1PROC(5) Linux Programmer's Manual PROC(5)
2
6 proc - process information pseudo-filesystem
7
9 The proc filesystem is a pseudo-filesystem which provides an interface
10 to kernel data structures. It is commonly mounted at /proc. Typi‐
11 cally, it is mounted automatically by the system, but it can also be
12 mounted manually using a command such as:
13 mount -t proc proc /proc
15 Most of the files in the proc filesystem are read-only, but some files
17 are writable, allowing kernel variables to be changed.
18 Mount options
20 The proc filesystem supports the following mount options:
21 hidepid=n (since Linux 3.3)
23 This option controls who can access the information in
24 /proc/[pid] directories. The argument, n, is one of the follow‐
25 ing values:
26 0 Everybody may access all /proc/[pid] directories. This is
28 the traditional behavior, and the default if this mount
29 option is not specified.
30 1 Users may not access files and subdirectories inside any
32 /proc/[pid] directories but their own (the /proc/[pid]
33 directories themselves remain visible). Sensitive files
34 such as /proc/[pid]/cmdline and /proc/[pid]/status are now
35 protected against other users. This makes it impossible to
36 learn whether any user is running a specific program (so
37 long as the program doesn't otherwise reveal itself by its
38 behavior).
39 2 As for mode 1, but in addition the /proc/[pid] directories
41 belonging to other users become invisible. This means that
42 /proc/[pid] entries can no longer be used to discover the
43 PIDs on the system. This doesn't hide the fact that a
44 process with a specific PID value exists (it can be learned
45 by other means, for example, by "kill -0 $PID"), but it
46 hides a process's UID and GID, which could otherwise be
47 learned by employing stat(2) on a /proc/[pid] directory.
48 This greatly complicates an attacker's task of gathering
49 information about running processes (e.g., discovering
50 whether some daemon is running with elevated privileges,
51 whether another user is running some sensitive program,
52 whether other users are running any program at all, and so
53 on).
54 gid=gid (since Linux 3.3)
56 Specifies the ID of a group whose members are authorized to
57 learn process information otherwise prohibited by hidepid (i.e.,
58 users in this group behave as though /proc was mounted with
59 hidepid=0). This group should be used instead of approaches
60 such as putting nonroot users into the sudoers(5) file.
61 Files and directories
63 The following list describes many of the files and directories under
64 the /proc hierarchy.
65 /proc/[pid]
67 There is a numerical subdirectory for each running process; the
68 subdirectory is named by the process ID.
69 Each /proc/[pid] subdirectory contains the pseudo-files and
71 directories described below. These files are normally owned by
72 the effective user and effective group ID of the process. How‐
73 ever, as a security measure, the ownership is made root:root if
74 the process's "dumpable" attribute is set to a value other than
75 1. This attribute may change for the following reasons:
76 * The attribute was explicitly set via the prctl(2)
78 PR_SET_DUMPABLE operation.
79 * The attribute was reset to the value in the file
81 /proc/sys/fs/suid_dumpable (described below), for the reasons
82 described in prctl(2).
83 Resetting the "dumpable" attribute to 1 reverts the ownership of
85 the /proc/[pid]/* files to the process's real UID and real GID.
86 /proc/[pid]/attr
88 The files in this directory provide an API for security modules.
89 The contents of this directory are files that can be read and
90 written in order to set security-related attributes. This
91 directory was added to support SELinux, but the intention was
92 that the API be general enough to support other security mod‐
93 ules. For the purpose of explanation, examples of how SELinux
94 uses these files are provided below.
95 This directory is present only if the kernel was configured with
97 CONFIG_SECURITY.
98 /proc/[pid]/attr/current (since Linux 2.6.0)
100 The contents of this file represent the current security
101 attributes of the process.
102 In SELinux, this file is used to get the security context of a
104 process. Prior to Linux 2.6.11, this file could not be used to
105 set the security context (a write was always denied), since
106 SELinux limited process security transitions to execve(2) (see
107 the description of /proc/[pid]/attr/exec, below). Since Linux
108 2.6.11, SELinux lifted this restriction and began supporting
109 "set" operations via writes to this node if authorized by pol‐
110 icy, although use of this operation is only suitable for appli‐
111 cations that are trusted to maintain any desired separation
112 between the old and new security contexts. Prior to Linux
113 2.6.28, SELinux did not allow threads within a multi-threaded
114 process to set their security context via this node as it would
115 yield an inconsistency among the security contexts of the
116 threads sharing the same memory space. Since Linux 2.6.28,
117 SELinux lifted this restriction and began supporting "set" oper‐
118 ations for threads within a multithreaded process if the new
119 security context is bounded by the old security context, where
120 the bounded relation is defined in policy and guarantees that
121 the new security context has a subset of the permissions of the
122 old security context. Other security modules may choose to sup‐
123 port "set" operations via writes to this node.
124 /proc/[pid]/attr/exec (since Linux 2.6.0)
126 This file represents the attributes to assign to the process
127 upon a subsequent execve(2).
128 In SELinux, this is needed to support role/domain transitions,
130 and execve(2) is the preferred point to make such transitions
131 because it offers better control over the initialization of the
132 process in the new security label and the inheritance of state.
133 In SELinux, this attribute is reset on execve(2) so that the new
134 program reverts to the default behavior for any execve(2) calls
135 that it may make. In SELinux, a process can set only its own
136 /proc/[pid]/attr/exec attribute.
137 /proc/[pid]/attr/fscreate (since Linux 2.6.0)
139 This file represents the attributes to assign to files created
140 by subsequent calls to open(2), mkdir(2), symlink(2), and
141 mknod(2)
142 SELinux employs this file to support creation of a file (using
144 the aforementioned system calls) in a secure state, so that
145 there is no risk of inappropriate access being obtained between
146 the time of creation and the time that attributes are set. In
147 SELinux, this attribute is reset on execve(2), so that the new
148 program reverts to the default behavior for any file creation
149 calls it may make, but the attribute will persist across multi‐
150 ple file creation calls within a program unless it is explicitly
151 reset. In SELinux, a process can set only its own
152 /proc/[pid]/attr/fscreate attribute.
153 /proc/[pid]/attr/keycreate (since Linux 2.6.18)
155 If a process writes a security context into this file, all sub‐
156 sequently created keys (add_key(2)) will be labeled with this
157 context. For further information, see the kernel source file
158 Documentation/security/keys/core.rst (or file Documenta‐
159 tion/security/keys.txt on Linux between 3.0 and 4.13, or Docu‐
160 mentation/keys.txt before Linux 3.0).
161 /proc/[pid]/attr/prev (since Linux 2.6.0)
163 This file contains the security context of the process before
164 the last execve(2); that is, the previous value of
165 /proc/[pid]/attr/current.
166 /proc/[pid]/attr/socketcreate (since Linux 2.6.18)
168 If a process writes a security context into this file, all sub‐
169 sequently created sockets will be labeled with this context.
170 /proc/[pid]/autogroup (since Linux 2.6.38)
172 See sched(7).
173 /proc/[pid]/auxv (since 2.6.0-test7)
175 This contains the contents of the ELF interpreter information
176 passed to the process at exec time. The format is one unsigned
177 long ID plus one unsigned long value for each entry. The last
178 entry contains two zeros. See also getauxval(3).
179 Permission to access this file is governed by a ptrace access
181 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
182 /proc/[pid]/cgroup (since Linux 2.6.24)
184 See cgroups(7).
185 /proc/[pid]/clear_refs (since Linux 2.6.22)
187 This is a write-only file, writable only by owner of the
189 process.
190 The following values may be written to the file:
192 1 (since Linux 2.6.22)
194 Reset the PG_Referenced and ACCESSED/YOUNG bits for all
195 the pages associated with the process. (Before kernel
196 2.6.32, writing any nonzero value to this file had this
197 effect.)
198 2 (since Linux 2.6.32)
200 Reset the PG_Referenced and ACCESSED/YOUNG bits for all
201 anonymous pages associated with the process.
202 3 (since Linux 2.6.32)
204 Reset the PG_Referenced and ACCESSED/YOUNG bits for all
205 file-mapped pages associated with the process.
206 Clearing the PG_Referenced and ACCESSED/YOUNG bits provides a
208 method to measure approximately how much memory a process is
209 using. One first inspects the values in the "Referenced" fields
210 for the VMAs shown in /proc/[pid]/smaps to get an idea of the
211 memory footprint of the process. One then clears the PG_Refer‐
212 enced and ACCESSED/YOUNG bits and, after some measured time
213 interval, once again inspects the values in the "Referenced"
214 fields to get an idea of the change in memory footprint of the
215 process during the measured interval. If one is interested only
216 in inspecting the selected mapping types, then the value 2 or 3
217 can be used instead of 1.
218 Further values can be written to affect different properties:
220 4 (since Linux 3.11)
222 Clear the soft-dirty bit for all the pages associated
223 with the process. This is used (in conjunction with
224 /proc/[pid]/pagemap) by the check-point restore system to
225 discover which pages of a process have been dirtied since
226 the file /proc/[pid]/clear_refs was written to.
227 5 (since Linux 4.0)
229 Reset the peak resident set size ("high water mark") to
230 the process's current resident set size value.
231 Writing any value to /proc/[pid]/clear_refs other than those
233 listed above has no effect.
234 The /proc/[pid]/clear_refs file is present only if the CON‐
236 FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
237 /proc/[pid]/cmdline
239 This read-only file holds the complete command line for the
240 process, unless the process is a zombie. In the latter case,
241 there is nothing in this file: that is, a read on this file will
242 return 0 characters. The command-line arguments appear in this
243 file as a set of strings separated by null bytes ('\0'), with a
244 further null byte after the last string.
245 /proc/[pid]/comm (since Linux 2.6.33)
247 This file exposes the process's comm value—that is, the command
248 name associated with the process. Different threads in the same
249 process may have different comm values, accessible via
250 /proc/[pid]/task/[tid]/comm. A thread may modify its comm
251 value, or that of any of other thread in the same thread group
252 (see the discussion of CLONE_THREAD in clone(2)), by writing to
253 the file /proc/self/task/[tid]/comm. Strings longer than
254 TASK_COMM_LEN (16) characters are silently truncated.
255 This file provides a superset of the prctl(2) PR_SET_NAME and
257 PR_GET_NAME operations, and is employed by pthread_setname_np(3)
258 when used to rename threads other than the caller.
259 /proc/[pid]/coredump_filter (since Linux 2.6.23)
261 See core(5).
262 /proc/[pid]/cpuset (since Linux 2.6.12)
264 See cpuset(7).
265 /proc/[pid]/cwd
267 This is a symbolic link to the current working directory of the
268 process. To find out the current working directory of process
269 20, for instance, you can do this:
270 $ cd /proc/20/cwd; /bin/pwd
272 Note that the pwd command is often a shell built-in, and might
274 not work properly. In bash(1), you may use pwd -P.
275 In a multithreaded process, the contents of this symbolic link
277 are not available if the main thread has already terminated
278 (typically by calling pthread_exit(3)).
279 Permission to dereference or read (readlink(2)) this symbolic
281 link is governed by a ptrace access mode
282 PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
283 /proc/[pid]/environ
285 This file contains the initial environment that was set when the
286 currently executing program was started via execve(2). The
287 entries are separated by null bytes ('\0'), and there may be a
288 null byte at the end. Thus, to print out the environment of
289 process 1, you would do:
290 $ strings /proc/1/environ
292 If, after an execve(2), the process modifies its environment
294 (e.g., by calling functions such as putenv(3) or modifying the
295 environ(7) variable directly), this file will not reflect those
296 changes.
297 Furthermore, a process may change the memory location that this
299 file refers via prctl(2) operations such as PR_SET_MM_ENV_START.
300 Permission to access this file is governed by a ptrace access
302 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
303 /proc/[pid]/exe
305 Under Linux 2.2 and later, this file is a symbolic link contain‐
306 ing the actual pathname of the executed command. This symbolic
307 link can be dereferenced normally; attempting to open it will
308 open the executable. You can even type /proc/[pid]/exe to run
309 another copy of the same executable that is being run by process
310 [pid]. If the pathname has been unlinked, the symbolic link
311 will contain the string '(deleted)' appended to the original
312 pathname. In a multithreaded process, the contents of this sym‐
313 bolic link are not available if the main thread has already ter‐
314 minated (typically by calling pthread_exit(3)).
315 Permission to dereference or read (readlink(2)) this symbolic
317 link is governed by a ptrace access mode
318 PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
319 Under Linux 2.0 and earlier, /proc/[pid]/exe is a pointer to the
321 binary which was executed, and appears as a symbolic link. A
322 readlink(2) call on this file under Linux 2.0 returns a string
323 in the format:
324 [device]:inode
326 For example, [0301]:1502 would be inode 1502 on device major 03
328 (IDE, MFM, etc. drives) minor 01 (first partition on the first
329 drive).
330 find(1) with the -inum option can be used to locate the file.
332 /proc/[pid]/fd/
334 This is a subdirectory containing one entry for each file which
335 the process has open, named by its file descriptor, and which is
336 a symbolic link to the actual file. Thus, 0 is standard input,
337 1 standard output, 2 standard error, and so on.
338 For file descriptors for pipes and sockets, the entries will be
340 symbolic links whose content is the file type with the inode. A
341 readlink(2) call on this file returns a string in the format:
342 type:[inode]
344 For example, socket:[2248868] will be a socket and its inode is
346 2248868. For sockets, that inode can be used to find more
347 information in one of the files under /proc/net/.
348 For file descriptors that have no corresponding inode (e.g.,
350 file descriptors produced by bpf(2), epoll_create(2),
351 eventfd(2), inotify_init(2), perf_event_open(2), signalfd(2),
352 timerfd_create(2), and userfaultfd(2)), the entry will be a sym‐
353 bolic link with contents of the form
354 anon_inode:<file-type>
356 In many cases (but not all), the file-type is surrounded by
358 square brackets.
359 For example, an epoll file descriptor will have a symbolic link
361 whose content is the string anon_inode:[eventpoll].
362 In a multithreaded process, the contents of this directory are
364 not available if the main thread has already terminated (typi‐
365 cally by calling pthread_exit(3)).
366 Programs that take a filename as a command-line argument, but
368 don't take input from standard input if no argument is supplied,
369 and programs that write to a file named as a command-line argu‐
370 ment, but don't send their output to standard output if no argu‐
371 ment is supplied, can nevertheless be made to use standard input
372 or standard output by using /proc/[pid]/fd files as command-line
373 arguments. For example, assuming that -i is the flag designat‐
374 ing an input file and -o is the flag designating an output file:
375 $ foobar -i /proc/self/fd/0 -o /proc/self/fd/1 ...
377 and you have a working filter.
379 /proc/self/fd/N is approximately the same as /dev/fd/N in some
381 UNIX and UNIX-like systems. Most Linux MAKEDEV scripts symboli‐
382 cally link /dev/fd to /proc/self/fd, in fact.
383 Most systems provide symbolic links /dev/stdin, /dev/stdout, and
385 /dev/stderr, which respectively link to the files 0, 1, and 2 in
386 /proc/self/fd. Thus the example command above could be written
387 as:
388 $ foobar -i /dev/stdin -o /dev/stdout ...
390 Permission to dereference or read (readlink(2)) the symbolic
392 links in this directory is governed by a ptrace access mode
393 PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
394 Note that for file descriptors referring to inodes (pipes and
396 sockets, see above), those inodes still have permission bits and
397 ownership information distinct from those of the /proc/[pid]/fd
398 entry, and that the owner may differ from the user and group IDs
399 of the process. An unprivileged process may lack permissions to
400 open them, as in this example:
401 $ echo test | sudo -u nobody cat
403 test
404 $ echo test | sudo -u nobody cat /proc/self/fd/0
405 cat: /proc/self/fd/0: Permission denied
406 File descriptor 0 refers to the pipe created by the shell and
408 owned by that shell's user, which is not nobody, so cat does not
409 have permission to create a new file descriptor to read from
410 that inode, even though it can still read from its existing file
411 descriptor 0.
412 /proc/[pid]/fdinfo/ (since Linux 2.6.22)
414 This is a subdirectory containing one entry for each file which
415 the process has open, named by its file descriptor. The files
416 in this directory are readable only by the owner of the process.
417 The contents of each file can be read to obtain information
418 about the corresponding file descriptor. The content depends on
419 the type of file referred to by the corresponding file descrip‐
420 tor.
421 For regular files and directories, we see something like:
423 $ cat /proc/12015/fdinfo/4
425 pos: 1000
426 flags: 01002002
427 mnt_id: 21
428 The fields are as follows:
430 pos This is a decimal number showing the file offset.
432 flags This is an octal number that displays the file access
434 mode and file status flags (see open(2)). If the close-
435 on-exec file descriptor flag is set, then flags will also
436 include the value O_CLOEXEC.
437 Before Linux 3.1, this field incorrectly displayed the
439 setting of O_CLOEXEC at the time the file was opened,
440 rather than the current setting of the close-on-exec
441 flag.
442 mnt_id This field, present since Linux 3.15, is the ID of the
444 mount point containing this file. See the description of
445 /proc/[pid]/mountinfo.
446 For eventfd file descriptors (see eventfd(2)), we see (since
448 Linux 3.8) the following fields:
449 pos: 0
451 flags: 02
452 mnt_id: 10
453 eventfd-count: 40
454 eventfd-count is the current value of the eventfd counter, in
456 hexadecimal.
457 For epoll file descriptors (see epoll(7)), we see (since Linux
459 3.8) the following fields:
460 pos: 0
462 flags: 02
463 mnt_id: 10
464 tfd: 9 events: 19 data: 74253d2500000009
465 tfd: 7 events: 19 data: 74253d2500000007
466 Each of the lines beginning tfd describes one of the file
468 descriptors being monitored via the epoll file descriptor (see
469 epoll_ctl(2) for some details). The tfd field is the number of
470 the file descriptor. The events field is a hexadecimal mask of
471 the events being monitored for this file descriptor. The data
472 field is the data value associated with this file descriptor.
473 For signalfd file descriptors (see signalfd(2)), we see (since
475 Linux 3.8) the following fields:
476 pos: 0
478 flags: 02
479 mnt_id: 10
480 sigmask: 0000000000000006
481 sigmask is the hexadecimal mask of signals that are accepted via
483 this signalfd file descriptor. (In this example, bits 2 and 3
484 are set, corresponding to the signals SIGINT and SIGQUIT; see
485 signal(7).)
486 For inotify file descriptors (see inotify(7)), we see (since
488 Linux 3.8) the following fields:
489 pos: 0
491 flags: 00
492 mnt_id: 11
493 inotify wd:2 ino:7ef82a sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:2af87e00220ffd73
494 inotify wd:1 ino:192627 sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:27261900802dfd73
495 Each of the lines beginning with "inotify" displays information
497 about one file or directory that is being monitored. The fields
498 in this line are as follows:
499 wd A watch descriptor number (in decimal).
501 ino The inode number of the target file (in hexadecimal).
503 sdev The ID of the device where the target file resides (in
505 hexadecimal).
506 mask The mask of events being monitored for the target file
508 (in hexadecimal).
509 If the kernel was built with exportfs support, the path to the
511 target file is exposed as a file handle, via three hexadecimal
512 fields: fhandle-bytes, fhandle-type, and f_handle.
513 For fanotify file descriptors (see fanotify(7)), we see (since
515 Linux 3.8) the following fields:
516 pos: 0
518 flags: 02
519 mnt_id: 11
520 fanotify flags:0 event-flags:88002
521 fanotify ino:19264f sdev:800001 mflags:0 mask:1 ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:4f261900a82dfd73
522 The fourth line displays information defined when the fanotify
524 group was created via fanotify_init(2):
525 flags The flags argument given to fanotify_init(2) (expressed
527 in hexadecimal).
528 event-flags
530 The event_f_flags argument given to fanotify_init(2)
531 (expressed in hexadecimal).
532 Each additional line shown in the file contains information
534 about one of the marks in the fanotify group. Most of these
535 fields are as for inotify, except:
536 mflags The flags associated with the mark (expressed in hexadec‐
538 imal).
539 mask The events mask for this mark (expressed in hexadecimal).
541 ignored_mask
543 The mask of events that are ignored for this mark
544 (expressed in hexadecimal).
545 For details on these fields, see fanotify_mark(2).
547 /proc/[pid]/gid_map (since Linux 3.5)
549 See user_namespaces(7).
550 /proc/[pid]/io (since kernel 2.6.20)
552 This file contains I/O statistics for the process, for example:
553 # cat /proc/3828/io
555 rchar: 323934931
556 wchar: 323929600
557 syscr: 632687
558 syscw: 632675
559 read_bytes: 0
560 write_bytes: 323932160
561 cancelled_write_bytes: 0
562 The fields are as follows:
564 rchar: characters read
566 The number of bytes which this task has caused to be read
567 from storage. This is simply the sum of bytes which this
568 process passed to read(2) and similar system calls. It
569 includes things such as terminal I/O and is unaffected by
570 whether or not actual physical disk I/O was required (the
571 read might have been satisfied from pagecache).
572 wchar: characters written
574 The number of bytes which this task has caused, or shall
575 cause to be written to disk. Similar caveats apply here
576 as with rchar.
577 syscr: read syscalls
579 Attempt to count the number of read I/O operations—that
580 is, system calls such as read(2) and pread(2).
581 syscw: write syscalls
583 Attempt to count the number of write I/O operations—that
584 is, system calls such as write(2) and pwrite(2).
585 read_bytes: bytes read
587 Attempt to count the number of bytes which this process
588 really did cause to be fetched from the storage layer.
589 This is accurate for block-backed filesystems.
590 write_bytes: bytes written
592 Attempt to count the number of bytes which this process
593 caused to be sent to the storage layer.
594 cancelled_write_bytes:
596 The big inaccuracy here is truncate. If a process writes
597 1MB to a file and then deletes the file, it will in fact
598 perform no writeout. But it will have been accounted as
599 having caused 1MB of write. In other words: this field
600 represents the number of bytes which this process caused
601 to not happen, by truncating pagecache. A task can cause
602 "negative" I/O too. If this task truncates some dirty
603 pagecache, some I/O which another task has been accounted
604 for (in its write_bytes) will not be happening.
605 Note: In the current implementation, things are a bit racy on
607 32-bit systems: if process A reads process B's /proc/[pid]/io
608 while process B is updating one of these 64-bit counters,
609 process A could see an intermediate result.
610 Permission to access this file is governed by a ptrace access
612 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
613 /proc/[pid]/limits (since Linux 2.6.24)
615 This file displays the soft limit, hard limit, and units of mea‐
616 surement for each of the process's resource limits (see getr‐
617 limit(2)). Up to and including Linux 2.6.35, this file is pro‐
618 tected to allow reading only by the real UID of the process.
619 Since Linux 2.6.36, this file is readable by all users on the
620 system.
621 /proc/[pid]/map_files/ (since kernel 3.3)
623 This subdirectory contains entries corresponding to memory-
624 mapped files (see mmap(2)). Entries are named by memory region
625 start and end address pair (expressed as hexadecimal numbers),
626 and are symbolic links to the mapped files themselves. Here is
627 an example, with the output wrapped and reformatted to fit on an
628 80-column display:
629 # ls -l /proc/self/map_files/
631 lr--------. 1 root root 64 Apr 16 21:31
632 3252e00000-3252e20000 -> /usr/lib64/ld-2.15.so
633 ...
634 Although these entries are present for memory regions that were
636 mapped with the MAP_FILE flag, the way anonymous shared memory
637 (regions created with the MAP_ANON | MAP_SHARED flags) is imple‐
638 mented in Linux means that such regions also appear on this
639 directory. Here is an example where the target file is the
640 deleted /dev/zero one:
641 lrw-------. 1 root root 64 Apr 16 21:33
643 7fc075d2f000-7fc075e6f000 -> /dev/zero (deleted)
644 This directory appears only if the CONFIG_CHECKPOINT_RESTORE
646 kernel configuration option is enabled. Privilege
647 (CAP_SYS_ADMIN) is required to view the contents of this direc‐
648 tory.
649 /proc/[pid]/maps
651 A file containing the currently mapped memory regions and their
652 access permissions. See mmap(2) for some further information
653 about memory mappings.
654 Permission to access this file is governed by a ptrace access
656 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
657 The format of the file is:
659 address perms offset dev inode pathname
661 00400000-00452000 r-xp 00000000 08:02 173521 /usr/bin/dbus-daemon
662 00651000-00652000 r--p 00051000 08:02 173521 /usr/bin/dbus-daemon
663 00652000-00655000 rw-p 00052000 08:02 173521 /usr/bin/dbus-daemon
664 00e03000-00e24000 rw-p 00000000 00:00 0 [heap]
665 00e24000-011f7000 rw-p 00000000 00:00 0 [heap]
666 ...
667 35b1800000-35b1820000 r-xp 00000000 08:02 135522 /usr/lib64/ld-2.15.so
668 35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522 /usr/lib64/ld-2.15.so
669 35b1a20000-35b1a21000 rw-p 00020000 08:02 135522 /usr/lib64/ld-2.15.so
670 35b1a21000-35b1a22000 rw-p 00000000 00:00 0
671 35b1c00000-35b1dac000 r-xp 00000000 08:02 135870 /usr/lib64/libc-2.15.so
672 35b1dac000-35b1fac000 ---p 001ac000 08:02 135870 /usr/lib64/libc-2.15.so
673 35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870 /usr/lib64/libc-2.15.so
674 35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870 /usr/lib64/libc-2.15.so
675 ...
676 f2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0 [stack:986]
677 ...
678 7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0 [stack]
679 7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0 [vdso]
680 The address field is the address space in the process that the
682 mapping occupies. The perms field is a set of permissions:
683 r = read
685 w = write
686 x = execute
687 s = shared
688 p = private (copy on write)
689 The offset field is the offset into the file/whatever; dev is
691 the device (major:minor); inode is the inode on that device. 0
692 indicates that no inode is associated with the memory region, as
693 would be the case with BSS (uninitialized data).
694 The pathname field will usually be the file that is backing the
696 mapping. For ELF files, you can easily coordinate with the off‐
697 set field by looking at the Offset field in the ELF program
698 headers (readelf -l).
699 There are additional helpful pseudo-paths:
701 [stack]
703 The initial process's (also known as the main
704 thread's) stack.
705 [stack:<tid>] (since Linux 3.4)
707 A thread's stack (where the <tid> is a thread ID).
708 It corresponds to the /proc/[pid]/task/[tid]/ path.
709 [vdso] The virtual dynamically linked shared object. See
711 vdso(7).
712 [heap] The process's heap.
714 If the pathname field is blank, this is an anonymous mapping as
716 obtained via mmap(2). There is no easy way to coordinate this
717 back to a process's source, short of running it through gdb(1),
718 strace(1), or similar.
719 Under Linux 2.0, there is no field giving pathname.
721 /proc/[pid]/mem
723 This file can be used to access the pages of a process's memory
724 through open(2), read(2), and lseek(2).
725 Permission to access this file is governed by a ptrace access
727 mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
728 /proc/[pid]/mountinfo (since Linux 2.6.26)
730 This file contains information about mount points in the
731 process's mount namespace (see mount_namespaces(7)). It sup‐
732 plies various information (e.g., propagation state, root of
733 mount for bind mounts, identifier for each mount and its parent)
734 that is missing from the (older) /proc/[pid]/mounts file, and
735 fixes various other problems with that file (e.g., nonextensi‐
736 bility, failure to distinguish per-mount versus per-superblock
737 options).
738 The file contains lines of the form:
74036 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
742(1)(2)(3) (4) (5) (6) (7) (8) (9) (10) (11)
743 The numbers in parentheses are labels for the descriptions
745 below:
746 (1) mount ID: a unique ID for the mount (may be reused after
748 umount(2)).
749 (2) parent ID: the ID of the parent mount (or of self for the
751 root of this mount namespace's mount tree).
752 If the parent mount point lies outside the process's root
754 directory (see chroot(2)), the ID shown here won't have a
755 corresponding record in mountinfo whose mount ID (field 1)
756 matches this parent mount ID (because mount points that lie
757 outside the process's root directory are not shown in
758 mountinfo). As a special case of this point, the process's
759 root mount point may have a parent mount (for the initramfs
760 filesystem) that lies outside the process's root directory,
761 and an entry for that mount point will not appear in
762 mountinfo.
763 (3) major:minor: the value of st_dev for files on this filesys‐
765 tem (see stat(2)).
766 (4) root: the pathname of the directory in the filesystem which
768 forms the root of this mount.
769 (5) mount point: the pathname of the mount point relative to
771 the process's root directory.
772 (6) mount options: per-mount options.
774 (7) optional fields: zero or more fields of the form
776 "tag[:value]"; see below.
777 (8) separator: the end of the optional fields is marked by a
779 single hyphen.
780 (9) filesystem type: the filesystem type in the form
782 "type[.subtype]".
783 (10) mount source: filesystem-specific information or "none".
785 (11) super options: per-superblock options.
787 Currently, the possible optional fields are shared, master,
789 propagate_from, and unbindable. See mount_namespaces(7) for a
790 description of these fields. Parsers should ignore all unrecog‐
791 nized optional fields.
792 For more information on mount propagation see: Documenta‐
794 tion/filesystems/sharedsubtree.txt in the Linux kernel source
795 tree.
796 /proc/[pid]/mounts (since Linux 2.4.19)
798 This file lists all the filesystems currently mounted in the
799 process's mount namespace (see mount_namespaces(7)). The format
800 of this file is documented in fstab(5).
801 Since kernel version 2.6.15, this file is pollable: after open‐
803 ing the file for reading, a change in this file (i.e., a
804 filesystem mount or unmount) causes select(2) to mark the file
805 descriptor as having an exceptional condition, and poll(2) and
806 epoll_wait(2) mark the file as having a priority event (POLL‐
807 PRI). (Before Linux 2.6.30, a change in this file was indicated
808 by the file descriptor being marked as readable for select(2),
809 and being marked as having an error condition for poll(2) and
810 epoll_wait(2).)
811 /proc/[pid]/mountstats (since Linux 2.6.17)
813 This file exports information (statistics, configuration infor‐
814 mation) about the mount points in the process's mount namespace
815 (see mount_namespaces(7)). Lines in this file have the form:
816 device /dev/sda7 mounted on /home with fstype ext3 [statistics]
818 ( 1 ) ( 2 ) (3 ) (4)
819 The fields in each line are:
821 (1) The name of the mounted device (or "nodevice" if there is
823 no corresponding device).
824 (2) The mount point within the filesystem tree.
826 (3) The filesystem type.
828 (4) Optional statistics and configuration information. Cur‐
830 rently (as at Linux 2.6.26), only NFS filesystems export
831 information via this field.
832 This file is readable only by the owner of the process.
834 /proc/[pid]/net (since Linux 2.6.25)
836 See the description of /proc/net.
837 /proc/[pid]/ns/ (since Linux 3.0)
839 This is a subdirectory containing one entry for each namespace
840 that supports being manipulated by setns(2). For more informa‐
841 tion, see namespaces(7).
842 /proc/[pid]/numa_maps (since Linux 2.6.14)
844 See numa(7).
845 /proc/[pid]/oom_adj (since Linux 2.6.11)
847 This file can be used to adjust the score used to select which
848 process should be killed in an out-of-memory (OOM) situation.
849 The kernel uses this value for a bit-shift operation of the
850 process's oom_score value: valid values are in the range -16 to
851 +15, plus the special value -17, which disables OOM-killing
852 altogether for this process. A positive score increases the
853 likelihood of this process being killed by the OOM-killer; a
854 negative score decreases the likelihood.
855 The default value for this file is 0; a new process inherits its
857 parent's oom_adj setting. A process must be privileged
858 (CAP_SYS_RESOURCE) to update this file.
859 Since Linux 2.6.36, use of this file is deprecated in favor of
861 /proc/[pid]/oom_score_adj.
862 /proc/[pid]/oom_score (since Linux 2.6.11)
864 This file displays the current score that the kernel gives to
865 this process for the purpose of selecting a process for the OOM-
866 killer. A higher score means that the process is more likely to
867 be selected by the OOM-killer. The basis for this score is the
868 amount of memory used by the process, with increases (+) or
869 decreases (-) for factors including:
870 * whether the process is privileged (-).
872 Before kernel 2.6.36 the following factors were also used in the
874 calculation of oom_score:
875 * whether the process creates a lot of children using fork(2)
877 (+);
878 * whether the process has been running a long time, or has used
880 a lot of CPU time (-);
881 * whether the process has a low nice value (i.e., > 0) (+); and
883 * whether the process is making direct hardware access (-).
885 The oom_score also reflects the adjustment specified by the
887 oom_score_adj or oom_adj setting for the process.
888 /proc/[pid]/oom_score_adj (since Linux 2.6.36)
890 This file can be used to adjust the badness heuristic used to
891 select which process gets killed in out-of-memory conditions.
892 The badness heuristic assigns a value to each candidate task
894 ranging from 0 (never kill) to 1000 (always kill) to determine
895 which process is targeted. The units are roughly a proportion
896 along that range of allowed memory the process may allocate
897 from, based on an estimation of its current memory and swap use.
898 For example, if a task is using all allowed memory, its badness
899 score will be 1000. If it is using half of its allowed memory,
900 its score will be 500.
901 There is an additional factor included in the badness score:
903 root processes are given 3% extra memory over other tasks.
904 The amount of "allowed" memory depends on the context in which
906 the OOM-killer was called. If it is due to the memory assigned
907 to the allocating task's cpuset being exhausted, the allowed
908 memory represents the set of mems assigned to that cpuset (see
909 cpuset(7)). If it is due to a mempolicy's node(s) being
910 exhausted, the allowed memory represents the set of mempolicy
911 nodes. If it is due to a memory limit (or swap limit) being
912 reached, the allowed memory is that configured limit. Finally,
913 if it is due to the entire system being out of memory, the
914 allowed memory represents all allocatable resources.
915 The value of oom_score_adj is added to the badness score before
917 it is used to determine which task to kill. Acceptable values
918 range from -1000 (OOM_SCORE_ADJ_MIN) to +1000
919 (OOM_SCORE_ADJ_MAX). This allows user space to control the
920 preference for OOM-killing, ranging from always preferring a
921 certain task or completely disabling it from OOM killing. The
922 lowest possible value, -1000, is equivalent to disabling OOM-
923 killing entirely for that task, since it will always report a
924 badness score of 0.
925 Consequently, it is very simple for user space to define the
927 amount of memory to consider for each task. Setting an
928 oom_score_adj value of +500, for example, is roughly equivalent
929 to allowing the remainder of tasks sharing the same system,
930 cpuset, mempolicy, or memory controller resources to use at
931 least 50% more memory. A value of -500, on the other hand,
932 would be roughly equivalent to discounting 50% of the task's
933 allowed memory from being considered as scoring against the
934 task.
935 For backward compatibility with previous kernels,
937 /proc/[pid]/oom_adj can still be used to tune the badness score.
938 Its value is scaled linearly with oom_score_adj.
939 Writing to /proc/[pid]/oom_score_adj or /proc/[pid]/oom_adj will
941 change the other with its scaled value.
942 /proc/[pid]/pagemap (since Linux 2.6.25)
944 This file shows the mapping of each of the process's virtual
945 pages into physical page frames or swap area. It contains one
946 64-bit value for each virtual page, with the bits set as fol‐
947 lows:
948 63 If set, the page is present in RAM.
950 62 If set, the page is in swap space
952 61 (since Linux 3.5)
954 The page is a file-mapped page or a shared anonymous
955 page.
956 60–57 (since Linux 3.11)
958 Zero
959 56 (since Linux 4.2)
961 The page is exclusively mapped.
962 55 (since Linux 3.11)
964 PTE is soft-dirty (see the kernel source file Docu‐
965 mentation/vm/soft-dirty.txt).
966 54–0 If the page is present in RAM (bit 63), then these
968 bits provide the page frame number, which can be
969 used to index /proc/kpageflags and /proc/kpagecount.
970 If the page is present in swap (bit 62), then bits
971 4–0 give the swap type, and bits 54–5 encode the
972 swap offset.
973 Before Linux 3.11, bits 60–55 were used to encode the base-2 log
975 of the page size.
976 To employ /proc/[pid]/pagemap efficiently, use /proc/[pid]/maps
978 to determine which areas of memory are actually mapped and seek
979 to skip over unmapped regions.
980 The /proc/[pid]/pagemap file is present only if the CON‐
982 FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
983 Permission to access this file is governed by a ptrace access
985 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
986 /proc/[pid]/personality (since Linux 2.6.28)
988 This read-only file exposes the process's execution domain, as
989 set by personality(2). The value is displayed in hexadecimal
990 notation.
991 Permission to access this file is governed by a ptrace access
993 mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
994 /proc/[pid]/root
996 UNIX and Linux support the idea of a per-process root of the
997 filesystem, set by the chroot(2) system call. This file is a
998 symbolic link that points to the process's root directory, and
999 behaves in the same way as exe, and fd/*.
1000 Note however that this file is not merely a symbolic link. It
1002 provides the same view of the filesystem (including namespaces
1003 and the set of per-process mounts) as the process itself. An
1004 example illustrates this point. In one terminal, we start a
1005 shell in new user and mount namespaces, and in that shell we
1006 create some new mount points:
1007 $ PS1='sh1# ' unshare -Urnm
1009 sh1# mount -t tmpfs tmpfs /etc # Mount empty tmpfs at /etc
1010 sh1# mount --bind /usr /dev # Mount /usr at /dev
1011 sh1# echo $$
1012 27123
1013 In a second terminal window, in the initial mount namespace, we
1015 look at the contents of the corresponding mounts in the initial
1016 and new namespaces:
1017 $ PS1='sh2# ' sudo sh
1019 sh2# ls /etc | wc -l # In initial NS
1020 309
1021 sh2# ls /proc/27123/root/etc | wc -l # /etc in other NS
1022 0 # The empty tmpfs dir
1023 sh2# ls /dev | wc -l # In initial NS
1024 205
1025 sh2# ls /proc/27123/root/dev | wc -l # /dev in other NS
1026 11 # Actually bind
1027 # mounted to /usr
1028 sh2# ls /usr | wc -l # /usr in initial NS
1029 11
1030 In a multithreaded process, the contents of the /proc/[pid]/root
1032 symbolic link are not available if the main thread has already
1033 terminated (typically by calling pthread_exit(3)).
1034 Permission to dereference or read (readlink(2)) this symbolic
1036 link is governed by a ptrace access mode
1037 PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1038 /proc/[pid]/seccomp (Linux 2.6.12 to 2.6.22)
1040 This file can be used to read and change the process's secure
1041 computing (seccomp) mode setting. It contains the value 0 if
1042 the process is not in seccomp mode, and 1 if the process is in
1043 strict seccomp mode (see seccomp(2)). Writing 1 to this file
1044 places the process irreversibly in strict seccomp mode. (Fur‐
1045 ther attempts to write to the file fail with the EPERM error.)
1046 In Linux 2.6.23, this file went away, to be replaced by the
1048 prctl(2) PR_GET_SECCOMP and PR_SET_SECCOMP operations (and later
1049 by seccomp(2) and the Seccomp field in /proc/[pid]/status).
1050 /proc/[pid]/setgroups (since Linux 3.19)
1052 See user_namespaces(7).
1053 /proc/[pid]/smaps (since Linux 2.6.14)
1055 This file shows memory consumption for each of the process's
1056 mappings. (The pmap(1) command displays similar information, in
1057 a form that may be easier for parsing.) For each mapping there
1058 is a series of lines such as the following:
1059 00400000-0048a000 r-xp 00000000 fd:03 960637 /bin/bash
1061 Size: 552 kB
1062 Rss: 460 kB
1063 Pss: 100 kB
1064 Shared_Clean: 452 kB
1065 Shared_Dirty: 0 kB
1066 Private_Clean: 8 kB
1067 Private_Dirty: 0 kB
1068 Referenced: 460 kB
1069 Anonymous: 0 kB
1070 AnonHugePages: 0 kB
1071 ShmemHugePages: 0 kB
1072 ShmemPmdMapped: 0 kB
1073 Swap: 0 kB
1074 KernelPageSize: 4 kB
1075 MMUPageSize: 4 kB
1076 KernelPageSize: 4 kB
1077 MMUPageSize: 4 kB
1078 Locked: 0 kB
1079 ProtectionKey: 0
1080 VmFlags: rd ex mr mw me dw
1081 The first of these lines shows the same information as is dis‐
1083 played for the mapping in /proc/[pid]/maps. The following lines
1084 show the size of the mapping, the amount of the mapping that is
1085 currently resident in RAM ("Rss"), the process's proportional
1086 share of this mapping ("Pss"), the number of clean and dirty
1087 shared pages in the mapping, and the number of clean and dirty
1088 private pages in the mapping. "Referenced" indicates the amount
1089 of memory currently marked as referenced or accessed. "Anony‐
1090 mous" shows the amount of memory that does not belong to any
1091 file. "Swap" shows how much would-be-anonymous memory is also
1092 used, but out on swap.
1093 The "KernelPageSize" line (available since Linux 2.6.29) is the
1095 page size used by the kernel to back the virtual memory area.
1096 This matches the size used by the MMU in the majority of cases.
1097 However, one counter-example occurs on PPC64 kernels whereby a
1098 kernel using 64kB as a base page size may still use 4kB pages
1099 for the MMU on older processors. To distinguish the two
1100 attributes, the "MMUPageSize" line (also available since Linux
1101 2.6.29) reports the page size used by the MMU.
1102 The "Locked" indicates whether the mapping is locked in memory
1104 or not.
1105 The "ProtectionKey" line (available since Linux 4.9, on x86
1107 only) contains the memory protection key (see pkeys(7)) associ‐
1108 ated with the virtual memory area. This entry is present only
1109 if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
1110 TION_KEYS configuration option.
1111 The "VmFlags" line (available since Linux 3.8) represents the
1113 kernel flags associated with the virtual memory area, encoded
1114 using the following two-letter codes:
1115 rd - readable
1117 wr - writable
1118 ex - executable
1119 sh - shared
1120 mr - may read
1121 mw - may write
1122 me - may execute
1123 ms - may share
1124 gd - stack segment grows down
1125 pf - pure PFN range
1126 dw - disabled write to the mapped file
1127 lo - pages are locked in memory
1128 io - memory mapped I/O area
1129 sr - sequential read advise provided
1130 rr - random read advise provided
1131 dc - do not copy area on fork
1132 de - do not expand area on remapping
1133 ac - area is accountable
1134 nr - swap space is not reserved for the area
1135 ht - area uses huge tlb pages
1136 nl - non-linear mapping
1137 ar - architecture specific flag
1138 dd - do not include area into core dump
1139 sd - soft-dirty flag
1140 mm - mixed map area
1141 hg - huge page advise flag
1142 nh - no-huge page advise flag
1143 mg - mergeable advise flag
1144 "ProtectionKey" field contains the memory protection key (see
1146 pkeys(5)) associated with the virtual memory area. Present only
1147 if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
1148 TION_KEYS configuration option. (since Linux 4.6)
1149 The /proc/[pid]/smaps file is present only if the CON‐
1151 FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1152 /proc/[pid]/stack (since Linux 2.6.29)
1154 This file provides a symbolic trace of the function calls in
1155 this process's kernel stack. This file is provided only if the
1156 kernel was built with the CONFIG_STACKTRACE configuration
1157 option.
1158 Permission to access this file is governed by a ptrace access
1160 mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1161 /proc/[pid]/stat
1163 Status information about the process. This is used by ps(1).
1164 It is defined in the kernel source file fs/proc/array.c.
1165 The fields, in order, with their proper scanf(3) format speci‐
1167 fiers, are listed below. Whether or not certain of these fields
1168 display valid information is governed by a ptrace access mode
1169 PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT check (refer to
1170 ptrace(2)). If the check denies access, then the field value is
1171 displayed as 0. The affected fields are indicated with the
1172 marking [PT].
1173 (1) pid %d
1175 The process ID.
1176 (2) comm %s
1178 The filename of the executable, in parentheses. This
1179 is visible whether or not the executable is swapped
1180 out.
1181 (3) state %c
1183 One of the following characters, indicating process
1184 state:
1185 R Running
1187 S Sleeping in an interruptible wait
1189 D Waiting in uninterruptible disk sleep
1191 Z Zombie
1193 T Stopped (on a signal) or (before Linux 2.6.33)
1195 trace stopped
1196 t Tracing stop (Linux 2.6.33 onward)
1198 W Paging (only before Linux 2.6.0)
1200 X Dead (from Linux 2.6.0 onward)
1202 x Dead (Linux 2.6.33 to 3.13 only)
1204 K Wakekill (Linux 2.6.33 to 3.13 only)
1206 W Waking (Linux 2.6.33 to 3.13 only)
1208 P Parked (Linux 3.9 to 3.13 only)
1210 (4) ppid %d
1212 The PID of the parent of this process.
1213 (5) pgrp %d
1215 The process group ID of the process.
1216 (6) session %d
1218 The session ID of the process.
1219 (7) tty_nr %d
1221 The controlling terminal of the process. (The minor
1222 device number is contained in the combination of bits
1223 31 to 20 and 7 to 0; the major device number is in
1224 bits 15 to 8.)
1225 (8) tpgid %d
1227 The ID of the foreground process group of the control‐
1228 ling terminal of the process.
1229 (9) flags %u
1231 The kernel flags word of the process. For bit mean‐
1232 ings, see the PF_* defines in the Linux kernel source
1233 file include/linux/sched.h. Details depend on the
1234 kernel version.
1235 The format for this field was %lu before Linux 2.6.
1237 (10) minflt %lu
1239 The number of minor faults the process has made which
1240 have not required loading a memory page from disk.
1241 (11) cminflt %lu
1243 The number of minor faults that the process's waited-
1244 for children have made.
1245 (12) majflt %lu
1247 The number of major faults the process has made which
1248 have required loading a memory page from disk.
1249 (13) cmajflt %lu
1251 The number of major faults that the process's waited-
1252 for children have made.
1253 (14) utime %lu
1255 Amount of time that this process has been scheduled in
1256 user mode, measured in clock ticks (divide by
1257 sysconf(_SC_CLK_TCK)). This includes guest time,
1258 guest_time (time spent running a virtual CPU, see
1259 below), so that applications that are not aware of the
1260 guest time field do not lose that time from their cal‐
1261 culations.
1262 (15) stime %lu
1264 Amount of time that this process has been scheduled in
1265 kernel mode, measured in clock ticks (divide by
1266 sysconf(_SC_CLK_TCK)).
1267 (16) cutime %ld
1269 Amount of time that this process's waited-for children
1270 have been scheduled in user mode, measured in clock
1271 ticks (divide by sysconf(_SC_CLK_TCK)). (See also
1272 times(2).) This includes guest time, cguest_time
1273 (time spent running a virtual CPU, see below).
1274 (17) cstime %ld
1276 Amount of time that this process's waited-for children
1277 have been scheduled in kernel mode, measured in clock
1278 ticks (divide by sysconf(_SC_CLK_TCK)).
1279 (18) priority %ld
1281 (Explanation for Linux 2.6) For processes running a
1282 real-time scheduling policy (policy below; see
1283 sched_setscheduler(2)), this is the negated scheduling
1284 priority, minus one; that is, a number in the range -2
1285 to -100, corresponding to real-time priorities 1 to
1286 99. For processes running under a non-real-time
1287 scheduling policy, this is the raw nice value (setpri‐
1288 ority(2)) as represented in the kernel. The kernel
1289 stores nice values as numbers in the range 0 (high) to
1290 39 (low), corresponding to the user-visible nice range
1291 of -20 to 19.
1292 Before Linux 2.6, this was a scaled value based on the
1294 scheduler weighting given to this process.
1295 (19) nice %ld
1297 The nice value (see setpriority(2)), a value in the
1298 range 19 (low priority) to -20 (high priority).
1299 (20) num_threads %ld
1301 Number of threads in this process (since Linux 2.6).
1302 Before kernel 2.6, this field was hard coded to 0 as a
1303 placeholder for an earlier removed field.
1304 (21) itrealvalue %ld
1306 The time in jiffies before the next SIGALRM is sent to
1307 the process due to an interval timer. Since kernel
1308 2.6.17, this field is no longer maintained, and is
1309 hard coded as 0.
1310 (22) starttime %llu
1312 The time the process started after system boot. In
1313 kernels before Linux 2.6, this value was expressed in
1314 jiffies. Since Linux 2.6, the value is expressed in
1315 clock ticks (divide by sysconf(_SC_CLK_TCK)).
1316 The format for this field was %lu before Linux 2.6.
1318 (23) vsize %lu
1320 Virtual memory size in bytes.
1321 (24) rss %ld
1323 Resident Set Size: number of pages the process has in
1324 real memory. This is just the pages which count
1325 toward text, data, or stack space. This does not
1326 include pages which have not been demand-loaded in, or
1327 which are swapped out.
1328 (25) rsslim %lu
1330 Current soft limit in bytes on the rss of the process;
1331 see the description of RLIMIT_RSS in getrlimit(2).
1332 (26) startcode %lu [PT]
1334 The address above which program text can run.
1335 (27) endcode %lu [PT]
1337 The address below which program text can run.
1338 (28) startstack %lu [PT]
1340 The address of the start (i.e., bottom) of the stack.
1341 (29) kstkesp %lu [PT]
1343 The current value of ESP (stack pointer), as found in
1344 the kernel stack page for the process.
1345 (30) kstkeip %lu [PT]
1347 The current EIP (instruction pointer).
1348 (31) signal %lu
1350 The bitmap of pending signals, displayed as a decimal
1351 number. Obsolete, because it does not provide infor‐
1352 mation on real-time signals; use /proc/[pid]/status
1353 instead.
1354 (32) blocked %lu
1356 The bitmap of blocked signals, displayed as a decimal
1357 number. Obsolete, because it does not provide infor‐
1358 mation on real-time signals; use /proc/[pid]/status
1359 instead.
1360 (33) sigignore %lu
1362 The bitmap of ignored signals, displayed as a decimal
1363 number. Obsolete, because it does not provide infor‐
1364 mation on real-time signals; use /proc/[pid]/status
1365 instead.
1366 (34) sigcatch %lu
1368 The bitmap of caught signals, displayed as a decimal
1369 number. Obsolete, because it does not provide infor‐
1370 mation on real-time signals; use /proc/[pid]/status
1371 instead.
1372 (35) wchan %lu [PT]
1374 This is the "channel" in which the process is waiting.
1375 It is the address of a location in the kernel where
1376 the process is sleeping. The corresponding symbolic
1377 name can be found in /proc/[pid]/wchan.
1378 (36) nswap %lu
1380 Number of pages swapped (not maintained).
1381 (37) cnswap %lu
1383 Cumulative nswap for child processes (not maintained).
1384 (38) exit_signal %d (since Linux 2.1.22)
1386 Signal to be sent to parent when we die.
1387 (39) processor %d (since Linux 2.2.8)
1389 CPU number last executed on.
1390 (40) rt_priority %u (since Linux 2.5.19)
1392 Real-time scheduling priority, a number in the range 1
1393 to 99 for processes scheduled under a real-time pol‐
1394 icy, or 0, for non-real-time processes (see
1395 sched_setscheduler(2)).
1396 (41) policy %u (since Linux 2.5.19)
1398 Scheduling policy (see sched_setscheduler(2)). Decode
1399 using the SCHED_* constants in linux/sched.h.
1400 The format for this field was %lu before Linux 2.6.22.
1402 (42) delayacct_blkio_ticks %llu (since Linux 2.6.18)
1404 Aggregated block I/O delays, measured in clock ticks
1405 (centiseconds).
1406 (43) guest_time %lu (since Linux 2.6.24)
1408 Guest time of the process (time spent running a vir‐
1409 tual CPU for a guest operating system), measured in
1410 clock ticks (divide by sysconf(_SC_CLK_TCK)).
1411 (44) cguest_time %ld (since Linux 2.6.24)
1413 Guest time of the process's children, measured in
1414 clock ticks (divide by sysconf(_SC_CLK_TCK)).
1415 (45) start_data %lu (since Linux 3.3) [PT]
1417 Address above which program initialized and uninitial‐
1418 ized (BSS) data are placed.
1419 (46) end_data %lu (since Linux 3.3) [PT]
1421 Address below which program initialized and uninitial‐
1422 ized (BSS) data are placed.
1423 (47) start_brk %lu (since Linux 3.3) [PT]
1425 Address above which program heap can be expanded with
1426 brk(2).
1427 (48) arg_start %lu (since Linux 3.5) [PT]
1429 Address above which program command-line arguments
1430 (argv) are placed.
1431 (49) arg_end %lu (since Linux 3.5) [PT]
1433 Address below program command-line arguments (argv)
1434 are placed.
1435 (50) env_start %lu (since Linux 3.5) [PT]
1437 Address above which program environment is placed.
1438 (51) env_end %lu (since Linux 3.5) [PT]
1440 Address below which program environment is placed.
1441 (52) exit_code %d (since Linux 3.5) [PT]
1443 The thread's exit status in the form reported by wait‐
1444 pid(2).
1445 /proc/[pid]/statm
1447 Provides information about memory usage, measured in pages. The
1448 columns are:
1449 size (1) total program size
1451 (same as VmSize in /proc/[pid]/status)
1452 resident (2) resident set size
1453 (same as VmRSS in /proc/[pid]/status)
1454 shared (3) number of resident shared pages (i.e., backed by a file)
1455 (same as RssFile+RssShmem in /proc/[pid]/status)
1456 text (4) text (code)
1457 lib (5) library (unused since Linux 2.6; always 0)
1458 data (6) data + stack
1459 dt (7) dirty pages (unused since Linux 2.6; always 0)
1460 /proc/[pid]/status
1462 Provides much of the information in /proc/[pid]/stat and
1463 /proc/[pid]/statm in a format that's easier for humans to parse.
1464 Here's an example:
1465 $ cat /proc/$$/status
1467 Name: bash
1468 Umask: 0022
1469 State: S (sleeping)
1470 Tgid: 17248
1471 Ngid: 0
1472 Pid: 17248
1473 PPid: 17200
1474 TracerPid: 0
1475 Uid: 1000 1000 1000 1000
1476 Gid: 100 100 100 100
1477 FDSize: 256
1478 Groups: 16 33 100
1479 NStgid: 17248
1480 NSpid: 17248
1481 NSpgid: 17248
1482 NSsid: 17200
1483 VmPeak: 131168 kB
1484 VmSize: 131168 kB
1485 VmLck: 0 kB
1486 VmPin: 0 kB
1487 VmHWM: 13484 kB
1488 VmRSS: 13484 kB
1489 RssAnon: 10264 kB
1490 RssFile: 3220 kB
1491 RssShmem: 0 kB
1492 VmData: 10332 kB
1493 VmStk: 136 kB
1494 VmExe: 992 kB
1495 VmLib: 2104 kB
1496 VmPTE: 76 kB
1497 VmPMD: 12 kB
1498 VmSwap: 0 kB
1499 HugetlbPages: 0 kB # 4.4
1500 Threads: 1
1501 SigQ: 0/3067
1502 SigPnd: 0000000000000000
1503 ShdPnd: 0000000000000000
1504 SigBlk: 0000000000010000
1505 SigIgn: 0000000000384004
1506 SigCgt: 000000004b813efb
1507 CapInh: 0000000000000000
1508 CapPrm: 0000000000000000
1509 CapEff: 0000000000000000
1510 CapBnd: ffffffffffffffff
1511 CapAmb: 0000000000000000
1512 NoNewPrivs: 0
1513 Seccomp: 0
1514 Cpus_allowed: 00000001
1515 Cpus_allowed_list: 0
1516 Mems_allowed: 1
1517 Mems_allowed_list: 0
1518 voluntary_ctxt_switches: 150
1519 nonvoluntary_ctxt_switches: 545
1520 The fields are as follows:
1522 * Name: Command run by this process.
1524 * Umask: Process umask, expressed in octal with a leading zero;
1526 see umask(2). (Since Linux 4.7.)
1527 * State: Current state of the process. One of "R (running)", "S
1529 (sleeping)", "D (disk sleep)", "T (stopped)", "T (tracing
1530 stop)", "Z (zombie)", or "X (dead)".
1531 * Tgid: Thread group ID (i.e., Process ID).
1533 * Ngid: NUMA group ID (0 if none; since Linux 3.13).
1535 * Pid: Thread ID (see gettid(2)).
1537 * PPid: PID of parent process.
1539 * TracerPid: PID of process tracing this process (0 if not being
1541 traced).
1542 * Uid, Gid: Real, effective, saved set, and filesystem UIDs
1544 (GIDs).
1545 * FDSize: Number of file descriptor slots currently allocated.
1547 * Groups: Supplementary group list.
1549 * NStgid : Thread group ID (i.e., PID) in each of the PID names‐
1551 paces of which [pid] is a member. The leftmost entry shows
1552 the value with respect to the PID namespace of the reading
1553 process, followed by the value in successively nested inner
1554 namespaces. (Since Linux 4.1.)
1555 * NSpid: Thread ID in each of the PID namespaces of which [pid]
1557 is a member. The fields are ordered as for NStgid. (Since
1558 Linux 4.1.)
1559 * NSpgid: Process group ID in each of the PID namespaces of
1561 which [pid] is a member. The fields are ordered as for NSt‐
1562 gid. (Since Linux 4.1.)
1563 * NSsid: descendant namespace session ID hierarchy Session ID in
1565 each of the PID namespaces of which [pid] is a member. The
1566 fields are ordered as for NStgid. (Since Linux 4.1.)
1567 * VmPeak: Peak virtual memory size.
1569 * VmSize: Virtual memory size.
1571 * VmLck: Locked memory size (see mlock(3)).
1573 * VmPin: Pinned memory size (since Linux 3.2). These are pages
1575 that can't be moved because something needs to directly access
1576 physical memory.
1577 * VmHWM: Peak resident set size ("high water mark").
1579 * VmRSS: Resident set size. Note that the value here is the sum
1581 of RssAnon, RssFile, and RssShmem.
1582 * RssAnon: Size of resident anonymous memory. (since Linux
1584 4.5).
1585 * RssFile: Size of resident file mappings. (since Linux 4.5).
1587 * RssShmem: Size of resident shared memory (includes System V
1589 shared memory, mappings from tmpfs(5), and shared anonymous
1590 mappings). (since Linux 4.5).
1591 * VmData, VmStk, VmExe: Size of data, stack, and text segments.
1593 * VmLib: Shared library code size.
1595 * VmPTE: Page table entries size (since Linux 2.6.10).
1597 * VmPMD: Size of second-level page tables (since Linux 4.0).
1599 * VmSwap: Swapped-out virtual memory size by anonymous private
1601 pages; shmem swap usage is not included (since Linux 2.6.34).
1602 * HugetlbPages: Size of hugetlb memory portions. (since Linux
1604 4.4).
1605 * Threads: Number of threads in process containing this thread.
1607 * SigQ: This field contains two slash-separated numbers that
1609 relate to queued signals for the real user ID of this process.
1610 The first of these is the number of currently queued signals
1611 for this real user ID, and the second is the resource limit on
1612 the number of queued signals for this process (see the
1613 description of RLIMIT_SIGPENDING in getrlimit(2)).
1614 * SigPnd, ShdPnd: Number of signals pending for thread and for
1616 process as a whole (see pthreads(7) and signal(7)).
1617 * SigBlk, SigIgn, SigCgt: Masks indicating signals being
1619 blocked, ignored, and caught (see signal(7)).
1620 * CapInh, CapPrm, CapEff: Masks of capabilities enabled in
1622 inheritable, permitted, and effective sets (see capabili‐
1623 ties(7)).
1624 * CapBnd: Capability Bounding set (since Linux 2.6.26, see capa‐
1626 bilities(7)).
1627 * CapAmb: Ambient capability set (since Linux 4.3, see capabili‐
1629 ties(7)).
1630 * NoNewPrivs: Value of the no_new_privs bit (since Linux 4.10,
1632 see prctl(2)).
1633 * Seccomp: Seccomp mode of the process (since Linux 3.8, see
1635 seccomp(2)). 0 means SECCOMP_MODE_DISABLED; 1 means SEC‐
1636 COMP_MODE_STRICT; 2 means SECCOMP_MODE_FILTER. This field is
1637 provided only if the kernel was built with the CONFIG_SECCOMP
1638 kernel configuration option enabled.
1639 * Cpus_allowed: Mask of CPUs on which this process may run
1641 (since Linux 2.6.24, see cpuset(7)).
1642 * Cpus_allowed_list: Same as previous, but in "list format"
1644 (since Linux 2.6.26, see cpuset(7)).
1645 * Mems_allowed: Mask of memory nodes allowed to this process
1647 (since Linux 2.6.24, see cpuset(7)).
1648 * Mems_allowed_list: Same as previous, but in "list format"
1650 (since Linux 2.6.26, see cpuset(7)).
1651 * voluntary_ctxt_switches, nonvoluntary_ctxt_switches: Number of
1653 voluntary and involuntary context switches (since Linux
1654 2.6.23).
1655 /proc/[pid]/syscall (since Linux 2.6.27)
1657 This file exposes the system call number and argument registers
1658 for the system call currently being executed by the process,
1659 followed by the values of the stack pointer and program counter
1660 registers. The values of all six argument registers are
1661 exposed, although most system calls use fewer registers.
1662 If the process is blocked, but not in a system call, then the
1664 file displays -1 in place of the system call number, followed by
1665 just the values of the stack pointer and program counter. If
1666 process is not blocked, then the file contains just the string
1667 "running".
1668 This file is present only if the kernel was configured with CON‐
1670 FIG_HAVE_ARCH_TRACEHOOK.
1671 Permission to access this file is governed by a ptrace access
1673 mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1674 /proc/[pid]/task (since Linux 2.6.0-test6)
1676 This is a directory that contains one subdirectory for each
1677 thread in the process. The name of each subdirectory is the
1678 numerical thread ID ([tid]) of the thread (see gettid(2)).
1679 Within each of these subdirectories, there is a set of files
1680 with the same names and contents as under the /proc/[pid] direc‐
1681 tories. For attributes that are shared by all threads, the con‐
1682 tents for each of the files under the task/[tid] subdirectories
1683 will be the same as in the corresponding file in the parent
1684 /proc/[pid] directory (e.g., in a multithreaded process, all of
1685 the task/[tid]/cwd files will have the same value as the
1686 /proc/[pid]/cwd file in the parent directory, since all of the
1687 threads in a process share a working directory). For attributes
1688 that are distinct for each thread, the corresponding files under
1689 task/[tid] may have different values (e.g., various fields in
1690 each of the task/[tid]/status files may be different for each
1691 thread), or they might not exist in /proc/[pid] at all. In a
1692 multithreaded process, the contents of the /proc/[pid]/task
1693 directory are not available if the main thread has already ter‐
1694 minated (typically by calling pthread_exit(3)).
1695 /proc/[pid]/task/[tid]/children (since Linux 3.5)
1697 A space-separated list of child tasks of this task. Each child
1698 task is represented by its TID.
1699 This option is intended for use by the checkpoint-restore (CRIU)
1701 system, and reliably provides a list of children only if all of
1702 the child processes are stopped or frozen. It does not work
1703 properly if children of the target task exit while the file is
1704 being read! Exiting children may cause non-exiting children to
1705 be omitted from the list. This makes this interface even more
1706 unreliable than classic PID-based approaches if the inspected
1707 task and its children aren't frozen, and most code should proba‐
1708 bly not use this interface.
1709 Until Linux 4.2, the presence of this file was governed by the
1711 CONFIG_CHECKPOINT_RESTORE kernel configuration option. Since
1712 Linux 4.2, it is governed by the CONFIG_PROC_CHILDREN option.
1713 /proc/[pid]/timers (since Linux 3.10)
1715 A list of the POSIX timers for this process. Each timer is
1716 listed with a line that starts with the string "ID:". For exam‐
1717 ple:
1718 ID: 1
1720 signal: 60/00007fff86e452a8
1721 notify: signal/pid.2634
1722 ClockID: 0
1723 ID: 0
1724 signal: 60/00007fff86e452a8
1725 notify: signal/pid.2634
1726 ClockID: 1
1727 The lines shown for each timer have the following meanings:
1729 ID The ID for this timer. This is not the same as the timer
1731 ID returned by timer_create(2); rather, it is the same
1732 kernel-internal ID that is available via the si_timerid
1733 field of the siginfo_t structure (see sigaction(2)).
1734 signal This is the signal number that this timer uses to deliver
1736 notifications followed by a slash, and then the
1737 sigev_value value supplied to the signal handler. Valid
1738 only for timers that notify via a signal.
1739 notify The part before the slash specifies the mechanism that
1741 this timer uses to deliver notifications, and is one of
1742 "thread", "signal", or "none". Immediately following the
1743 slash is either the string "tid" for timers with
1744 SIGEV_THREAD_ID notification, or "pid" for timers that
1745 notify by other mechanisms. Following the "." is the PID
1746 of the process (or the kernel thread ID of the thread)
1747 that will be delivered a signal if the timer delivers
1748 notifications via a signal.
1749 ClockID
1751 This field identifies the clock that the timer uses for
1752 measuring time. For most clocks, this is a number that
1753 matches one of the user-space CLOCK_* constants exposed
1754 via <time.h>. CLOCK_PROCESS_CPUTIME_ID timers display
1755 with a value of -6 in this field.
1756 CLOCK_THREAD_CPUTIME_ID timers display with a value of -2
1757 in this field.
1758 This file is available only when the kernel was configured with
1760 CONFIG_CHECKPOINT_RESTORE.
1761 /proc/[pid]/timerslack_ns (since Linux 4.6)
1763 This file exposes the process's "current" timer slack value,
1764 expressed in nanoseconds. The file is writable, allowing the
1765 process's timer slack value to be changed. Writing 0 to this
1766 file resets the "current" timer slack to the "default" timer
1767 slack value. For further details, see the discussion of
1768 PR_SET_TIMERSLACK in prctl(2).
1769 Initially, permission to access this file was governed by a
1771 ptrace access mode PTRACE_MODE_ATTACH_FSCREDS check (see
1772 ptrace(2)). However, this was subsequently deemed too strict a
1773 requirement (and had the side effect that requiring a process to
1774 have the CAP_SYS_PTRACE capability would also allow it to view
1775 and change any process's memory). Therefore, since Linux 4.9,
1776 only the (weaker) CAP_SYS_NICE capability is required to access
1777 this file.
1778 /proc/[pid]/uid_map, /proc/[pid]/gid_map (since Linux 3.5)
1780 See user_namespaces(7).
1781 /proc/[pid]/wchan (since Linux 2.6.0)
1783 The symbolic name corresponding to the location in the kernel
1784 where the process is sleeping.
1785 Permission to access this file is governed by a ptrace access
1787 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1788 /proc/apm
1790 Advanced power management version and battery information when
1791 CONFIG_APM is defined at kernel compilation time.
1792 /proc/buddyinfo
1794 This file contains information which is used for diagnosing mem‐
1795 ory fragmentation issues. Each line starts with the identifica‐
1796 tion of the node and the name of the zone which together iden‐
1797 tify a memory region This is then followed by the count of
1798 available chunks of a certain order in which these zones are
1799 split. The size in bytes of a certain order is given by the
1800 formula:
1801 (2^order) * PAGE_SIZE
1803 The binary buddy allocator algorithm inside the kernel will
1805 split one chunk into two chunks of a smaller order (thus with
1806 half the size) or combine two contiguous chunks into one larger
1807 chunk of a higher order (thus with double the size) to satisfy
1808 allocation requests and to counter memory fragmentation. The
1809 order matches the column number, when starting to count at zero.
1810 For example on an x86-64 system:
1812 Node 0, zone DMA 1 1 1 0 2 1 1 0 1 1 3
1814 Node 0, zone DMA32 65 47 4 81 52 28 13 10 5 1 404
1815 Node 0, zone Normal 216 55 189 101 84 38 37 27 5 3 587
1816 In this example, there is one node containing three zones and
1818 there are 11 different chunk sizes. If the page size is 4 kilo‐
1819 bytes, then the first zone called DMA (on x86 the first 16
1820 megabyte of memory) has 1 chunk of 4 kilobytes (order 0) avail‐
1821 able and has 3 chunks of 4 megabytes (order 10) available.
1822 If the memory is heavily fragmented, the counters for higher
1824 order chunks will be zero and allocation of large contiguous
1825 areas will fail.
1826 Further information about the zones can be found in /proc/zone‐
1828 info.
1829 /proc/bus
1831 Contains subdirectories for installed busses.
1832 /proc/bus/pccard
1834 Subdirectory for PCMCIA devices when CONFIG_PCMCIA is set at
1835 kernel compilation time.
1836 /proc/bus/pccard/drivers
1838 /proc/bus/pci
1840 Contains various bus subdirectories and pseudo-files containing
1841 information about PCI busses, installed devices, and device
1842 drivers. Some of these files are not ASCII.
1843 /proc/bus/pci/devices
1845 Information about PCI devices. They may be accessed through
1846 lspci(8) and setpci(8).
1847 /proc/cgroups (since Linux 2.6.24)
1849 See cgroups(7).
1850 /proc/cmdline
1852 Arguments passed to the Linux kernel at boot time. Often done
1853 via a boot manager such as lilo(8) or grub(8).
1854 /proc/config.gz (since Linux 2.6)
1856 This file exposes the configuration options that were used to
1857 build the currently running kernel, in the same format as they
1858 would be shown in the .config file that resulted when configur‐
1859 ing the kernel (using make xconfig, make config, or similar).
1860 The file contents are compressed; view or search them using
1861 zcat(1) and zgrep(1). As long as no changes have been made to
1862 the following file, the contents of /proc/config.gz are the same
1863 as those provided by:
1864 cat /lib/modules/$(uname -r)/build/.config
1866 /proc/config.gz is provided only if the kernel is configured
1868 with CONFIG_IKCONFIG_PROC.
1869 /proc/crypto
1871 A list of the ciphers provided by the kernel crypto API. For
1872 details, see the kernel Linux Kernel Crypto API documentation
1873 available under the kernel source directory Documenta‐
1874 tion/crypto/ (or Documentation/DocBook before 4.10; the documen‐
1875 tation can be built using a command such as make htmldocs in the
1876 root directory of the kernel source tree).
1877 /proc/cpuinfo
1879 This is a collection of CPU and system architecture dependent
1880 items, for each supported architecture a different list. Two
1881 common entries are processor which gives CPU number and
1882 bogomips; a system constant that is calculated during kernel
1883 initialization. SMP machines have information for each CPU.
1884 The lscpu(1) command gathers its information from this file.
1885 /proc/devices
1887 Text listing of major numbers and device groups. This can be
1888 used by MAKEDEV scripts for consistency with the kernel.
1889 /proc/diskstats (since Linux 2.5.69)
1891 This file contains disk I/O statistics for each disk device.
1892 See the Linux kernel source file Documentation/iostats.txt for
1893 further information.
1894 /proc/dma
1896 This is a list of the registered ISA DMA (direct memory access)
1897 channels in use.
1898 /proc/driver
1900 Empty subdirectory.
1901 /proc/execdomains
1903 List of the execution domains (ABI personalities).
1904 /proc/fb
1906 Frame buffer information when CONFIG_FB is defined during kernel
1907 compilation.
1908 /proc/filesystems
1910 A text listing of the filesystems which are supported by the
1911 kernel, namely filesystems which were compiled into the kernel
1912 or whose kernel modules are currently loaded. (See also
1913 filesystems(5).) If a filesystem is marked with "nodev", this
1914 means that it does not require a block device to be mounted
1915 (e.g., virtual filesystem, network filesystem).
1916 Incidentally, this file may be used by mount(8) when no filesys‐
1918 tem is specified and it didn't manage to determine the filesys‐
1919 tem type. Then filesystems contained in this file are tried
1920 (excepted those that are marked with "nodev").
1921 /proc/fs
1923 Contains subdirectories that in turn contain files with informa‐
1924 tion about (certain) mounted filesystems.
1925 /proc/ide
1927 This directory exists on systems with the IDE bus. There are
1928 directories for each IDE channel and attached device. Files
1929 include:
1930 cache buffer size in KB
1932 capacity number of sectors
1933 driver driver version
1934 geometry physical and logical geometry
1935 identify in hexadecimal
1936 media media type
1937 model manufacturer's model number
1938 settings drive settings
1939 smart_thresholds in hexadecimal
1940 smart_values in hexadecimal
1941 The hdparm(8) utility provides access to this information in a
1943 friendly format.
1944 /proc/interrupts
1946 This is used to record the number of interrupts per CPU per IO
1947 device. Since Linux 2.6.24, for the i386 and x86-64 architec‐
1948 tures, at least, this also includes interrupts internal to the
1949 system (that is, not associated with a device as such), such as
1950 NMI (nonmaskable interrupt), LOC (local timer interrupt), and
1951 for SMP systems, TLB (TLB flush interrupt), RES (rescheduling
1952 interrupt), CAL (remote function call interrupt), and possibly
1953 others. Very easy to read formatting, done in ASCII.
1954 /proc/iomem
1956 I/O memory map in Linux 2.4.
1957 /proc/ioports
1959 This is a list of currently registered Input-Output port regions
1960 that are in use.
1961 /proc/kallsyms (since Linux 2.5.71)
1963 This holds the kernel exported symbol definitions used by the
1964 modules(X) tools to dynamically link and bind loadable modules.
1965 In Linux 2.5.47 and earlier, a similar file with slightly dif‐
1966 ferent syntax was named ksyms.
1967 /proc/kcore
1969 This file represents the physical memory of the system and is
1970 stored in the ELF core file format. With this pseudo-file, and
1971 an unstripped kernel (/usr/src/linux/vmlinux) binary, GDB can be
1972 used to examine the current state of any kernel data structures.
1973 The total length of the file is the size of physical memory
1975 (RAM) plus 4 KiB.
1976 /proc/keys (since Linux 2.6.10)
1978 See keyrings(7).
1979 /proc/key-users (since Linux 2.6.10)
1981 See keyrings(7).
1982 /proc/kmsg
1984 This file can be used instead of the syslog(2) system call to
1985 read kernel messages. A process must have superuser privileges
1986 to read this file, and only one process should read this file.
1987 This file should not be read if a syslog process is running
1988 which uses the syslog(2) system call facility to log kernel mes‐
1989 sages.
1990 Information in this file is retrieved with the dmesg(1) program.
1992 /proc/kpagecgroup (since Linux 4.3)
1994 This file contains a 64-bit inode number of the memory cgroup
1995 each page is charged to, indexed by page frame number (see the
1996 discussion of /proc/[pid]/pagemap).
1997 The /proc/kpagecgroup file is present only if the CONFIG_MEMCG
1999 kernel configuration option is enabled.
2000 /proc/kpagecount (since Linux 2.6.25)
2002 This file contains a 64-bit count of the number of times each
2003 physical page frame is mapped, indexed by page frame number (see
2004 the discussion of /proc/[pid]/pagemap).
2005 The /proc/kpagecount file is present only if the CON‐
2007 FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2008 /proc/kpageflags (since Linux 2.6.25)
2010 This file contains 64-bit masks corresponding to each physical
2011 page frame; it is indexed by page frame number (see the discus‐
2012 sion of /proc/[pid]/pagemap). The bits are as follows:
2013 0 - KPF_LOCKED
2015 1 - KPF_ERROR
2016 2 - KPF_REFERENCED
2017 3 - KPF_UPTODATE
2018 4 - KPF_DIRTY
2019 5 - KPF_LRU
2020 6 - KPF_ACTIVE
2021 7 - KPF_SLAB
2022 8 - KPF_WRITEBACK
2023 9 - KPF_RECLAIM
2024 10 - KPF_BUDDY
2025 11 - KPF_MMAP (since Linux 2.6.31)
2026 12 - KPF_ANON (since Linux 2.6.31)
2027 13 - KPF_SWAPCACHE (since Linux 2.6.31)
2028 14 - KPF_SWAPBACKED (since Linux 2.6.31)
2029 15 - KPF_COMPOUND_HEAD (since Linux 2.6.31)
2030 16 - KPF_COMPOUND_TAIL (since Linux 2.6.31)
2031 17 - KPF_HUGE (since Linux 2.6.31)
2032 18 - KPF_UNEVICTABLE (since Linux 2.6.31)
2033 19 - KPF_HWPOISON (since Linux 2.6.31)
2034 20 - KPF_NOPAGE (since Linux 2.6.31)
2035 21 - KPF_KSM (since Linux 2.6.32)
2036 22 - KPF_THP (since Linux 3.4)
2037 23 - KPF_BALLOON (since Linux 3.18)
2038 24 - KPF_ZERO_PAGE (since Linux 4.0)
2039 25 - KPF_IDLE (since Linux 4.3)
2040 For further details on the meanings of these bits, see the ker‐
2042 nel source file Documentation/vm/pagemap.txt. Before kernel
2043 2.6.29, KPF_WRITEBACK, KPF_RECLAIM, KPF_BUDDY, and KPF_LOCKED
2044 did not report correctly.
2045 The /proc/kpageflags file is present only if the CON‐
2047 FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2048 /proc/ksyms (Linux 1.1.23–2.5.47)
2050 See /proc/kallsyms.
2051 /proc/loadavg
2053 The first three fields in this file are load average figures
2054 giving the number of jobs in the run queue (state R) or waiting
2055 for disk I/O (state D) averaged over 1, 5, and 15 minutes. They
2056 are the same as the load average numbers given by uptime(1) and
2057 other programs. The fourth field consists of two numbers sepa‐
2058 rated by a slash (/). The first of these is the number of cur‐
2059 rently runnable kernel scheduling entities (processes, threads).
2060 The value after the slash is the number of kernel scheduling
2061 entities that currently exist on the system. The fifth field is
2062 the PID of the process that was most recently created on the
2063 system.
2064 /proc/locks
2066 This file shows current file locks (flock(2) and fcntl(2)) and
2067 leases (fcntl(2)).
2068 An example of the content shown in this file is the following:
2070 1: POSIX ADVISORY READ 5433 08:01:7864448 128 128
2072 2: FLOCK ADVISORY WRITE 2001 08:01:7864554 0 EOF
2073 3: FLOCK ADVISORY WRITE 1568 00:2f:32388 0 EOF
2074 4: POSIX ADVISORY WRITE 699 00:16:28457 0 EOF
2075 5: POSIX ADVISORY WRITE 764 00:16:21448 0 0
2076 6: POSIX ADVISORY READ 3548 08:01:7867240 1 1
2077 7: POSIX ADVISORY READ 3548 08:01:7865567 1826 2335
2078 8: OFDLCK ADVISORY WRITE -1 08:01:8713209 128 191
2079 The fields shown in each line are as follows:
2081 (1) The ordinal position of the lock in the list.
2083 (2) The lock type. Values that may appear here include:
2085 FLOCK This is a BSD file lock created using flock(2).
2087 OFDLCK This is an open file description (OFD) lock created
2089 using fcntl(2).
2090 POSIX This is a POSIX byte-range lock created using
2092 fcntl(2).
2093 (3) Among the strings that can appear here are the following:
2095 ADVISORY
2097 This is an advisory lock.
2098 MANDATORY
2100 This is a mandatory lock.
2101 (4) The type of lock. Values that can appear here are:
2103 READ This is a POSIX or OFD read lock, or a BSD shared
2105 lock.
2106 WRITE This is a POSIX or OFD write lock, or a BSD exclusive
2108 lock.
2109 (5) The PID of the process that owns the lock.
2111 Because OFD locks are not owned by a single process (since
2113 multiple processes may have file descriptors that refer to
2114 the same open file description), the value -1 is displayed
2115 in this field for OFD locks. (Before kernel 4.14, a bug
2116 meant that the PID of the process that initially acquired
2117 the lock was displayed instead of the value -1.)
2118 (6) Three colon-separated subfields that identify the major and
2120 minor device ID of the device containing the filesystem
2121 where the locked file resides, followed by the inode number
2122 of the locked file.
2123 (7) The byte offset of the first byte of the lock. For BSD
2125 locks, this value is always 0.
2126 (8) The byte offset of the last byte of the lock. EOF in this
2128 field means that the lock extends to the end of the file.
2129 For BSD locks, the value shown is always EOF.
2130 Since Linux 4.9, the list of locks shown in /proc/locks is fil‐
2132 tered to show just the locks for the processes in the PID names‐
2133 pace (see pid_namespaces(7)) for which the /proc filesystem was
2134 mounted. (In the initial PID namespace, there is no filtering
2135 of the records shown in this file.)
2136 The lslocks(8) command provides a bit more information about
2138 each lock.
2139 /proc/malloc (only up to and including Linux 2.2)
2141 This file is present only if CONFIG_DEBUG_MALLOC was defined
2142 during compilation.
2143 /proc/meminfo
2145 This file reports statistics about memory usage on the system.
2146 It is used by free(1) to report the amount of free and used mem‐
2147 ory (both physical and swap) on the system as well as the shared
2148 memory and buffers used by the kernel. Each line of the file
2149 consists of a parameter name, followed by a colon, the value of
2150 the parameter, and an option unit of measurement (e.g., "kB").
2151 The list below describes the parameter names and the format
2152 specifier required to read the field value. Except as noted
2153 below, all of the fields have been present since at least Linux
2154 2.6.0. Some fields are displayed only if the kernel was config‐
2155 ured with various options; those dependencies are noted in the
2156 list.
2157 MemTotal %lu
2159 Total usable RAM (i.e., physical RAM minus a few reserved
2160 bits and the kernel binary code).
2161 MemFree %lu
2163 The sum of LowFree+HighFree.
2164 MemAvailable %lu (since Linux 3.14)
2166 An estimate of how much memory is available for starting
2167 new applications, without swapping.
2168 Buffers %lu
2170 Relatively temporary storage for raw disk blocks that
2171 shouldn't get tremendously large (20MB or so).
2172 Cached %lu
2174 In-memory cache for files read from the disk (the page
2175 cache). Doesn't include SwapCached.
2176 SwapCached %lu
2178 Memory that once was swapped out, is swapped back in but
2179 still also is in the swap file. (If memory pressure is
2180 high, these pages don't need to be swapped out again
2181 because they are already in the swap file. This saves
2182 I/O.)
2183 Active %lu
2185 Memory that has been used more recently and usually not
2186 reclaimed unless absolutely necessary.
2187 Inactive %lu
2189 Memory which has been less recently used. It is more
2190 eligible to be reclaimed for other purposes.
2191 Active(anon) %lu (since Linux 2.6.28)
2193 [To be documented.]
2194 Inactive(anon) %lu (since Linux 2.6.28)
2196 [To be documented.]
2197 Active(file) %lu (since Linux 2.6.28)
2199 [To be documented.]
2200 Inactive(file) %lu (since Linux 2.6.28)
2202 [To be documented.]
2203 Unevictable %lu (since Linux 2.6.28)
2205 (From Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU was
2206 required.) [To be documented.]
2207 Mlocked %lu (since Linux 2.6.28)
2209 (From Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU was
2210 required.) [To be documented.]
2211 HighTotal %lu
2213 (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2214 Total amount of highmem. Highmem is all memory above
2215 ~860MB of physical memory. Highmem areas are for use by
2216 user-space programs, or for the page cache. The kernel
2217 must use tricks to access this memory, making it slower
2218 to access than lowmem.
2219 HighFree %lu
2221 (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2222 Amount of free highmem.
2223 LowTotal %lu
2225 (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2226 Total amount of lowmem. Lowmem is memory which can be
2227 used for everything that highmem can be used for, but it
2228 is also available for the kernel's use for its own data
2229 structures. Among many other things, it is where every‐
2230 thing from Slab is allocated. Bad things happen when
2231 you're out of lowmem.
2232 LowFree %lu
2234 (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2235 Amount of free lowmem.
2236 MmapCopy %lu (since Linux 2.6.29)
2238 (CONFIG_MMU is required.) [To be documented.]
2239 SwapTotal %lu
2241 Total amount of swap space available.
2242 SwapFree %lu
2244 Amount of swap space that is currently unused.
2245 Dirty %lu
2247 Memory which is waiting to get written back to the disk.
2248 Writeback %lu
2250 Memory which is actively being written back to the disk.
2251 AnonPages %lu (since Linux 2.6.18)
2253 Non-file backed pages mapped into user-space page tables.
2254 Mapped %lu
2256 Files which have been mapped into memory (with mmap(2)),
2257 such as libraries.
2258 Shmem %lu (since Linux 2.6.32)
2260 Amount of memory consumed in tmpfs(5) filesystems.
2261 Slab %lu
2263 In-kernel data structures cache. (See slabinfo(5).)
2264 SReclaimable %lu (since Linux 2.6.19)
2266 Part of Slab, that might be reclaimed, such as caches.
2267 SUnreclaim %lu (since Linux 2.6.19)
2269 Part of Slab, that cannot be reclaimed on memory pres‐
2270 sure.
2271 KernelStack %lu (since Linux 2.6.32)
2273 Amount of memory allocated to kernel stacks.
2274 PageTables %lu (since Linux 2.6.18)
2276 Amount of memory dedicated to the lowest level of page
2277 tables.
2278 Quicklists %lu (since Linux 2.6.27)
2280 (CONFIG_QUICKLIST is required.) [To be documented.]
2281 NFS_Unstable %lu (since Linux 2.6.18)
2283 NFS pages sent to the server, but not yet committed to
2284 stable storage.
2285 Bounce %lu (since Linux 2.6.18)
2287 Memory used for block device "bounce buffers".
2288 WritebackTmp %lu (since Linux 2.6.26)
2290 Memory used by FUSE for temporary writeback buffers.
2291 CommitLimit %lu (since Linux 2.6.10)
2293 This is the total amount of memory currently available to
2294 be allocated on the system, expressed in kilobytes. This
2295 limit is adhered to only if strict overcommit accounting
2296 is enabled (mode 2 in /proc/sys/vm/overcommit_memory).
2297 The limit is calculated according to the formula
2298 described under /proc/sys/vm/overcommit_memory. For fur‐
2299 ther details, see the kernel source file Documenta‐
2300 tion/vm/overcommit-accounting.
2301 Committed_AS %lu
2303 The amount of memory presently allocated on the system.
2304 The committed memory is a sum of all of the memory which
2305 has been allocated by processes, even if it has not been
2306 "used" by them as of yet. A process which allocates 1GB
2307 of memory (using malloc(3) or similar), but touches only
2308 300MB of that memory will show up as using only 300MB of
2309 memory even if it has the address space allocated for the
2310 entire 1GB.
2311 This 1GB is memory which has been "committed" to by the
2313 VM and can be used at any time by the allocating applica‐
2314 tion. With strict overcommit enabled on the system (mode
2315 2 in /proc/sys/vm/overcommit_memory), allocations which
2316 would exceed the CommitLimit will not be permitted. This
2317 is useful if one needs to guarantee that processes will
2318 not fail due to lack of memory once that memory has been
2319 successfully allocated.
2320 VmallocTotal %lu
2322 Total size of vmalloc memory area.
2323 VmallocUsed %lu
2325 Amount of vmalloc area which is used.
2326 VmallocChunk %lu
2328 Largest contiguous block of vmalloc area which is free.
2329 HardwareCorrupted %lu (since Linux 2.6.32)
2331 (CONFIG_MEMORY_FAILURE is required.) [To be documented.]
2332 AnonHugePages %lu (since Linux 2.6.38)
2334 (CONFIG_TRANSPARENT_HUGEPAGE is required.) Non-file
2335 backed huge pages mapped into user-space page tables.
2336 ShmemHugePages %lu (since Linux 4.8)
2338 (CONFIG_TRANSPARENT_HUGEPAGE is required.) Memory used
2339 by shared memory (shmem) and tmpfs(5) allocated with huge
2340 pages
2341 ShmemPmdMapped %lu (since Linux 4.8)
2343 (CONFIG_TRANSPARENT_HUGEPAGE is required.) Shared memory
2344 mapped into user space with huge pages.
2345 CmaTotal %lu (since Linux 3.1)
2347 Total CMA (Contiguous Memory Allocator) pages. (CON‐
2348 FIG_CMA is required.)
2349 CmaFree %lu (since Linux 3.1)
2351 Free CMA (Contiguous Memory Allocator) pages. (CON‐
2352 FIG_CMA is required.)
2353 HugePages_Total %lu
2355 (CONFIG_HUGETLB_PAGE is required.) The size of the pool
2356 of huge pages.
2357 HugePages_Free %lu
2359 (CONFIG_HUGETLB_PAGE is required.) The number of huge
2360 pages in the pool that are not yet allocated.
2361 HugePages_Rsvd %lu (since Linux 2.6.17)
2363 (CONFIG_HUGETLB_PAGE is required.) This is the number of
2364 huge pages for which a commitment to allocate from the
2365 pool has been made, but no allocation has yet been made.
2366 These reserved huge pages guarantee that an application
2367 will be able to allocate a huge page from the pool of
2368 huge pages at fault time.
2369 HugePages_Surp %lu (since Linux 2.6.24)
2371 (CONFIG_HUGETLB_PAGE is required.) This is the number of
2372 huge pages in the pool above the value in
2373 /proc/sys/vm/nr_hugepages. The maximum number of surplus
2374 huge pages is controlled by /proc/sys/vm/nr_overcom‐
2375 mit_hugepages.
2376 Hugepagesize %lu
2378 (CONFIG_HUGETLB_PAGE is required.) The size of huge
2379 pages.
2380 DirectMap4k %lu (since Linux 2.6.27)
2382 Number of bytes of RAM linearly mapped by kernel in 4kB
2383 pages. (x86.)
2384 DirectMap4M %lu (since Linux 2.6.27)
2386 Number of bytes of RAM linearly mapped by kernel in 4MB
2387 pages. (x86 with CONFIG_X86_64 or CONFIG_X86_PAE
2388 enabled.)
2389 DirectMap2M %lu (since Linux 2.6.27)
2391 Number of bytes of RAM linearly mapped by kernel in 2MB
2392 pages. (x86 with neither CONFIG_X86_64 nor CON‐
2393 FIG_X86_PAE enabled.)
2394 DirectMap1G %lu (since Linux 2.6.27)
2396 (x86 with CONFIG_X86_64 and CONFIG_X86_DIRECT_GBPAGES
2397 enabled.)
2398 /proc/modules
2400 A text list of the modules that have been loaded by the system.
2401 See also lsmod(8).
2402 /proc/mounts
2404 Before kernel 2.4.19, this file was a list of all the filesys‐
2405 tems currently mounted on the system. With the introduction of
2406 per-process mount namespaces in Linux 2.4.19 (see mount_names‐
2407 paces(7)), this file became a link to /proc/self/mounts, which
2408 lists the mount points of the process's own mount namespace.
2409 The format of this file is documented in fstab(5).
2410 /proc/mtrr
2412 Memory Type Range Registers. See the Linux kernel source file
2413 Documentation/x86/mtrr.txt (or Documentation/mtrr.txt before
2414 Linux 2.6.28) for details.
2415 /proc/net
2417 This directory contains various files and subdirectories con‐
2418 taining information about the networking layer. The files con‐
2419 tain ASCII structures and are, therefore, readable with cat(1).
2420 However, the standard netstat(8) suite provides much cleaner
2421 access to these files.
2422 With the advent of network namespaces, various information
2424 relating to the network stack is virtualized (see names‐
2425 paces(7)). Thus, since Linux 2.6.25, /proc/net is a symbolic
2426 link to the directory /proc/self/net, which contains the same
2427 files and directories as listed below. However, these files and
2428 directories now expose information for the network namespace of
2429 which the process is a member.
2430 /proc/net/arp
2432 This holds an ASCII readable dump of the kernel ARP table used
2433 for address resolutions. It will show both dynamically learned
2434 and preprogrammed ARP entries. The format is:
2435 IP address HW type Flags HW address Mask Device
2437 192.168.0.50 0x1 0x2 00:50:BF:25:68:F3 * eth0
2438 192.168.0.250 0x1 0xc 00:00:00:00:00:00 * eth0
2439 Here "IP address" is the IPv4 address of the machine and the "HW
2441 type" is the hardware type of the address from RFC 826. The
2442 flags are the internal flags of the ARP structure (as defined in
2443 /usr/include/linux/if_arp.h) and the "HW address" is the data
2444 link layer mapping for that IP address if it is known.
2445 /proc/net/dev
2447 The dev pseudo-file contains network device status information.
2448 This gives the number of received and sent packets, the number
2449 of errors and collisions and other basic statistics. These are
2450 used by the ifconfig(8) program to report device status. The
2451 format is:
2452 Inter-| Receive | Transmit
2454 face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
2455 lo: 2776770 11307 0 0 0 0 0 0 2776770 11307 0 0 0 0 0 0
2456 eth0: 1215645 2751 0 0 0 0 0 0 1782404 4324 0 0 0 427 0 0
2457 ppp0: 1622270 5552 1 0 0 0 0 0 354130 5669 0 0 0 0 0 0
2458 tap0: 7714 81 0 0 0 0 0 0 7714 81 0 0 0 0 0 0
2459 /proc/net/dev_mcast
2461 Defined in /usr/src/linux/net/core/dev_mcast.c:
2462 indx interface_name dmi_u dmi_g dmi_address
2464 2 eth0 1 0 01005e000001
2465 3 eth1 1 0 01005e000001
2466 4 eth2 1 0 01005e000001
2467 /proc/net/igmp
2469 Internet Group Management Protocol. Defined in
2470 /usr/src/linux/net/core/igmp.c.
2471 /proc/net/rarp
2473 This file uses the same format as the arp file and contains the
2474 current reverse mapping database used to provide rarp(8) reverse
2475 address lookup services. If RARP is not configured into the
2476 kernel, this file will not be present.
2477 /proc/net/raw
2479 Holds a dump of the RAW socket table. Much of the information
2480 is not of use apart from debugging. The "sl" value is the ker‐
2481 nel hash slot for the socket, the "local_address" is the local
2482 address and protocol number pair. "St" is the internal status
2483 of the socket. The "tx_queue" and "rx_queue" are the outgoing
2484 and incoming data queue in terms of kernel memory usage. The
2485 "tr", "tm->when", and "rexmits" fields are not used by RAW. The
2486 "uid" field holds the effective UID of the creator of the
2487 socket.
2488 /proc/net/snmp
2490 This file holds the ASCII data needed for the IP, ICMP, TCP, and
2491 UDP management information bases for an SNMP agent.
2492 /proc/net/tcp
2494 Holds a dump of the TCP socket table. Much of the information
2495 is not of use apart from debugging. The "sl" value is the ker‐
2496 nel hash slot for the socket, the "local_address" is the local
2497 address and port number pair. The "rem_address" is the remote
2498 address and port number pair (if connected). "St" is the inter‐
2499 nal status of the socket. The "tx_queue" and "rx_queue" are the
2500 outgoing and incoming data queue in terms of kernel memory
2501 usage. The "tr", "tm->when", and "rexmits" fields hold internal
2502 information of the kernel socket state and are useful only for
2503 debugging. The "uid" field holds the effective UID of the cre‐
2504 ator of the socket.
2505 /proc/net/udp
2507 Holds a dump of the UDP socket table. Much of the information
2508 is not of use apart from debugging. The "sl" value is the ker‐
2509 nel hash slot for the socket, the "local_address" is the local
2510 address and port number pair. The "rem_address" is the remote
2511 address and port number pair (if connected). "St" is the inter‐
2512 nal status of the socket. The "tx_queue" and "rx_queue" are the
2513 outgoing and incoming data queue in terms of kernel memory
2514 usage. The "tr", "tm->when", and "rexmits" fields are not used
2515 by UDP. The "uid" field holds the effective UID of the creator
2516 of the socket. The format is:
2517 sl local_address rem_address st tx_queue rx_queue tr rexmits tm->when uid
2519 1: 01642C89:0201 0C642C89:03FF 01 00000000:00000001 01:000071BA 00000000 0
2520 1: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 6F000100 0
2521 1: 00000000:0201 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0
2522 /proc/net/unix
2524 Lists the UNIX domain sockets present within the system and
2525 their status. The format is:
2526 Num RefCount Protocol Flags Type St Path
2528 0: 00000002 00000000 00000000 0001 03
2529 1: 00000001 00000000 00010000 0001 01 /dev/printer
2530 The fields are as follows:
2532 Num: the kernel table slot number.
2534 RefCount: the number of users of the socket.
2536 Protocol: currently always 0.
2538 Flags: the internal kernel flags holding the status of the
2540 socket.
2541 Type: the socket type. For SOCK_STREAM sockets, this is
2543 0001; for SOCK_DGRAM sockets, it is 0002; and for
2544 SOCK_SEQPACKET sockets, it is 0005.
2545 St: the internal state of the socket.
2547 Path: the bound path (if any) of the socket. Sockets in the
2549 abstract namespace are included in the list, and are
2550 shown with a Path that commences with the character
2551 '@'.
2552 /proc/net/netfilter/nfnetlink_queue
2554 This file contains information about netfilter user-space queue‐
2555 ing, if used. Each line represents a queue. Queues that have
2556 not been subscribed to by user space are not shown.
2557 1 4207 0 2 65535 0 0 0 1
2559 (1) (2) (3)(4) (5) (6) (7) (8)
2560 The fields in each line are:
2562 (1) The ID of the queue. This matches what is specified in the
2564 --queue-num or --queue-balance options to the iptables(8)
2565 NFQUEUE target. See iptables-extensions(8) for more infor‐
2566 mation.
2567 (2) The netlink port ID subscribed to the queue.
2569 (3) The number of packets currently queued and waiting to be
2571 processed by the application.
2572 (4) The copy mode of the queue. It is either 1 (metadata only)
2574 or 2 (also copy payload data to user space).
2575 (5) Copy range; that is, how many bytes of packet payload
2577 should be copied to user space at most.
2578 (6) queue dropped. Number of packets that had to be dropped by
2580 the kernel because too many packets are already waiting for
2581 user space to send back the mandatory accept/drop verdicts.
2582 (7) queue user dropped. Number of packets that were dropped
2584 within the netlink subsystem. Such drops usually happen
2585 when the corresponding socket buffer is full; that is, user
2586 space is not able to read messages fast enough.
2587 (8) sequence number. Every queued packet is associated with a
2589 (32-bit) monotonically-increasing sequence number. This
2590 shows the ID of the most recent packet queued.
2591 The last number exists only for compatibility reasons and is
2593 always 1.
2594 /proc/partitions
2596 Contains the major and minor numbers of each partition as well
2597 as the number of 1024-byte blocks and the partition name.
2598 /proc/pci
2600 This is a listing of all PCI devices found during kernel ini‐
2601 tialization and their configuration.
2602 This file has been deprecated in favor of a new /proc interface
2604 for PCI (/proc/bus/pci). It became optional in Linux 2.2
2605 (available with CONFIG_PCI_OLD_PROC set at kernel compilation).
2606 It became once more nonoptionally enabled in Linux 2.4. Next,
2607 it was deprecated in Linux 2.6 (still available with CON‐
2608 FIG_PCI_LEGACY_PROC set), and finally removed altogether since
2609 Linux 2.6.17.
2610 /proc/profile (since Linux 2.4)
2612 This file is present only if the kernel was booted with the pro‐
2613 file=1 command-line option. It exposes kernel profiling infor‐
2614 mation in a binary format for use by readprofile(1). Writing
2615 (e.g., an empty string) to this file resets the profiling coun‐
2616 ters; on some architectures, writing a binary integer "profiling
2617 multiplier" of size sizeof(int) sets the profiling interrupt
2618 frequency.
2619 /proc/scsi
2621 A directory with the scsi mid-level pseudo-file and various SCSI
2622 low-level driver directories, which contain a file for each SCSI
2623 host in this system, all of which give the status of some part
2624 of the SCSI IO subsystem. These files contain ASCII structures
2625 and are, therefore, readable with cat(1).
2626 You can also write to some of the files to reconfigure the sub‐
2628 system or switch certain features on or off.
2629 /proc/scsi/scsi
2631 This is a listing of all SCSI devices known to the kernel. The
2632 listing is similar to the one seen during bootup. scsi cur‐
2633 rently supports only the add-single-device command which allows
2634 root to add a hotplugged device to the list of known devices.
2635 The command
2637 echo 'scsi add-single-device 1 0 5 0' > /proc/scsi/scsi
2639 will cause host scsi1 to scan on SCSI channel 0 for a device on
2641 ID 5 LUN 0. If there is already a device known on this address
2642 or the address is invalid, an error will be returned.
2643 /proc/scsi/[drivername]
2645 [drivername] can currently be NCR53c7xx, aha152x, aha1542,
2646 aha1740, aic7xxx, buslogic, eata_dma, eata_pio, fdomain, in2000,
2647 pas16, qlogic, scsi_debug, seagate, t128, u15-24f, ultrastore,
2648 or wd7000. These directories show up for all drivers that reg‐
2649 istered at least one SCSI HBA. Every directory contains one
2650 file per registered host. Every host-file is named after the
2651 number the host was assigned during initialization.
2652 Reading these files will usually show driver and host configura‐
2654 tion, statistics, and so on.
2655 Writing to these files allows different things on different
2657 hosts. For example, with the latency and nolatency commands,
2658 root can switch on and off command latency measurement code in
2659 the eata_dma driver. With the lockup and unlock commands, root
2660 can control bus lockups simulated by the scsi_debug driver.
2661 /proc/self
2663 This directory refers to the process accessing the /proc
2664 filesystem, and is identical to the /proc directory named by the
2665 process ID of the same process.
2666 /proc/slabinfo
2668 Information about kernel caches. See slabinfo(5) for details.
2669 /proc/stat
2671 kernel/system statistics. Varies with architecture. Common
2672 entries include:
2673 cpu 10132153 290696 3084719 46828483 16683 0 25195 0 175628 0
2675 cpu0 1393280 32966 572056 13343292 6130 0 17875 0 23933 0
2676 The amount of time, measured in units of USER_HZ
2677 (1/100ths of a second on most architectures, use
2678 sysconf(_SC_CLK_TCK) to obtain the right value), that the
2679 system ("cpu" line) or the specific CPU ("cpuN" line)
2680 spent in various states:
2681 user (1) Time spent in user mode.
2683 nice (2) Time spent in user mode with low priority
2685 (nice).
2686 system (3) Time spent in system mode.
2688 idle (4) Time spent in the idle task. This value
2690 should be USER_HZ times the second entry in the
2691 /proc/uptime pseudo-file.
2692 iowait (since Linux 2.5.41)
2694 (5) Time waiting for I/O to complete. This value
2695 is not reliable, for the following reasons:
2696 1. The CPU will not wait for I/O to complete;
2698 iowait is the time that a task is waiting for
2699 I/O to complete. When a CPU goes into idle
2700 state for outstanding task I/O, another task
2701 will be scheduled on this CPU.
2702 2. On a multi-core CPU, the task waiting for I/O
2704 to complete is not running on any CPU, so the
2705 iowait of each CPU is difficult to calculate.
2706 3. The value in this field may decrease in certain
2708 conditions.
2709 irq (since Linux 2.6.0-test4)
2711 (6) Time servicing interrupts.
2712 softirq (since Linux 2.6.0-test4)
2714 (7) Time servicing softirqs.
2715 steal (since Linux 2.6.11)
2717 (8) Stolen time, which is the time spent in other
2718 operating systems when running in a virtualized
2719 environment
2720 guest (since Linux 2.6.24)
2722 (9) Time spent running a virtual CPU for guest
2723 operating systems under the control of the Linux
2724 kernel.
2725 guest_nice (since Linux 2.6.33)
2727 (10) Time spent running a niced guest (virtual CPU
2728 for guest operating systems under the control of
2729 the Linux kernel).
2730 page 5741 1808
2732 The number of pages the system paged in and the number
2733 that were paged out (from disk).
2734 swap 1 0
2736 The number of swap pages that have been brought in and
2737 out.
2738 intr 1462898
2740 This line shows counts of interrupts serviced since boot
2741 time, for each of the possible system interrupts. The
2742 first column is the total of all interrupts serviced
2743 including unnumbered architecture specific interrupts;
2744 each subsequent column is the total for that particular
2745 numbered interrupt. Unnumbered interrupts are not shown,
2746 only summed into the total.
2747 disk_io: (2,0):(31,30,5764,1,2) (3,0):...
2749 (major,disk_idx):(noinfo, read_io_ops, blks_read,
2750 write_io_ops, blks_written)
2751 (Linux 2.4 only)
2752 ctxt 115315
2754 The number of context switches that the system underwent.
2755 btime 769041601
2757 boot time, in seconds since the Epoch, 1970-01-01
2758 00:00:00 +0000 (UTC).
2759 processes 86031
2761 Number of forks since boot.
2762 procs_running 6
2764 Number of processes in runnable state. (Linux 2.5.45
2765 onward.)
2766 procs_blocked 2
2768 Number of processes blocked waiting for I/O to complete.
2769 (Linux 2.5.45 onward.)
2770 softirq 229245889 94 60001584 13619 5175704 2471304 28 51212741
2772 59130143 0 51240672
2773 This line shows the number of softirq for all CPUs. The
2774 first column is the total of all softirqs and each subse‐
2775 quent column is the total for particular softirq. (Linux
2776 2.6.31 onward.)
2777 /proc/swaps
2779 Swap areas in use. See also swapon(8).
2780 /proc/sys
2782 This directory (present since 1.3.57) contains a number of files
2783 and subdirectories corresponding to kernel variables. These
2784 variables can be read and sometimes modified using the /proc
2785 filesystem, and the (deprecated) sysctl(2) system call.
2786 String values may be terminated by either '\0' or '\n'.
2788 Integer and long values may be written either in decimal or in
2790 hexadecimal notation (e.g. 0x3FFF). When writing multiple inte‐
2791 ger or long values, these may be separated by any of the follow‐
2792 ing whitespace characters: ' ', '\t', or '\n'. Using other sep‐
2793 arators leads to the error EINVAL.
2794 /proc/sys/abi (since Linux 2.4.10)
2796 This directory may contain files with application binary infor‐
2797 mation. See the Linux kernel source file Documenta‐
2798 tion/sysctl/abi.txt for more information.
2799 /proc/sys/debug
2801 This directory may be empty.
2802 /proc/sys/dev
2804 This directory contains device-specific information (e.g.,
2805 dev/cdrom/info). On some systems, it may be empty.
2806 /proc/sys/fs
2808 This directory contains the files and subdirectories for kernel
2809 variables related to filesystems.
2810 /proc/sys/fs/binfmt_misc
2812 Documentation for files in this directory can be found in the
2813 Linux kernel source in the file Documentation/admin-
2814 guide/binfmt-misc.rst (or in Documentation/binfmt_misc.txt on
2815 older kernels).
2816 /proc/sys/fs/dentry-state (since Linux 2.2)
2818 This file contains information about the status of the directory
2819 cache (dcache). The file contains six numbers, nr_dentry,
2820 nr_unused, age_limit (age in seconds), want_pages (pages
2821 requested by system) and two dummy values.
2822 * nr_dentry is the number of allocated dentries (dcache
2824 entries). This field is unused in Linux 2.2.
2825 * nr_unused is the number of unused dentries.
2827 * age_limit is the age in seconds after which dcache entries can
2829 be reclaimed when memory is short.
2830 * want_pages is nonzero when the kernel has called
2832 shrink_dcache_pages() and the dcache isn't pruned yet.
2833 /proc/sys/fs/dir-notify-enable
2835 This file can be used to disable or enable the dnotify interface
2836 described in fcntl(2) on a system-wide basis. A value of 0 in
2837 this file disables the interface, and a value of 1 enables it.
2838 /proc/sys/fs/dquot-max
2840 This file shows the maximum number of cached disk quota entries.
2841 On some (2.4) systems, it is not present. If the number of free
2842 cached disk quota entries is very low and you have some awesome
2843 number of simultaneous system users, you might want to raise the
2844 limit.
2845 /proc/sys/fs/dquot-nr
2847 This file shows the number of allocated disk quota entries and
2848 the number of free disk quota entries.
2849 /proc/sys/fs/epoll (since Linux 2.6.28)
2851 This directory contains the file max_user_watches, which can be
2852 used to limit the amount of kernel memory consumed by the epoll
2853 interface. For further details, see epoll(7).
2854 /proc/sys/fs/file-max
2856 This file defines a system-wide limit on the number of open
2857 files for all processes. System calls that fail when encounter‐
2858 ing this limit fail with the error ENFILE. (See also setr‐
2859 limit(2), which can be used by a process to set the per-process
2860 limit, RLIMIT_NOFILE, on the number of files it may open.) If
2861 you get lots of error messages in the kernel log about running
2862 out of file handles (look for "VFS: file-max limit <number>
2863 reached"), try increasing this value:
2864 echo 100000 > /proc/sys/fs/file-max
2866 Privileged processes (CAP_SYS_ADMIN) can override the file-max
2868 limit.
2869 /proc/sys/fs/file-nr
2871 This (read-only) file contains three numbers: the number of
2872 allocated file handles (i.e., the number of files presently
2873 opened); the number of free file handles; and the maximum number
2874 of file handles (i.e., the same value as /proc/sys/fs/file-max).
2875 If the number of allocated file handles is close to the maximum,
2876 you should consider increasing the maximum. Before Linux 2.6,
2877 the kernel allocated file handles dynamically, but it didn't
2878 free them again. Instead the free file handles were kept in a
2879 list for reallocation; the "free file handles" value indicates
2880 the size of that list. A large number of free file handles
2881 indicates that there was a past peak in the usage of open file
2882 handles. Since Linux 2.6, the kernel does deallocate freed file
2883 handles, and the "free file handles" value is always zero.
2884 /proc/sys/fs/inode-max (only present until Linux 2.2)
2886 This file contains the maximum number of in-memory inodes. This
2887 value should be 3–4 times larger than the value in file-max,
2888 since stdin, stdout and network sockets also need an inode to
2889 handle them. When you regularly run out of inodes, you need to
2890 increase this value.
2891 Starting with Linux 2.4, there is no longer a static limit on
2893 the number of inodes, and this file is removed.
2894 /proc/sys/fs/inode-nr
2896 This file contains the first two values from inode-state.
2897 /proc/sys/fs/inode-state
2899 This file contains seven numbers: nr_inodes, nr_free_inodes,
2900 preshrink, and four dummy values (always zero).
2901 nr_inodes is the number of inodes the system has allocated.
2903 nr_free_inodes represents the number of free inodes.
2904 preshrink is nonzero when the nr_inodes > inode-max and the sys‐
2906 tem needs to prune the inode list instead of allocating more;
2907 since Linux 2.4, this field is a dummy value (always zero).
2908 /proc/sys/fs/inotify (since Linux 2.6.13)
2910 This directory contains files max_queued_events,
2911 max_user_instances, and max_user_watches, that can be used to
2912 limit the amount of kernel memory consumed by the inotify inter‐
2913 face. For further details, see inotify(7).
2914 /proc/sys/fs/lease-break-time
2916 This file specifies the grace period that the kernel grants to a
2917 process holding a file lease (fcntl(2)) after it has sent a sig‐
2918 nal to that process notifying it that another process is waiting
2919 to open the file. If the lease holder does not remove or down‐
2920 grade the lease within this grace period, the kernel forcibly
2921 breaks the lease.
2922 /proc/sys/fs/leases-enable
2924 This file can be used to enable or disable file leases
2925 (fcntl(2)) on a system-wide basis. If this file contains the
2926 value 0, leases are disabled. A nonzero value enables leases.
2927 /proc/sys/fs/mount-max (since Linux 4.9)
2929 The value in this file specifies the maximum number of mounts
2930 that may exist in a mount namespace. The default value in this
2931 file is 100,000.
2932 /proc/sys/fs/mqueue (since Linux 2.6.6)
2934 This directory contains files msg_max, msgsize_max, and
2935 queues_max, controlling the resources used by POSIX message
2936 queues. See mq_overview(7) for details.
2937 /proc/sys/fs/nr_open (since Linux 2.6.25)
2939 This file imposes ceiling on the value to which the
2940 RLIMIT_NOFILE resource limit can be raised (see getrlimit(2)).
2941 This ceiling is enforced for both unprivileged and privileged
2942 process. The default value in this file is 1048576. (Before
2943 Linux 2.6.25, the ceiling for RLIMIT_NOFILE was hard-coded to
2944 the same value.)
2945 /proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid
2947 These files allow you to change the value of the fixed UID and
2948 GID. The default is 65534. Some filesystems support only
2949 16-bit UIDs and GIDs, although in Linux UIDs and GIDs are 32
2950 bits. When one of these filesystems is mounted with writes
2951 enabled, any UID or GID that would exceed 65535 is translated to
2952 the overflow value before being written to disk.
2953 /proc/sys/fs/pipe-max-size (since Linux 2.6.35)
2955 See pipe(7).
2956 /proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)
2958 See pipe(7).
2959 /proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)
2961 See pipe(7).
2962 /proc/sys/fs/protected_hardlinks (since Linux 3.6)
2964 When the value in this file is 0, no restrictions are placed on
2965 the creation of hard links (i.e., this is the historical behav‐
2966 ior before Linux 3.6). When the value in this file is 1, a hard
2967 link can be created to a target file only if one of the follow‐
2968 ing conditions is true:
2969 * The calling process has the CAP_FOWNER capability in its user
2971 namespace and the file UID has a mapping in the namespace.
2972 * The filesystem UID of the process creating the link matches
2974 the owner (UID) of the target file (as described in creden‐
2975 tials(7), a process's filesystem UID is normally the same as
2976 its effective UID).
2977 * All of the following conditions are true:
2979 · the target is a regular file;
2981 · the target file does not have its set-user-ID mode bit
2983 enabled;
2984 · the target file does not have both its set-group-ID and
2986 group-executable mode bits enabled; and
2987 · the caller has permission to read and write the target
2989 file (either via the file's permissions mask or because
2990 it has suitable capabilities).
2991 The default value in this file is 0. Setting the value to 1
2993 prevents a longstanding class of security issues caused by hard-
2994 link-based time-of-check, time-of-use races, most commonly seen
2995 in world-writable directories such as /tmp. The common method
2996 of exploiting this flaw is to cross privilege boundaries when
2997 following a given hard link (i.e., a root process follows a hard
2998 link created by another user). Additionally, on systems without
2999 separated partitions, this stops unauthorized users from "pin‐
3000 ning" vulnerable set-user-ID and set-group-ID files against
3001 being upgraded by the administrator, or linking to special
3002 files.
3003 /proc/sys/fs/protected_symlinks (since Linux 3.6)
3005 When the value in this file is 0, no restrictions are placed on
3006 following symbolic links (i.e., this is the historical behavior
3007 before Linux 3.6). When the value in this file is 1, symbolic
3008 links are followed only in the following circumstances:
3009 * the filesystem UID of the process following the link matches
3011 the owner (UID) of the symbolic link (as described in creden‐
3012 tials(7), a process's filesystem UID is normally the same as
3013 its effective UID);
3014 * the link is not in a sticky world-writable directory; or
3016 * the symbolic link and its parent directory have the same
3018 owner (UID)
3019 A system call that fails to follow a symbolic link because of
3021 the above restrictions returns the error EACCES in errno.
3022 The default value in this file is 0. Setting the value to 1
3024 avoids a longstanding class of security issues based on time-of-
3025 check, time-of-use races when accessing symbolic links.
3026 /proc/sys/fs/suid_dumpable (since Linux 2.6.13)
3028 The value in this file is assigned to a process's "dumpable"
3029 flag in the circumstances described in prctl(2). In effect, the
3030 value in this file determines whether core dump files are pro‐
3031 duced for set-user-ID or otherwise protected/tainted binaries.
3032 The "dumpable" setting also affects the ownership of files in a
3033 process's /proc/[pid] directory, as described above.
3034 Three different integer values can be specified:
3036 0 (default)
3038 This provides the traditional (pre-Linux 2.6.13) behav‐
3039 ior. A core dump will not be produced for a process
3040 which has changed credentials (by calling seteuid(2),
3041 setgid(2), or similar, or by executing a set-user-ID or
3042 set-group-ID program) or whose binary does not have read
3043 permission enabled.
3044 1 ("debug")
3046 All processes dump core when possible. (Reasons why a
3047 process might nevertheless not dump core are described in
3048 core(5).) The core dump is owned by the filesystem user
3049 ID of the dumping process and no security is applied.
3050 This is intended for system debugging situations only:
3051 this mode is insecure because it allows unprivileged
3052 users to examine the memory contents of privileged pro‐
3053 cesses.
3054 2 ("suidsafe")
3056 Any binary which normally would not be dumped (see "0"
3057 above) is dumped readable by root only. This allows the
3058 user to remove the core dump file but not to read it.
3059 For security reasons core dumps in this mode will not
3060 overwrite one another or other files. This mode is
3061 appropriate when administrators are attempting to debug
3062 problems in a normal environment.
3063 Additionally, since Linux 3.6, /proc/sys/kernel/core_pat‐
3065 tern must either be an absolute pathname or a pipe com‐
3066 mand, as detailed in core(5). Warnings will be written
3067 to the kernel log if core_pattern does not follow these
3068 rules, and no core dump will be produced.
3069 For details of the effect of a process's "dumpable" setting on
3071 ptrace access mode checking, see ptrace(2).
3072 /proc/sys/fs/super-max
3074 This file controls the maximum number of superblocks, and thus
3075 the maximum number of mounted filesystems the kernel can have.
3076 You need increase only super-max if you need to mount more
3077 filesystems than the current value in super-max allows you to.
3078 /proc/sys/fs/super-nr
3080 This file contains the number of filesystems currently mounted.
3081 /proc/sys/kernel
3083 This directory contains files controlling a range of kernel
3084 parameters, as described below.
3085 /proc/sys/kernel/acct
3087 This file contains three numbers: highwater, lowwater, and fre‐
3088 quency. If BSD-style process accounting is enabled, these val‐
3089 ues control its behavior. If free space on filesystem where the
3090 log lives goes below lowwater percent, accounting suspends. If
3091 free space gets above highwater percent, accounting resumes.
3092 frequency determines how often the kernel checks the amount of
3093 free space (value is in seconds). Default values are 4, 2 and
3094 30. That is, suspend accounting if 2% or less space is free;
3095 resume it if 4% or more space is free; consider information
3096 about amount of free space valid for 30 seconds.
3097 /proc/sys/kernel/auto_msgmni (Linux 2.6.27 to 3.18)
3099 From Linux 2.6.27 to 3.18, this file was used to control recom‐
3100 puting of the value in /proc/sys/kernel/msgmni upon the addition
3101 or removal of memory or upon IPC namespace creation/removal.
3102 Echoing "1" into this file enabled msgmni automatic recomputing
3103 (and triggered a recomputation of msgmni based on the current
3104 amount of available memory and number of IPC namespaces). Echo‐
3105 ing "0" disabled automatic recomputing. (Automatic recomputing
3106 was also disabled if a value was explicitly assigned to
3107 /proc/sys/kernel/msgmni.) The default value in auto_msgmni was
3108 1.
3109 Since Linux 3.19, the content of this file has no effect
3111 (because msgmni defaults to near the maximum value possible),
3112 and reads from this file always return the value "0".
3113 /proc/sys/kernel/cap_last_cap (since Linux 3.2)
3115 See capabilities(7).
3116 /proc/sys/kernel/cap-bound (from Linux 2.2 to 2.6.24)
3118 This file holds the value of the kernel capability bounding set
3119 (expressed as a signed decimal number). This set is ANDed
3120 against the capabilities permitted to a process during
3121 execve(2). Starting with Linux 2.6.25, the system-wide capabil‐
3122 ity bounding set disappeared, and was replaced by a per-thread
3123 bounding set; see capabilities(7).
3124 /proc/sys/kernel/core_pattern
3126 See core(5).
3127 /proc/sys/kernel/core_pipe_limit
3129 See core(5).
3130 /proc/sys/kernel/core_uses_pid
3132 See core(5).
3133 /proc/sys/kernel/ctrl-alt-del
3135 This file controls the handling of Ctrl-Alt-Del from the key‐
3136 board. When the value in this file is 0, Ctrl-Alt-Del is
3137 trapped and sent to the init(1) program to handle a graceful
3138 restart. When the value is greater than zero, Linux's reaction
3139 to a Vulcan Nerve Pinch (tm) will be an immediate reboot, with‐
3140 out even syncing its dirty buffers. Note: when a program (like
3141 dosemu) has the keyboard in "raw" mode, the ctrl-alt-del is
3142 intercepted by the program before it ever reaches the kernel tty
3143 layer, and it's up to the program to decide what to do with it.
3144 /proc/sys/kernel/dmesg_restrict (since Linux 2.6.37)
3146 The value in this file determines who can see kernel syslog con‐
3147 tents. A value of 0 in this file imposes no restrictions. If
3148 the value is 1, only privileged users can read the kernel sys‐
3149 log. (See syslog(2) for more details.) Since Linux 3.4, only
3150 users with the CAP_SYS_ADMIN capability may change the value in
3151 this file.
3152 /proc/sys/kernel/domainname and /proc/sys/kernel/hostname
3154 can be used to set the NIS/YP domainname and the hostname of
3155 your box in exactly the same way as the commands domainname(1)
3156 and hostname(1), that is:
3157 # echo 'darkstar' > /proc/sys/kernel/hostname
3159 # echo 'mydomain' > /proc/sys/kernel/domainname
3160 has the same effect as
3162 # hostname 'darkstar'
3164 # domainname 'mydomain'
3165 Note, however, that the classic darkstar.frop.org has the host‐
3167 name "darkstar" and DNS (Internet Domain Name Server) domainname
3168 "frop.org", not to be confused with the NIS (Network Information
3169 Service) or YP (Yellow Pages) domainname. These two domain
3170 names are in general different. For a detailed discussion see
3171 the hostname(1) man page.
3172 /proc/sys/kernel/hotplug
3174 This file contains the path for the hotplug policy agent. The
3175 default value in this file is /sbin/hotplug.
3176 /proc/sys/kernel/htab-reclaim (before Linux 2.4.9.2)
3178 (PowerPC only) If this file is set to a nonzero value, the Pow‐
3179 erPC htab (see kernel file Documentation/powerpc/ppc_htab.txt)
3180 is pruned each time the system hits the idle loop.
3181 /proc/sys/kernel/keys/*
3183 This directory contains various files that define parameters and
3184 limits for the key-management facility. These files are
3185 described in keyrings(7).
3186 /proc/sys/kernel/kptr_restrict (since Linux 2.6.38)
3188 The value in this file determines whether kernel addresses are
3189 exposed via /proc files and other interfaces. A value of 0 in
3190 this file imposes no restrictions. If the value is 1, kernel
3191 pointers printed using the %pK format specifier will be replaced
3192 with zeros unless the user has the CAP_SYSLOG capability. If
3193 the value is 2, kernel pointers printed using the %pK format
3194 specifier will be replaced with zeros regardless of the user's
3195 capabilities. The initial default value for this file was 1,
3196 but the default was changed to 0 in Linux 2.6.39. Since Linux
3197 3.4, only users with the CAP_SYS_ADMIN capability can change the
3198 value in this file.
3199 /proc/sys/kernel/l2cr
3201 (PowerPC only) This file contains a flag that controls the L2
3202 cache of G3 processor boards. If 0, the cache is disabled.
3203 Enabled if nonzero.
3204 /proc/sys/kernel/modprobe
3206 This file contains the path for the kernel module loader. The
3207 default value is /sbin/modprobe. The file is present only if
3208 the kernel is built with the CONFIG_MODULES (CONFIG_KMOD in
3209 Linux 2.6.26 and earlier) option enabled. It is described by
3210 the Linux kernel source file Documentation/kmod.txt (present
3211 only in kernel 2.4 and earlier).
3212 /proc/sys/kernel/modules_disabled (since Linux 2.6.31)
3214 A toggle value indicating if modules are allowed to be loaded in
3215 an otherwise modular kernel. This toggle defaults to off (0),
3216 but can be set true (1). Once true, modules can be neither
3217 loaded nor unloaded, and the toggle cannot be set back to false.
3218 The file is present only if the kernel is built with the CON‐
3219 FIG_MODULES option enabled.
3220 /proc/sys/kernel/msgmax (since Linux 2.2)
3222 This file defines a system-wide limit specifying the maximum
3223 number of bytes in a single message written on a System V mes‐
3224 sage queue.
3225 /proc/sys/kernel/msgmni (since Linux 2.4)
3227 This file defines the system-wide limit on the number of message
3228 queue identifiers. See also /proc/sys/kernel/auto_msgmni.
3229 /proc/sys/kernel/msgmnb (since Linux 2.2)
3231 This file defines a system-wide parameter used to initialize the
3232 msg_qbytes setting for subsequently created message queues. The
3233 msg_qbytes setting specifies the maximum number of bytes that
3234 may be written to the message queue.
3235 /proc/sys/kernel/ngroups_max (since Linux 2.6.4)
3237 This is a read-only file that displays the upper limit on the
3238 number of a process's group memberships.
3239 /proc/sys/kernel/ns_last_pid (since Linux 3.3)
3241 See pid_namespaces(7).
3242 /proc/sys/kernel/ostype and /proc/sys/kernel/osrelease
3244 These files give substrings of /proc/version.
3245 /proc/sys/kernel/overflowgid and /proc/sys/kernel/overflowuid
3247 These files duplicate the files /proc/sys/fs/overflowgid and
3248 /proc/sys/fs/overflowuid.
3249 /proc/sys/kernel/panic
3251 This file gives read/write access to the kernel variable
3252 panic_timeout. If this is zero, the kernel will loop on a
3253 panic; if nonzero, it indicates that the kernel should autore‐
3254 boot after this number of seconds. When you use the software
3255 watchdog device driver, the recommended setting is 60.
3256 /proc/sys/kernel/panic_on_oops (since Linux 2.5.68)
3258 This file controls the kernel's behavior when an oops or BUG is
3259 encountered. If this file contains 0, then the system tries to
3260 continue operation. If it contains 1, then the system delays a
3261 few seconds (to give klogd time to record the oops output) and
3262 then panics. If the /proc/sys/kernel/panic file is also
3263 nonzero, then the machine will be rebooted.
3264 /proc/sys/kernel/pid_max (since Linux 2.5.34)
3266 This file specifies the value at which PIDs wrap around (i.e.,
3267 the value in this file is one greater than the maximum PID).
3268 PIDs greater than this value are not allocated; thus, the value
3269 in this file also acts as a system-wide limit on the total num‐
3270 ber of processes and threads. The default value for this file,
3271 32768, results in the same range of PIDs as on earlier kernels.
3272 On 32-bit platforms, 32768 is the maximum value for pid_max. On
3273 64-bit systems, pid_max can be set to any value up to 2^22
3274 (PID_MAX_LIMIT, approximately 4 million).
3275 /proc/sys/kernel/powersave-nap (PowerPC only)
3277 This file contains a flag. If set, Linux-PPC will use the "nap"
3278 mode of powersaving, otherwise the "doze" mode will be used.
3279 /proc/sys/kernel/printk
3281 See syslog(2).
3282 /proc/sys/kernel/pty (since Linux 2.6.4)
3284 This directory contains two files relating to the number of UNIX
3285 98 pseudoterminals (see pts(4)) on the system.
3286 /proc/sys/kernel/pty/max
3288 This file defines the maximum number of pseudoterminals.
3289 /proc/sys/kernel/pty/nr
3291 This read-only file indicates how many pseudoterminals are cur‐
3292 rently in use.
3293 /proc/sys/kernel/random
3295 This directory contains various parameters controlling the oper‐
3296 ation of the file /dev/random. See random(4) for further infor‐
3297 mation.
3298 /proc/sys/kernel/random/uuid (since Linux 2.4)
3300 Each read from this read-only file returns a randomly generated
3301 128-bit UUID, as a string in the standard UUID format.
3302 /proc/sys/kernel/randomize_va_space (since Linux 2.6.12)
3304 Select the address space layout randomization (ASLR) policy for
3305 the system (on architectures that support ASLR). Three values
3306 are supported for this file:
3307 0 Turn ASLR off. This is the default for architectures that
3309 don't support ASLR, and when the kernel is booted with the
3310 norandmaps parameter.
3311 1 Make the addresses of mmap(2) allocations, the stack, and the
3313 VDSO page randomized. Among other things, this means that
3314 shared libraries will be loaded at randomized addresses. The
3315 text segment of PIE-linked binaries will also be loaded at a
3316 randomized address. This value is the default if the kernel
3317 was configured with CONFIG_COMPAT_BRK.
3318 2 (Since Linux 2.6.25) Also support heap randomization. This
3320 value is the default if the kernel was not configured with
3321 CONFIG_COMPAT_BRK.
3322 /proc/sys/kernel/real-root-dev
3324 This file is documented in the Linux kernel source file Documen‐
3325 tation/admin-guide/initrd.rst (or Documentation/initrd.txt
3326 before Linux 4.10).
3327 /proc/sys/kernel/reboot-cmd (Sparc only)
3329 This file seems to be a way to give an argument to the SPARC
3330 ROM/Flash boot loader. Maybe to tell it what to do after
3331 rebooting?
3332 /proc/sys/kernel/rtsig-max
3334 (Only in kernels up to and including 2.6.7; see setrlimit(2))
3335 This file can be used to tune the maximum number of POSIX real-
3336 time (queued) signals that can be outstanding in the system.
3337 /proc/sys/kernel/rtsig-nr
3339 (Only in kernels up to and including 2.6.7.) This file shows
3340 the number of POSIX real-time signals currently queued.
3341 /proc/[pid]/sched_autogroup_enabled (since Linux 2.6.38)
3343 See sched(7).
3344 /proc/sys/kernel/sched_child_runs_first (since Linux 2.6.23)
3346 If this file contains the value zero, then, after a fork(2), the
3347 parent is first scheduled on the CPU. If the file contains a
3348 nonzero value, then the child is scheduled first on the CPU.
3349 (Of course, on a multiprocessor system, the parent and the child
3350 might both immediately be scheduled on a CPU.)
3351 /proc/sys/kernel/sched_rr_timeslice_ms (since Linux 3.9)
3353 See sched_rr_get_interval(2).
3354 /proc/sys/kernel/sched_rt_period_us (since Linux 2.6.25)
3356 See sched(7).
3357 /proc/sys/kernel/sched_rt_runtime_us (since Linux 2.6.25)
3359 See sched(7).
3360 /proc/sys/kernel/seccomp (since Linux 4.14)
3362 This directory provides additional seccomp information and con‐
3363 figuration. See seccomp(2) for further details.
3364 /proc/sys/kernel/sem (since Linux 2.4)
3366 This file contains 4 numbers defining limits for System V IPC
3367 semaphores. These fields are, in order:
3368 SEMMSL The maximum semaphores per semaphore set.
3370 SEMMNS A system-wide limit on the number of semaphores in all
3372 semaphore sets.
3373 SEMOPM The maximum number of operations that may be specified
3375 in a semop(2) call.
3376 SEMMNI A system-wide limit on the maximum number of semaphore
3378 identifiers.
3379 /proc/sys/kernel/sg-big-buff
3381 This file shows the size of the generic SCSI device (sg) buffer.
3382 You can't tune it just yet, but you could change it at compile
3383 time by editing include/scsi/sg.h and changing the value of
3384 SG_BIG_BUFF. However, there shouldn't be any reason to change
3385 this value.
3386 /proc/sys/kernel/shm_rmid_forced (since Linux 3.1)
3388 If this file is set to 1, all System V shared memory segments
3389 will be marked for destruction as soon as the number of attached
3390 processes falls to zero; in other words, it is no longer possi‐
3391 ble to create shared memory segments that exist independently of
3392 any attached process.
3393 The effect is as though a shmctl(2) IPC_RMID is performed on all
3395 existing segments as well as all segments created in the future
3396 (until this file is reset to 0). Note that existing segments
3397 that are attached to no process will be immediately destroyed
3398 when this file is set to 1. Setting this option will also
3399 destroy segments that were created, but never attached, upon
3400 termination of the process that created the segment with
3401 shmget(2).
3402 Setting this file to 1 provides a way of ensuring that all Sys‐
3404 tem V shared memory segments are counted against the resource
3405 usage and resource limits (see the description of RLIMIT_AS in
3406 getrlimit(2)) of at least one process.
3407 Because setting this file to 1 produces behavior that is non‐
3409 standard and could also break existing applications, the default
3410 value in this file is 0. Set this file to 1 only if you have a
3411 good understanding of the semantics of the applications using
3412 System V shared memory on your system.
3413 /proc/sys/kernel/shmall (since Linux 2.2)
3415 This file contains the system-wide limit on the total number of
3416 pages of System V shared memory.
3417 /proc/sys/kernel/shmmax (since Linux 2.2)
3419 This file can be used to query and set the run-time limit on the
3420 maximum (System V IPC) shared memory segment size that can be
3421 created. Shared memory segments up to 1GB are now supported in
3422 the kernel. This value defaults to SHMMAX.
3423 /proc/sys/kernel/shmmni (since Linux 2.4)
3425 This file specifies the system-wide maximum number of System V
3426 shared memory segments that can be created.
3427 /proc/sys/kernel/sysctl_writes_strict (since Linux 3.16)
3429 The value in this file determines how the file offset affects
3430 the behavior of updating entries in files under /proc/sys. The
3431 file has three possible values:
3432 -1 This provides legacy handling, with no printk warnings.
3434 Each write(2) must fully contain the value to be written,
3435 and multiple writes on the same file descriptor will over‐
3436 write the entire value, regardless of the file position.
3437 0 (default) This provides the same behavior as for -1, but
3439 printk warnings are written for processes that perform
3440 writes when the file offset is not 0.
3441 1 Respect the file offset when writing strings into /proc/sys
3443 files. Multiple writes will append to the value buffer.
3444 Anything written beyond the maximum length of the value buf‐
3445 fer will be ignored. Writes to numeric /proc/sys entries
3446 must always be at file offset 0 and the value must be fully
3447 contained in the buffer provided to write(2).
3448 /proc/sys/kernel/sysrq
3450 This file controls the functions allowed to be invoked by the
3451 SysRq key. By default, the file contains 1 meaning that every
3452 possible SysRq request is allowed (in older kernel versions,
3453 SysRq was disabled by default, and you were required to specifi‐
3454 cally enable it at run-time, but this is not the case any more).
3455 Possible values in this file are:
3456 0 Disable sysrq completely
3458 1 Enable all functions of sysrq
3460 > 1 Bit mask of allowed sysrq functions, as follows:
3462 2 Enable control of console logging level
3463 4 Enable control of keyboard (SAK, unraw)
3464 8 Enable debugging dumps of processes etc.
3465 16 Enable sync command
3466 32 Enable remount read-only
3467 64 Enable signaling of processes (term, kill, oom-kill)
3468 128 Allow reboot/poweroff
3469 256 Allow nicing of all real-time tasks
3470 This file is present only if the CONFIG_MAGIC_SYSRQ kernel con‐
3472 figuration option is enabled. For further details see the Linux
3473 kernel source file Documentation/admin-guide/sysrq.rst (or Docu‐
3474 mentation/sysrq.txt before Linux 4.10).
3475 /proc/sys/kernel/version
3477 This file contains a string such as:
3478 #5 Wed Feb 25 21:49:24 MET 1998
3480 The "#5" means that this is the fifth kernel built from this
3482 source base and the date following it indicates the time the
3483 kernel was built.
3484 /proc/sys/kernel/threads-max (since Linux 2.3.11)
3486 This file specifies the system-wide limit on the number of
3487 threads (tasks) that can be created on the system.
3488 Since Linux 4.1, the value that can be written to threads-max is
3490 bounded. The minimum value that can be written is 20. The max‐
3491 imum value that can be written is given by the constant
3492 FUTEX_TID_MASK (0x3fffffff). If a value outside of this range
3493 is written to threads-max, the error EINVAL occurs.
3494 The value written is checked against the available RAM pages.
3496 If the thread structures would occupy too much (more than 1/8th)
3497 of the available RAM pages, threads-max is reduced accordingly.
3498 /proc/sys/kernel/yama/ptrace_scope (since Linux 3.5)
3500 See ptrace(2).
3501 /proc/sys/kernel/zero-paged (PowerPC only)
3503 This file contains a flag. When enabled (nonzero), Linux-PPC
3504 will pre-zero pages in the idle loop, possibly speeding up
3505 get_free_pages.
3506 /proc/sys/net
3508 This directory contains networking stuff. Explanations for some
3509 of the files under this directory can be found in tcp(7) and
3510 ip(7).
3511 /proc/sys/net/core/bpf_jit_enable
3513 See bpf(2).
3514 /proc/sys/net/core/somaxconn
3516 This file defines a ceiling value for the backlog argument of
3517 listen(2); see the listen(2) manual page for details.
3518 /proc/sys/proc
3520 This directory may be empty.
3521 /proc/sys/sunrpc
3523 This directory supports Sun remote procedure call for network
3524 filesystem (NFS). On some systems, it is not present.
3525 /proc/sys/user (since Linux 4.9)
3527 See namespaces(7).
3528 /proc/sys/vm
3530 This directory contains files for memory management tuning, buf‐
3531 fer and cache management.
3532 /proc/sys/vm/admin_reserve_kbytes (since Linux 3.10)
3534 This file defines the amount of free memory (in KiB) on the sys‐
3535 tem that should be reserved for users with the capability
3536 CAP_SYS_ADMIN.
3537 The default value in this file is the minimum of [3% of free
3539 pages, 8MiB] expressed as KiB. The default is intended to pro‐
3540 vide enough for the superuser to log in and kill a process, if
3541 necessary, under the default overcommit 'guess' mode (i.e., 0 in
3542 /proc/sys/vm/overcommit_memory).
3543 Systems running in "overcommit never" mode (i.e., 2 in
3545 /proc/sys/vm/overcommit_memory) should increase the value in
3546 this file to account for the full virtual memory size of the
3547 programs used to recover (e.g., login(1) ssh(1), and top(1))
3548 Otherwise, the superuser may not be able to log in to recover
3549 the system. For example, on x86-64 a suitable value is 131072
3550 (128MiB reserved).
3551 Changing the value in this file takes effect whenever an appli‐
3553 cation requests memory.
3554 /proc/sys/vm/compact_memory (since Linux 2.6.35)
3556 When 1 is written to this file, all zones are compacted such
3557 that free memory is available in contiguous blocks where possi‐
3558 ble. The effect of this action can be seen by examining
3559 /proc/buddyinfo.
3560 Present only if the kernel was configured with CONFIG_COM‐
3562 PACTION.
3563 /proc/sys/vm/drop_caches (since Linux 2.6.16)
3565 Writing to this file causes the kernel to drop clean caches,
3566 dentries, and inodes from memory, causing that memory to become
3567 free. This can be useful for memory management testing and per‐
3568 forming reproducible filesystem benchmarks. Because writing to
3569 this file causes the benefits of caching to be lost, it can
3570 degrade overall system performance.
3571 To free pagecache, use:
3573 echo 1 > /proc/sys/vm/drop_caches
3575 To free dentries and inodes, use:
3577 echo 2 > /proc/sys/vm/drop_caches
3579 To free pagecache, dentries and inodes, use:
3581 echo 3 > /proc/sys/vm/drop_caches
3583 Because writing to this file is a nondestructive operation and
3585 dirty objects are not freeable, the user should run sync(1)
3586 first.
3587 /proc/sys/vm/legacy_va_layout (since Linux 2.6.9)
3589 If nonzero, this disables the new 32-bit memory-mapping layout;
3590 the kernel will use the legacy (2.4) layout for all processes.
3591 /proc/sys/vm/memory_failure_early_kill (since Linux 2.6.32)
3593 Control how to kill processes when an uncorrected memory error
3594 (typically a 2-bit error in a memory module) that cannot be han‐
3595 dled by the kernel is detected in the background by hardware.
3596 In some cases (like the page still having a valid copy on disk),
3597 the kernel will handle the failure transparently without affect‐
3598 ing any applications. But if there is no other up-to-date copy
3599 of the data, it will kill processes to prevent any data corrup‐
3600 tions from propagating.
3601 The file has one of the following values:
3603 1: Kill all processes that have the corrupted-and-not-reload‐
3605 able page mapped as soon as the corruption is detected.
3606 Note that this is not supported for a few types of pages,
3607 such as kernel internally allocated data or the swap cache,
3608 but works for the majority of user pages.
3609 0: Unmap the corrupted page from all processes and kill a
3611 process only if it tries to access the page.
3612 The kill is performed using a SIGBUS signal with si_code set to
3614 BUS_MCEERR_AO. Processes can handle this if they want to; see
3615 sigaction(2) for more details.
3616 This feature is active only on architectures/platforms with
3618 advanced machine check handling and depends on the hardware
3619 capabilities.
3620 Applications can override the memory_failure_early_kill setting
3622 individually with the prctl(2) PR_MCE_KILL operation.
3623 Present only if the kernel was configured with CONFIG_MEM‐
3625 ORY_FAILURE.
3626 /proc/sys/vm/memory_failure_recovery (since Linux 2.6.32)
3628 Enable memory failure recovery (when supported by the platform)
3629 1: Attempt recovery.
3631 0: Always panic on a memory failure.
3633 Present only if the kernel was configured with CONFIG_MEM‐
3635 ORY_FAILURE.
3636 /proc/sys/vm/oom_dump_tasks (since Linux 2.6.25)
3638 Enables a system-wide task dump (excluding kernel threads) to be
3639 produced when the kernel performs an OOM-killing. The dump
3640 includes the following information for each task (thread,
3641 process): thread ID, real user ID, thread group ID (process ID),
3642 virtual memory size, resident set size, the CPU that the task is
3643 scheduled on, oom_adj score (see the description of
3644 /proc/[pid]/oom_adj), and command name. This is helpful to
3645 determine why the OOM-killer was invoked and to identify the
3646 rogue task that caused it.
3647 If this contains the value zero, this information is suppressed.
3649 On very large systems with thousands of tasks, it may not be
3650 feasible to dump the memory state information for each one.
3651 Such systems should not be forced to incur a performance penalty
3652 in OOM situations when the information may not be desired.
3653 If this is set to nonzero, this information is shown whenever
3655 the OOM-killer actually kills a memory-hogging task.
3656 The default value is 0.
3658 /proc/sys/vm/oom_kill_allocating_task (since Linux 2.6.24)
3660 This enables or disables killing the OOM-triggering task in out-
3661 of-memory situations.
3662 If this is set to zero, the OOM-killer will scan through the
3664 entire tasklist and select a task based on heuristics to kill.
3665 This normally selects a rogue memory-hogging task that frees up
3666 a large amount of memory when killed.
3667 If this is set to nonzero, the OOM-killer simply kills the task
3669 that triggered the out-of-memory condition. This avoids a pos‐
3670 sibly expensive tasklist scan.
3671 If /proc/sys/vm/panic_on_oom is nonzero, it takes precedence
3673 over whatever value is used in /proc/sys/vm/oom_kill_allocat‐
3674 ing_task.
3675 The default value is 0.
3677 /proc/sys/vm/overcommit_kbytes (since Linux 3.14)
3679 This writable file provides an alternative to /proc/sys/vm/over‐
3680 commit_ratio for controlling the CommitLimit when
3681 /proc/sys/vm/overcommit_memory has the value 2. It allows the
3682 amount of memory overcommitting to be specified as an absolute
3683 value (in kB), rather than as a percentage, as is done with
3684 overcommit_ratio. This allows for finer-grained control of Com‐
3685 mitLimit on systems with extremely large memory sizes.
3686 Only one of overcommit_kbytes or overcommit_ratio can have an
3688 effect: if overcommit_kbytes has a nonzero value, then it is
3689 used to calculate CommitLimit, otherwise overcommit_ratio is
3690 used. Writing a value to either of these files causes the value
3691 in the other file to be set to zero.
3692 /proc/sys/vm/overcommit_memory
3694 This file contains the kernel virtual memory accounting mode.
3695 Values are:
3696 0: heuristic overcommit (this is the default)
3698 1: always overcommit, never check
3699 2: always check, never overcommit
3700 In mode 0, calls of mmap(2) with MAP_NORESERVE are not checked,
3702 and the default check is very weak, leading to the risk of get‐
3703 ting a process "OOM-killed".
3704 In mode 1, the kernel pretends there is always enough memory,
3706 until memory actually runs out. One use case for this mode is
3707 scientific computing applications that employ large sparse
3708 arrays. In Linux kernel versions before 2.6.0, any nonzero
3709 value implies mode 1.
3710 In mode 2 (available since Linux 2.6), the total virtual address
3712 space that can be allocated (CommitLimit in /proc/meminfo) is
3713 calculated as
3714 CommitLimit = (total_RAM - total_huge_TLB) *
3716 overcommit_ratio / 100 + total_swap
3717 where:
3719 * total_RAM is the total amount of RAM on the system;
3721 * total_huge_TLB is the amount of memory set aside for
3723 huge pages;
3724 * overcommit_ratio is the value in /proc/sys/vm/overcom‐
3726 mit_ratio; and
3727 * total_swap is the amount of swap space.
3729 For example, on a system with 16GB of physical RAM, 16GB of
3731 swap, no space dedicated to huge pages, and an overcommit_ratio
3732 of 50, this formula yields a CommitLimit of 24GB.
3733 Since Linux 3.14, if the value in /proc/sys/vm/overcommit_kbytes
3735 is nonzero, then CommitLimit is instead calculated as:
3736 CommitLimit = overcommit_kbytes + total_swap
3738 See also the description of /proc/sys/vm/admiin_reserve_kbytes
3740 and /proc/sys/vm/user_reserve_kbytes.
3741 /proc/sys/vm/overcommit_ratio (since Linux 2.6.0)
3743 This writable file defines a percentage by which memory can be
3744 overcommitted. The default value in the file is 50. See the
3745 description of /proc/sys/vm/overcommit_memory.
3746 /proc/sys/vm/panic_on_oom (since Linux 2.6.18)
3748 This enables or disables a kernel panic in an out-of-memory sit‐
3749 uation.
3750 If this file is set to the value 0, the kernel's OOM-killer will
3752 kill some rogue process. Usually, the OOM-killer is able to
3753 kill a rogue process and the system will survive.
3754 If this file is set to the value 1, then the kernel normally
3756 panics when out-of-memory happens. However, if a process limits
3757 allocations to certain nodes using memory policies (mbind(2)
3758 MPOL_BIND) or cpusets (cpuset(7)) and those nodes reach memory
3759 exhaustion status, one process may be killed by the OOM-killer.
3760 No panic occurs in this case: because other nodes' memory may be
3761 free, this means the system as a whole may not have reached an
3762 out-of-memory situation yet.
3763 If this file is set to the value 2, the kernel always panics
3765 when an out-of-memory condition occurs.
3766 The default value is 0. 1 and 2 are for failover of clustering.
3768 Select either according to your policy of failover.
3769 /proc/sys/vm/swappiness
3771 The value in this file controls how aggressively the kernel will
3772 swap memory pages. Higher values increase aggressiveness, lower
3773 values decrease aggressiveness. The default value is 60.
3774 /proc/sys/vm/user_reserve_kbytes (since Linux 3.10)
3776 Specifies an amount of memory (in KiB) to reserve for user pro‐
3777 cesses, This is intended to prevent a user from starting a sin‐
3778 gle memory hogging process, such that they cannot recover (kill
3779 the hog). The value in this file has an effect only when
3780 /proc/sys/vm/overcommit_memory is set to 2 ("overcommit never"
3781 mode). In this case, the system reserves an amount of memory
3782 that is the minimum of [3% of current process size,
3783 user_reserve_kbytes].
3784 The default value in this file is the minimum of [3% of free
3786 pages, 128MiB] expressed as KiB.
3787 If the value in this file is set to zero, then a user will be
3789 allowed to allocate all free memory with a single process (minus
3790 the amount reserved by /proc/sys/vm/admin_reserve_kbytes). Any
3791 subsequent attempts to execute a command will result in "fork:
3792 Cannot allocate memory".
3793 Changing the value in this file takes effect whenever an appli‐
3795 cation requests memory.
3796 /proc/sysrq-trigger (since Linux 2.4.21)
3798 Writing a character to this file triggers the same SysRq func‐
3799 tion as typing ALT-SysRq-<character> (see the description of
3800 /proc/sys/kernel/sysrq). This file is normally writable only by
3801 root. For further details see the Linux kernel source file Doc‐
3802 umentation/admin-guide/sysrq.rst (or Documentation/sysrq.txt
3803 before Linux 4.10).
3804 /proc/sysvipc
3806 Subdirectory containing the pseudo-files msg, sem and shm.
3807 These files list the System V Interprocess Communication (IPC)
3808 objects (respectively: message queues, semaphores, and shared
3809 memory) that currently exist on the system, providing similar
3810 information to that available via ipcs(1). These files have
3811 headers and are formatted (one IPC object per line) for easy
3812 understanding. svipc(7) provides further background on the
3813 information shown by these files.
3814 /proc/thread-self (since Linux 3.17)
3816 This directory refers to the thread accessing the /proc filesys‐
3817 tem, and is identical to the /proc/self/task/[tid] directory
3818 named by the process thread ID ([tid]) of the same thread.
3819 /proc/timer_list (since Linux 2.6.21)
3821 This read-only file exposes a list of all currently pending
3822 (high-resolution) timers, all clock-event sources, and their
3823 parameters in a human-readable form.
3824 /proc/timer_stats (from Linux 2.6.21 until Linux 4.10)
3826 This is a debugging facility to make timer (ab)use in a Linux
3827 system visible to kernel and user-space developers. It can be
3828 used by kernel and user-space developers to verify that their
3829 code does not make undue use of timers. The goal is to avoid
3830 unnecessary wakeups, thereby optimizing power consumption.
3831 If enabled in the kernel (CONFIG_TIMER_STATS), but not used, it
3833 has almost zero run-time overhead and a relatively small data-
3834 structure overhead. Even if collection is enabled at run time,
3835 overhead is low: all the locking is per-CPU and lookup is
3836 hashed.
3837 The /proc/timer_stats file is used both to control sampling
3839 facility and to read out the sampled information.
3840 The timer_stats functionality is inactive on bootup. A sampling
3842 period can be started using the following command:
3843 # echo 1 > /proc/timer_stats
3845 The following command stops a sampling period:
3847 # echo 0 > /proc/timer_stats
3849 The statistics can be retrieved by:
3851 $ cat /proc/timer_stats
3853 While sampling is enabled, each readout from /proc/timer_stats
3855 will see newly updated statistics. Once sampling is disabled,
3856 the sampled information is kept until a new sample period is
3857 started. This allows multiple readouts.
3858 Sample output from /proc/timer_stats:
3860 $ cat /proc/timer_stats
3862 Timer Stats Version: v0.3
3863 Sample period: 1.764 s
3864 Collection: active
3865 255, 0 swapper/3 hrtimer_start_range_ns (tick_sched_timer)
3866 71, 0 swapper/1 hrtimer_start_range_ns (tick_sched_timer)
3867 58, 0 swapper/0 hrtimer_start_range_ns (tick_sched_timer)
3868 4, 1694 gnome-shell mod_delayed_work_on (delayed_work_timer_fn)
3869 17, 7 rcu_sched rcu_gp_kthread (process_timeout)
3870 ...
3871 1, 4911 kworker/u16:0 mod_delayed_work_on (delayed_work_timer_fn)
3872 1D, 2522 kworker/0:0 queue_delayed_work_on (delayed_work_timer_fn)
3873 1029 total events, 583.333 events/sec
3874 The output columns are:
3876 * a count of the number of events, optionally (since Linux
3878 2.6.23) followed by the letter 'D' if this is a deferrable
3879 timer;
3880 * the PID of the process that initialized the timer;
3882 * the name of the process that initialized the timer;
3884 * the function where the timer was initialized; and
3886 * (in parentheses) the callback function that is associated
3888 with the timer.
3889 During the Linux 4.11 development cycle, this file was removed
3891 because of security concerns, as it exposes information across
3892 namespaces. Furthermore, it is possible to obtain the same
3893 information via in-kernel tracing facilities such as ftrace.
3894 /proc/tty
3896 Subdirectory containing the pseudo-files and subdirectories for
3897 tty drivers and line disciplines.
3898 /proc/uptime
3900 This file contains two numbers: the uptime of the system (sec‐
3901 onds), and the amount of time spent in idle process (seconds).
3902 /proc/version
3904 This string identifies the kernel version that is currently run‐
3905 ning. It includes the contents of /proc/sys/kernel/ostype,
3906 /proc/sys/kernel/osrelease and /proc/sys/kernel/version. For
3907 example:
3908 Linux version 1.0.9 (quinlan@phaze) #1 Sat May 14 01:51:54 EDT 1994
3910 /proc/vmstat (since Linux 2.6.0)
3912 This file displays various virtual memory statistics. Each line
3913 of this file contains a single name-value pair, delimited by
3914 white space. Some lines are present only if the kernel was con‐
3915 figured with suitable options. (In some cases, the options
3916 required for particular files have changed across kernel ver‐
3917 sions, so they are not listed here. Details can be found by
3918 consulting the kernel source code.) The following fields may be
3919 present:
3920 nr_free_pages (since Linux 2.6.31)
3922 nr_alloc_batch (since Linux 3.12)
3924 nr_inactive_anon (since Linux 2.6.28)
3926 nr_active_anon (since Linux 2.6.28)
3928 nr_inactive_file (since Linux 2.6.28)
3930 nr_active_file (since Linux 2.6.28)
3932 nr_unevictable (since Linux 2.6.28)
3934 nr_mlock (since Linux 2.6.28)
3936 nr_anon_pages (since Linux 2.6.18)
3938 nr_mapped (since Linux 2.6.0)
3940 nr_file_pages (since Linux 2.6.18)
3942 nr_dirty (since Linux 2.6.0)
3944 nr_writeback (since Linux 2.6.0)
3946 nr_slab_reclaimable (since Linux 2.6.19)
3948 nr_slab_unreclaimable (since Linux 2.6.19)
3950 nr_page_table_pages (since Linux 2.6.0)
3952 nr_kernel_stack (since Linux 2.6.32)
3954 Amount of memory allocated to kernel stacks.
3955 nr_unstable (since Linux 2.6.0)
3957 nr_bounce (since Linux 2.6.12)
3959 nr_vmscan_write (since Linux 2.6.19)
3961 nr_vmscan_immediate_reclaim (since Linux 3.2)
3963 nr_writeback_temp (since Linux 2.6.26)
3965 nr_isolated_anon (since Linux 2.6.32)
3967 nr_isolated_file (since Linux 2.6.32)
3969 nr_shmem (since Linux 2.6.32)
3971 Pages used by shmem and tmpfs(5).
3972 nr_dirtied (since Linux 2.6.37)
3974 nr_written (since Linux 2.6.37)
3976 nr_pages_scanned (since Linux 3.17)
3978 numa_hit (since Linux 2.6.18)
3980 numa_miss (since Linux 2.6.18)
3982 numa_foreign (since Linux 2.6.18)
3984 numa_interleave (since Linux 2.6.18)
3986 numa_local (since Linux 2.6.18)
3988 numa_other (since Linux 2.6.18)
3990 workingset_refault (since Linux 3.15)
3992 workingset_activate (since Linux 3.15)
3994 workingset_nodereclaim (since Linux 3.15)
3996 nr_anon_transparent_hugepages (since Linux 2.6.38)
3998 nr_free_cma (since Linux 3.7)
4000 Number of free CMA (Contiguous Memory Allocator) pages.
4001 nr_dirty_threshold (since Linux 2.6.37)
4003 nr_dirty_background_threshold (since Linux 2.6.37)
4005 pgpgin (since Linux 2.6.0)
4007 pgpgout (since Linux 2.6.0)
4009 pswpin (since Linux 2.6.0)
4011 pswpout (since Linux 2.6.0)
4013 pgalloc_dma (since Linux 2.6.5)
4015 pgalloc_dma32 (since Linux 2.6.16)
4017 pgalloc_normal (since Linux 2.6.5)
4019 pgalloc_high (since Linux 2.6.5)
4021 pgalloc_movable (since Linux 2.6.23)
4023 pgfree (since Linux 2.6.0)
4025 pgactivate (since Linux 2.6.0)
4027 pgdeactivate (since Linux 2.6.0)
4029 pgfault (since Linux 2.6.0)
4031 pgmajfault (since Linux 2.6.0)
4033 pgrefill_dma (since Linux 2.6.5)
4035 pgrefill_dma32 (since Linux 2.6.16)
4037 pgrefill_normal (since Linux 2.6.5)
4039 pgrefill_high (since Linux 2.6.5)
4041 pgrefill_movable (since Linux 2.6.23)
4043 pgsteal_kswapd_dma (since Linux 3.4)
4045 pgsteal_kswapd_dma32 (since Linux 3.4)
4047 pgsteal_kswapd_normal (since Linux 3.4)
4049 pgsteal_kswapd_high (since Linux 3.4)
4051 pgsteal_kswapd_movable (since Linux 3.4)
4053 pgsteal_direct_dma
4055 pgsteal_direct_dma32 (since Linux 3.4)
4057 pgsteal_direct_normal (since Linux 3.4)
4059 pgsteal_direct_high (since Linux 3.4)
4061 pgsteal_direct_movable (since Linux 2.6.23)
4063 pgscan_kswapd_dma
4065 pgscan_kswapd_dma32 (since Linux 2.6.16)
4067 pgscan_kswapd_normal (since Linux 2.6.5)
4069 pgscan_kswapd_high
4071 pgscan_kswapd_movable (since Linux 2.6.23)
4073 pgscan_direct_dma
4075 pgscan_direct_dma32 (since Linux 2.6.16)
4077 pgscan_direct_normal
4079 pgscan_direct_high
4081 pgscan_direct_movable (since Linux 2.6.23)
4083 pgscan_direct_throttle (since Linux 3.6)
4085 zone_reclaim_failed (since linux 2.6.31)
4087 pginodesteal (since linux 2.6.0)
4089 slabs_scanned (since linux 2.6.5)
4091 kswapd_inodesteal (since linux 2.6.0)
4093 kswapd_low_wmark_hit_quickly (since 2.6.33)
4095 kswapd_high_wmark_hit_quickly (since 2.6.33)
4097 pageoutrun (since Linux 2.6.0)
4099 allocstall (since Linux 2.6.0)
4101 pgrotated (since Linux 2.6.0)
4103 drop_pagecache (since Linux 3.15)
4105 drop_slab (since Linux 3.15)
4107 numa_pte_updates (since Linux 3.8)
4109 numa_huge_pte_updates (since Linux 3.13)
4111 numa_hint_faults (since Linux 3.8)
4113 numa_hint_faults_local (since Linux 3.8)
4115 numa_pages_migrated (since Linux 3.8)
4117 pgmigrate_success (since Linux 3.8)
4119 pgmigrate_fail (since Linux 3.8)
4121 compact_migrate_scanned (since Linux 3.8)
4123 compact_free_scanned (since Linux 3.8)
4125 compact_isolated (since Linux 3.8)
4127 compact_stall (since Linux 2.6.35)
4129 See the kernel source file Documentation/vm/tran‐
4130 shuge.txt.
4131 compact_fail (since Linux 2.6.35)
4133 See the kernel source file Documentation/vm/tran‐
4134 shuge.txt.
4135 compact_success (since Linux 2.6.35)
4137 See the kernel source file Documentation/vm/tran‐
4138 shuge.txt.
4139 htlb_buddy_alloc_success (since Linux 2.6.26)
4141 htlb_buddy_alloc_fail (since Linux 2.6.26)
4143 unevictable_pgs_culled (since Linux 2.6.28)
4145 unevictable_pgs_scanned (since Linux 2.6.28)
4147 unevictable_pgs_rescued (since Linux 2.6.28)
4149 unevictable_pgs_mlocked (since Linux 2.6.28)
4151 unevictable_pgs_munlocked (since Linux 2.6.28)
4153 unevictable_pgs_cleared (since Linux 2.6.28)
4155 unevictable_pgs_stranded (since Linux 2.6.28)
4157 thp_fault_alloc (since Linux 2.6.39)
4159 See the kernel source file Documentation/vm/tran‐
4160 shuge.txt.
4161 thp_fault_fallback (since Linux 2.6.39)
4163 See the kernel source file Documentation/vm/tran‐
4164 shuge.txt.
4165 thp_collapse_alloc (since Linux 2.6.39)
4167 See the kernel source file Documentation/vm/tran‐
4168 shuge.txt.
4169 thp_collapse_alloc_failed (since Linux 2.6.39)
4171 See the kernel source file Documentation/vm/tran‐
4172 shuge.txt.
4173 thp_split (since Linux 2.6.39)
4175 See the kernel source file Documentation/vm/tran‐
4176 shuge.txt.
4177 thp_zero_page_alloc (since Linux 3.8)
4179 See the kernel source file Documentation/vm/tran‐
4180 shuge.txt.
4181 thp_zero_page_alloc_failed (since Linux 3.8)
4183 See the kernel source file Documentation/vm/tran‐
4184 shuge.txt.
4185 balloon_inflate (since Linux 3.18)
4187 balloon_deflate (since Linux 3.18)
4189 balloon_migrate (since Linux 3.18)
4191 nr_tlb_remote_flush (since Linux 3.12)
4193 nr_tlb_remote_flush_received (since Linux 3.12)
4195 nr_tlb_local_flush_all (since Linux 3.12)
4197 nr_tlb_local_flush_one (since Linux 3.12)
4199 vmacache_find_calls (since Linux 3.16)
4201 vmacache_find_hits (since Linux 3.16)
4203 vmacache_full_flushes (since Linux 3.19)
4205 /proc/zoneinfo (since Linux 2.6.13)
4207 This file display information about memory zones. This is use‐
4208 ful for analyzing virtual memory behavior.
4209
4211 Many strings (i.e., the environment and command line) are in the inter‐
4212 nal format, with subfields terminated by null bytes ('\0'), so you may
4213 find that things are more readable if you use od -c or tr "\000" "\n"
4214 to read them. Alternatively, echo `cat <file>` works well.
4215 This manual page is incomplete, possibly inaccurate, and is the kind of
4217 thing that needs to be updated very often.
4218
4220 cat(1), dmesg(1), find(1), free(1), init(1), ps(1), tr(1), uptime(1),
4221 chroot(2), mmap(2), readlink(2), syslog(2), slabinfo(5), sysfs(5),
4222 hier(7), namespaces(7), time(7), arp(8), hdparm(8), ifconfig(8),
4223 lsmod(8), lspci(8), mount(8), netstat(8), procinfo(8), route(8),
4224 sysctl(8)
4225 The Linux kernel source files: Documentation/filesystems/proc.txt Docu‐
4227 mentation/sysctl/fs.txt, Documentation/sysctl/kernel.txt, Documenta‐
4228 tion/sysctl/net.txt, and Documentation/sysctl/vm.txt.
4229
4231 This page is part of release 4.16 of the Linux man-pages project. A
4232 description of the project, information about reporting bugs, and the
4233 latest version of this page, can be found at
4234 https://www.kernel.org/doc/man-pages/.
4235Linux 2017-09-15 PROC(5)