/lib/python3.9/http/server.py", line 138, in server_bind
socketserver.TCPServer.server_bind(self)
File "/usr/lib/python3.9/socketserver.py", line 466, in server_bind
self.socket.bind(self.server_address)
PermissionError: [Errno 13] Permission denied
Let's add the capability CAP_NET_BIND_SERVICE
.
$ sudo setcap CAP_NET_BIND_SERVICE+eip $(which python3)
Invalid file '/usr/bin/python3' for capability operation
$ ls -al /usr/bin/python3
lrwxrwxrwx 1 root root 9 Aug 31 15:28 /usr/bin/python3 -> python3.9
$ sudo setcap CAP_NET_BIND_SERVICE+eip /usr/bin/python3.9
$ python3.9 -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
It's working !
Famous cap.
- CAP_NET_ADMIN : Allows you to perform various network-related operations.
- CAP_SETUID / CAP_SETGID : Allows you to make arbitrary manipulations of process UIDs / GIDs.
fstab - File System Table
System configuration file commonly found at /etc/fstab
. The fstab file typically lists all available disk partitions and other types of file systems and data sources.
This configuration file is read by the mount
command, which happens automatically at boot time to determine the overall file system structure, and thereafter when a user executes the mount command to modify that structure.
Example
# device-spec mount-point fs-type options dump pass
LABEL=/ / ext4 defaults 1 1
/dev/sda6 none swap defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
# Removable media
/dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,ro 0 0
# NTFS Windows 7 partition
/dev/sda1 /mnt/Windows ntfs-3g quiet,defaults,locale=en_US.utf8,umask=0,noexec 0 0
# Partition shared by Windows and Linux
/dev/sda7 /mnt/shared vfat umask=000 0 0
# Mounting tmpfs
tmpfs /mnt/tmpfschk tmpfs size=100m 0 0
# Mounting cifs
//cifs_server_name/ashare /store/pingu cifs credentials=/root/smbpass.txt 0 0
# Mounting NFS
nfs_server_name:/store /store nfs rw 0 0
- device-spec : Device name, label, UUID, ...
- mount-point : Where the contents of the device may be accessed after mounting (for swap partitions or files, this is set to none).
- fs-type : Type of file system.
- options : Options describing various other aspects of the file system, such as whether it is automatically mounted at boot, which users may mount or access it, whether it may be written to or only read from, its size, and so forth (the special option defaults refers to a pre-determined set of options depending on the file system type).
- dump : A number indicating whether and how often the file system should be backed up by the dump program (a zero indicates the file system will never be automatically backed up).
- pass : A number indicating the order in which the fsck program will check the devices for errors at boot time (0 : do not check, 1 :check immediately during boot, 2 : check after boot).
Options common to all filesystems
auto
/noauto
: With theauto
option, the device will be mounted automatically at bootup or when themount -a
command is issued.auto
is the default option. Withnoauto
, the device can be only mounted explicitly.dev
/nodev
: Controls behavior of the interpretation of block special devices on the filesystem.exec
/noexec
:exec
lets binaries that are on the partition be executed, whereasnoexec
is the opposite.rw
/ro
: Mount the filesystem in either read write or read only mode.sync
/async
: How the input and output to the filesystem should be done, synchronously or asynchronously.suid
/nosuid
: Controls the behavior of the operation of suid, and sgid bits.user
/users
/nouser
:user
permits any user to mount the filesystem. This automatically implies noexec, nosuid, nodev unless explicitly overridden. Ifnouser
is specified, only root can mount the filesystem. Ifusers
is specified, every user in group users will be able to unmount the volume.defaults
: Use default settings. Default settings are defined per file system at the file system level.owner
(Linux-specific) : Permit the owner of device to mount.atime
/noatime
/relatime
/strictatime
(Linux-specific) : The Unix stat structure records when files are last accessed (atime), modified (mtime), and changed (ctime). One result is that atime is written every time a file is read, which has been heavily criticized for causing performance degradation and increased wear. However, atime is used by some applications and desired by some users, and thus is configurable as atime (update on access), noatime (do not update), or (in Linux) relatime (update atime if older than mtime). Through Linux 2.6.29, atime was the default; as of 2.6.30, relatime is the default.
Source Wikipedia.
mtab - Mounted File System Table
System configuration file commonly found at /etc/mtab
(it can be a symlink to /proc/mounts
or /proc/self/mounts
). This file lists all currently mounted filesystems along with their initialization options.
Example
/dev/sdb1 / ext3 rw,relatime,errors=remount-ro 0 0
proc /proc proc rw,noexec,nosuid,nodev 0 0
/sys /sys sysfs rw,noexec,nosuid,nodev 0 0
varrun /var/run tmpfs rw,noexec,nosuid,nodev,mode=0755 0 0
varlock /var/lock tmpfs rw,noexec,nosuid,nodev,mode=1777 0 0
udev /dev tmpfs rw,mode=0755 0 0
devshm /dev/shm tmpfs rw 0 0
devpts /dev/pts devpts rw,gid=5,mode=620 0 0
lrm /lib/modules/2.6.24-16-generic/volatile tmpfs rw 0 0
securityfs /sys/kernel/security securityfs rw 0 0
gvfs-fuse-daemon /home/alice/.gvfs fuse.gvfs-fuse-daemon rw,nosuid,nodev,user=alice 0 0
Source Wikipedia.
## Signals
- SIGHUP (1) : Hang up detected on controlling terminal or death of controlling process
- SIGINT (2) : Issued if the user sends an interrupt signal (Ctrl + C)
- SIGQUIT (3) : Issued if the user sends a quit signal (Ctrl + D)
- SIGFPE (8) : Issued if an illegal mathematical operation is attempted
- SIGKILL (9) : If a process gets this signal it must quit immediately and will not perform any clean-up operations
- SIGALRM (14): Alarm clock signal (used for timers)
- SIGTERM (15) : Software termination signal, allow the process to do some cleanup tasks beforehand (sent by kill by default)
Namespaces
A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. Changes to the global resource are visible to other processes that are members of the namespace, but are invisible to other processes.
Types of namespaces :
- Cgroup (CLONE_NEWCGROUP) : Cgroup root directory.
- IPC (CLONE_NEWIPC) : System V ICP, POSIX message queues
- Network (CLONE_NEWNET) : Network devices, stacks, ports, ...
- Mount (CLONE_NEWNS) : Mount points
- PID (CLONE_NEWPID) : Process IDs
- User (CLONE_NEWUSER) : Boot and monotonic clocks
- UTS (CLONE_NEWUTS) : Hostname and NIS domain name
List namespaces using lsns
command.