1PROC(5)                    Linux Programmer's Manual                   PROC(5)
2
3
4

NAME

6       proc - process information pseudo-filesystem
7

DESCRIPTION

9       The  proc filesystem is a pseudo-filesystem which provides an interface
10       to kernel data structures.  It is commonly  mounted  at  /proc.   Typi‐
11       cally,  it  is  mounted automatically by the system, but it can also be
12       mounted manually using a command such as:
13
14           mount -t proc proc /proc
15
16       Most of the files in the proc filesystem are read-only, but some  files
17       are writable, allowing kernel variables to be changed.
18
19   Mount options
20       The proc filesystem supports the following mount options:
21
22       hidepid=n (since Linux 3.3)
23              This   option   controls  who  can  access  the  information  in
24              /proc/[pid] directories.  The argument, n, is one of the follow‐
25              ing values:
26
27              0   Everybody  may  access all /proc/[pid] directories.  This is
28                  the traditional behavior, and  the  default  if  this  mount
29                  option is not specified.
30
31              1   Users  may  not  access  files and subdirectories inside any
32                  /proc/[pid]  directories  but  their  own  (the  /proc/[pid]
33                  directories  themselves  remain  visible).   Sensitive files
34                  such as /proc/[pid]/cmdline and /proc/[pid]/status  are  now
35                  protected  against other users.  This makes it impossible to
36                  learn whether any user is running  a  specific  program  (so
37                  long  as  the program doesn't otherwise reveal itself by its
38                  behavior).
39
40              2   As for mode 1, but in addition the  /proc/[pid]  directories
41                  belonging  to other users become invisible.  This means that
42                  /proc/[pid] entries can no longer be used  to  discover  the
43                  PIDs  on  the  system.   This  doesn't  hide the fact that a
44                  process with a specific PID value exists (it can be  learned
45                  by  other  means,  for  example,  by "kill -0 $PID"), but it
46                  hides a process's UID and  GID,  which  could  otherwise  be
47                  learned  by  employing  stat(2)  on a /proc/[pid] directory.
48                  This greatly complicates an  attacker's  task  of  gathering
49                  information   about  running  processes  (e.g.,  discovering
50                  whether some daemon is  running  with  elevated  privileges,
51                  whether  another  user  is  running  some sensitive program,
52                  whether other users are running any program at all,  and  so
53                  on).
54
55       gid=gid (since Linux 3.3)
56              Specifies  the  ID  of  a  group whose members are authorized to
57              learn process information otherwise prohibited by hidepid (i.e.,
58              users  in  this  group  behave  as though /proc was mounted with
59              hidepid=0).  This group should be  used  instead  of  approaches
60              such as putting nonroot users into the sudoers(5) file.
61
62   Overview
63       Underneath  /proc,  there are the following general groups of files and
64       subdirectories:
65
66       /proc/[pid] subdirectories
67              Each one of these subdirectories contains files and  subdirecto‐
68              ries exposing information about the process with the correspond‐
69              ing process ID.
70
71              Underneath each of the /proc/[pid] directories, a task subdirec‐
72              tory  contains subdirectories of the form task/[tid], which con‐
73              tain corresponding information about each of the threads in  the
74              process, where tid is the kernel thread ID of the thread.
75
76              The   /proc/[pid]  subdirectories  are  visible  when  iterating
77              through /proc with getdents(2) (and thus are  visible  when  one
78              uses ls(1) to view the contents of /proc).
79
80       /proc/[tid] subdirectories
81              Each  one of these subdirectories contains files and subdirecto‐
82              ries exposing information about the thread with the  correspond‐
83              ing  thread  ID.  The contents of these directories are the same
84              as the corresponding /proc/[pid]/task/[tid] directories.
85
86              The /proc/[tid] subdirectories are not  visible  when  iterating
87              through  /proc  with  getdents(2) (and thus are not visible when
88              one uses ls(1) to view the contents of /proc).
89
90       /proc/self
91              When a process accesses this magic symbolic link, it resolves to
92              the process's own /proc/[pid] directory.
93
94       /proc/thread-self
95              When  a thread accesses this magic symbolic link, it resolves to
96              the process's own /proc/self/task/[tid] directory.
97
98       /proc/[a-z]*
99              Various other files and subdirectories under /proc  expose  sys‐
100              tem-wide information.
101
102       All of the above are described in more detail below.
103
104   Files and directories
105       The  following  list provides details of many of the files and directo‐
106       ries under the /proc hierarchy.
107
108       /proc/[pid]
109              There is a numerical subdirectory for each running process;  the
110              subdirectory  is named by the process ID.  Each /proc/[pid] sub‐
111              directory contains the pseudo-files  and  directories  described
112              below.
113
114              The  files  inside each /proc/[pid] directory are normally owned
115              by the effective user and effective group  ID  of  the  process.
116              However,  as a security measure, the ownership is made root:root
117              if the process's "dumpable" attribute is set to  a  value  other
118              than 1.
119
120              Before Linux 4.11, root:root meant the "global" root user ID and
121              group ID (i.e., UID 0 and GID 0 in the initial user  namespace).
122              Since  Linux 4.11, if the process is in a noninitial user names‐
123              pace that has a valid mapping for user (group) ID 0  inside  the
124              namespace,  then  the  user (group) ownership of the files under
125              /proc/[pid] is instead made the same as the root user (group) ID
126              of  the  namespace.   This means that inside a container, things
127              work as expected for the container "root" user.
128
129              The process's "dumpable" attribute may change for the  following
130              reasons:
131
132              *  The   attribute   was   explicitly   set   via  the  prctl(2)
133                 PR_SET_DUMPABLE operation.
134
135              *  The  attribute  was  reset  to  the   value   in   the   file
136                 /proc/sys/fs/suid_dumpable (described below), for the reasons
137                 described in prctl(2).
138
139              Resetting the "dumpable" attribute to 1 reverts the ownership of
140              the  /proc/[pid]/* files to the process's effective UID and GID.
141              Note, however, that if the effective UID or GID is  subsequently
142              modified,  then  the  "dumpable"  attribute  may  be  reset,  as
143              described in prctl(2).  Therefore, it may be desirable to  reset
144              the "dumpable" attribute after making any desired changes to the
145              process's effective UID or GID.
146
147       /proc/[pid]/attr
148              The files in this directory provide an API for security modules.
149              The  contents  of  this directory are files that can be read and
150              written in  order  to  set  security-related  attributes.   This
151              directory  was  added  to support SELinux, but the intention was
152              that the API be general enough to support  other  security  mod‐
153              ules.   For  the purpose of explanation, examples of how SELinux
154              uses these files are provided below.
155
156              This directory is present only if the kernel was configured with
157              CONFIG_SECURITY.
158
159       /proc/[pid]/attr/current (since Linux 2.6.0)
160              The  contents  of  this  file  represent  the  current  security
161              attributes of the process.
162
163              In SELinux, this file is used to get the security context  of  a
164              process.   Prior to Linux 2.6.11, this file could not be used to
165              set the security context (a  write  was  always  denied),  since
166              SELinux  limited  process security transitions to execve(2) (see
167              the description of /proc/[pid]/attr/exec, below).   Since  Linux
168              2.6.11,  SELinux  lifted  this  restriction and began supporting
169              "set" operations via writes to this node if authorized  by  pol‐
170              icy,  although use of this operation is only suitable for appli‐
171              cations that are trusted  to  maintain  any  desired  separation
172              between the old and new security contexts.
173
174              Prior  to  Linux  2.6.28, SELinux did not allow threads within a
175              multithreaded process to set their  security  context  via  this
176              node  as it would yield an inconsistency among the security con‐
177              texts of the threads sharing the same memory space.  Since Linux
178              2.6.28,  SELinux  lifted  this  restriction and began supporting
179              "set" operations for threads within a multithreaded  process  if
180              the new security context is bounded by the old security context,
181              where the bounded relation is defined in policy  and  guarantees
182              that the new security context has a subset of the permissions of
183              the old security context.
184
185              Other security modules may choose to  support  "set"  operations
186              via writes to this node.
187
188       /proc/[pid]/attr/exec (since Linux 2.6.0)
189              This  file  represents  the  attributes to assign to the process
190              upon a subsequent execve(2).
191
192              In SELinux, this is needed to support  role/domain  transitions,
193              and  execve(2)  is  the preferred point to make such transitions
194              because it offers better control over the initialization of  the
195              process  in the new security label and the inheritance of state.
196              In SELinux, this attribute is reset on execve(2) so that the new
197              program  reverts to the default behavior for any execve(2) calls
198              that it may make.  In SELinux, a process can set  only  its  own
199              /proc/[pid]/attr/exec attribute.
200
201       /proc/[pid]/attr/fscreate (since Linux 2.6.0)
202              This  file  represents the attributes to assign to files created
203              by  subsequent  calls  to  open(2),  mkdir(2),  symlink(2),  and
204              mknod(2)
205
206              SELinux  employs  this file to support creation of a file (using
207              the aforementioned system calls) in  a  secure  state,  so  that
208              there  is no risk of inappropriate access being obtained between
209              the time of creation and the time that attributes are  set.   In
210              SELinux,  this  attribute is reset on execve(2), so that the new
211              program reverts to the default behavior for  any  file  creation
212              calls  it may make, but the attribute will persist across multi‐
213              ple file creation calls within a program unless it is explicitly
214              reset.    In   SELinux,   a   process   can  set  only  its  own
215              /proc/[pid]/attr/fscreate attribute.
216
217       /proc/[pid]/attr/keycreate (since Linux 2.6.18)
218              If a process writes a security context into this file, all  sub‐
219              sequently  created  keys  (add_key(2)) will be labeled with this
220              context.  For further information, see the  kernel  source  file
221              Documentation/security/keys/core.rst    (or    file   Documenta‐
222              tion/security/keys.txt on Linux between 3.0 and 4.13,  or  Docu‐
223              mentation/keys.txt before Linux 3.0).
224
225       /proc/[pid]/attr/prev (since Linux 2.6.0)
226              This  file  contains  the security context of the process before
227              the  last  execve(2);   that   is,   the   previous   value   of
228              /proc/[pid]/attr/current.
229
230       /proc/[pid]/attr/socketcreate (since Linux 2.6.18)
231              If  a process writes a security context into this file, all sub‐
232              sequently created sockets will be labeled with this context.
233
234       /proc/[pid]/autogroup (since Linux 2.6.38)
235              See sched(7).
236
237       /proc/[pid]/auxv (since 2.6.0)
238              This contains the contents of the  ELF  interpreter  information
239              passed  to the process at exec time.  The format is one unsigned
240              long ID plus one unsigned long value for each entry.   The  last
241              entry contains two zeros.  See also getauxval(3).
242
243              Permission  to  access  this file is governed by a ptrace access
244              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
245
246       /proc/[pid]/cgroup (since Linux 2.6.24)
247              See cgroups(7).
248
249       /proc/[pid]/clear_refs (since Linux 2.6.22)
250
251              This is a  write-only  file,  writable  only  by  owner  of  the
252              process.
253
254              The following values may be written to the file:
255
256              1 (since Linux 2.6.22)
257                     Reset  the  PG_Referenced and ACCESSED/YOUNG bits for all
258                     the pages associated with the  process.   (Before  kernel
259                     2.6.32,  writing  any nonzero value to this file had this
260                     effect.)
261
262              2 (since Linux 2.6.32)
263                     Reset the PG_Referenced and ACCESSED/YOUNG bits  for  all
264                     anonymous pages associated with the process.
265
266              3 (since Linux 2.6.32)
267                     Reset  the  PG_Referenced and ACCESSED/YOUNG bits for all
268                     file-mapped pages associated with the process.
269
270              Clearing the PG_Referenced and ACCESSED/YOUNG  bits  provides  a
271              method  to  measure  approximately  how much memory a process is
272              using.  One first inspects the values in the "Referenced" fields
273              for  the  VMAs  shown in /proc/[pid]/smaps to get an idea of the
274              memory footprint of the process.  One then clears the  PG_Refer‐
275              enced  and  ACCESSED/YOUNG  bits  and,  after some measured time
276              interval, once again inspects the  values  in  the  "Referenced"
277              fields  to  get an idea of the change in memory footprint of the
278              process during the measured interval.  If one is interested only
279              in  inspecting the selected mapping types, then the value 2 or 3
280              can be used instead of 1.
281
282              Further values can be written to affect different properties:
283
284              4 (since Linux 3.11)
285                     Clear the soft-dirty bit for  all  the  pages  associated
286                     with  the  process.   This  is  used (in conjunction with
287                     /proc/[pid]/pagemap) by the check-point restore system to
288                     discover which pages of a process have been dirtied since
289                     the file /proc/[pid]/clear_refs was written to.
290
291              5 (since Linux 4.0)
292                     Reset the peak resident set size ("high water  mark")  to
293                     the process's current resident set size value.
294
295              Writing  any  value  to  /proc/[pid]/clear_refs other than those
296              listed above has no effect.
297
298              The /proc/[pid]/clear_refs file is  present  only  if  the  CON‐
299              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
300
301       /proc/[pid]/cmdline
302              This  read-only  file  holds  the  complete command line for the
303              process, unless the process is a zombie.  In  the  latter  case,
304              there is nothing in this file: that is, a read on this file will
305              return 0 characters.  The command-line arguments appear in  this
306              file  as a set of strings separated by null bytes ('\0'), with a
307              further null byte after the last string.
308
309              If, after an execve(2), the process modifies its  argv  strings,
310              those  changes will show up here.  This is not the same thing as
311              modifying the argv array.
312
313              Furthermore, a process may change the memory location that  this
314              file refers via prctl(2) operations such as PR_SET_MM_ARG_START.
315
316              Think  of  this  file as the command line that the process wants
317              you to see.
318
319       /proc/[pid]/comm (since Linux 2.6.33)
320              This file exposes the process's comm value—that is, the  command
321              name associated with the process.  Different threads in the same
322              process  may  have  different  comm   values,   accessible   via
323              /proc/[pid]/task/[tid]/comm.   A  thread  may  modify  its  comm
324              value, or that of any of other thread in the same  thread  group
325              (see  the discussion of CLONE_THREAD in clone(2)), by writing to
326              the  file  /proc/self/task/[tid]/comm.   Strings   longer   than
327              TASK_COMM_LEN  (16)  characters  (including the terminating null
328              byte) are silently truncated.
329
330              This file provides a superset of the  prctl(2)  PR_SET_NAME  and
331              PR_GET_NAME operations, and is employed by pthread_setname_np(3)
332              when used to rename threads other than the caller.  The value in
333              this  file  is  used  for  the  %e  specifier  in /proc/sys/ker‐
334              nel/core_pattern; see proc(5).
335
336       /proc/[pid]/coredump_filter (since Linux 2.6.23)
337              See core(5).
338
339       /proc/[pid]/cpuset (since Linux 2.6.12)
340              See cpuset(7).
341
342       /proc/[pid]/cwd
343              This is a symbolic link to the current working directory of  the
344              process.   To  find out the current working directory of process
345              20, for instance, you can do this:
346
347                  $ cd /proc/20/cwd; /bin/pwd
348
349              Note that the pwd command is often a shell built-in,  and  might
350              not work properly.  In bash(1), you may use pwd -P.
351
352              In  a  multithreaded process, the contents of this symbolic link
353              are not available if the  main  thread  has  already  terminated
354              (typically by calling pthread_exit(3)).
355
356              Permission  to  dereference  or read (readlink(2)) this symbolic
357              link    is    governed    by    a     ptrace     access     mode
358              PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
359
360       /proc/[pid]/environ
361              This file contains the initial environment that was set when the
362              currently executing program  was  started  via  execve(2).   The
363              entries  are  separated by null bytes ('\0'), and there may be a
364              null byte at the end.  Thus, to print  out  the  environment  of
365              process 1, you would do:
366
367                  $ cat /proc/1/environ | tr '\000' '\n'
368
369              If,  after  an  execve(2),  the process modifies its environment
370              (e.g., by calling functions such as putenv(3) or  modifying  the
371              environ(7)  variable directly), this file will not reflect those
372              changes.
373
374              Furthermore, a process may change the memory location that  this
375              file refers via prctl(2) operations such as PR_SET_MM_ENV_START.
376
377              Permission  to  access  this file is governed by a ptrace access
378              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
379
380       /proc/[pid]/exe
381              Under Linux 2.2 and later, this file is a symbolic link contain‐
382              ing  the actual pathname of the executed command.  This symbolic
383              link can be dereferenced normally; attempting to  open  it  will
384              open  the  executable.  You can even type /proc/[pid]/exe to run
385              another copy of the same executable that is being run by process
386              [pid].   If  the  pathname  has been unlinked, the symbolic link
387              will contain the string '(deleted)'  appended  to  the  original
388              pathname.  In a multithreaded process, the contents of this sym‐
389              bolic link are not available if the main thread has already ter‐
390              minated (typically by calling pthread_exit(3)).
391
392              Permission  to  dereference  or read (readlink(2)) this symbolic
393              link    is    governed    by    a     ptrace     access     mode
394              PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
395
396              Under Linux 2.0 and earlier, /proc/[pid]/exe is a pointer to the
397              binary which was executed, and appears as a  symbolic  link.   A
398              readlink(2)  call  on this file under Linux 2.0 returns a string
399              in the format:
400
401                  [device]:inode
402
403              For example, [0301]:1502 would be inode 1502 on device major  03
404              (IDE,  MFM,  etc. drives) minor 01 (first partition on the first
405              drive).
406
407              find(1) with the -inum option can be used to locate the file.
408
409       /proc/[pid]/fd/
410              This is a subdirectory containing one entry for each file  which
411              the process has open, named by its file descriptor, and which is
412              a symbolic link to the actual file.  Thus, 0 is standard  input,
413              1 standard output, 2 standard error, and so on.
414
415              For  file descriptors for pipes and sockets, the entries will be
416              symbolic links whose content is the file type with the inode.  A
417              readlink(2) call on this file returns a string in the format:
418
419                  type:[inode]
420
421              For  example, socket:[2248868] will be a socket and its inode is
422              2248868.  For sockets, that inode  can  be  used  to  find  more
423              information in one of the files under /proc/net/.
424
425              For  file  descriptors  that  have no corresponding inode (e.g.,
426              file   descriptors   produced   by   bpf(2),    epoll_create(2),
427              eventfd(2),  inotify_init(2),  perf_event_open(2),  signalfd(2),
428              timerfd_create(2), and userfaultfd(2)), the entry will be a sym‐
429              bolic link with contents of the form
430
431                  anon_inode:<file-type>
432
433              In  many  cases  (but  not  all), the file-type is surrounded by
434              square brackets.
435
436              For example, an epoll file descriptor will have a symbolic  link
437              whose content is the string anon_inode:[eventpoll].
438
439              In  a  multithreaded process, the contents of this directory are
440              not available if the main thread has already  terminated  (typi‐
441              cally by calling pthread_exit(3)).
442
443              Programs  that  take  a filename as a command-line argument, but
444              don't take input from standard input if no argument is supplied,
445              and  programs that write to a file named as a command-line argu‐
446              ment, but don't send their output to standard output if no argu‐
447              ment is supplied, can nevertheless be made to use standard input
448              or standard output by using /proc/[pid]/fd files as command-line
449              arguments.   For example, assuming that -i is the flag designat‐
450              ing an input file and -o is the flag designating an output file:
451
452                  $ foobar -i /proc/self/fd/0 -o /proc/self/fd/1 ...
453
454              and you have a working filter.
455
456              /proc/self/fd/N is approximately the same as /dev/fd/N  in  some
457              UNIX and UNIX-like systems.  Most Linux MAKEDEV scripts symboli‐
458              cally link /dev/fd to /proc/self/fd, in fact.
459
460              Most systems provide symbolic links /dev/stdin, /dev/stdout, and
461              /dev/stderr, which respectively link to the files 0, 1, and 2 in
462              /proc/self/fd.  Thus the example command above could be  written
463              as:
464
465                  $ foobar -i /dev/stdin -o /dev/stdout ...
466
467              Permission  to  dereference  or  read (readlink(2)) the symbolic
468              links in this directory is governed  by  a  ptrace  access  mode
469              PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
470
471              Note  that  for  file descriptors referring to inodes (pipes and
472              sockets, see above), those inodes still have permission bits and
473              ownership  information distinct from those of the /proc/[pid]/fd
474              entry, and that the owner may differ from the user and group IDs
475              of the process.  An unprivileged process may lack permissions to
476              open them, as in this example:
477
478                  $ echo test | sudo -u nobody cat
479                  test
480                  $ echo test | sudo -u nobody cat /proc/self/fd/0
481                  cat: /proc/self/fd/0: Permission denied
482
483              File descriptor 0 refers to the pipe created by  the  shell  and
484              owned by that shell's user, which is not nobody, so cat does not
485              have permission to create a new file  descriptor  to  read  from
486              that inode, even though it can still read from its existing file
487              descriptor 0.
488
489       /proc/[pid]/fdinfo/ (since Linux 2.6.22)
490              This is a subdirectory containing one entry for each file  which
491              the  process  has open, named by its file descriptor.  The files
492              in this directory are readable only by the owner of the process.
493              The  contents  of  each  file  can be read to obtain information
494              about the corresponding file descriptor.  The content depends on
495              the  type of file referred to by the corresponding file descrip‐
496              tor.
497
498              For regular files and directories, we see something like:
499
500                  $ cat /proc/12015/fdinfo/4
501                  pos:    1000
502                  flags:  01002002
503                  mnt_id: 21
504
505              The fields are as follows:
506
507              pos    This is a decimal number showing the file offset.
508
509              flags  This is an octal number that  displays  the  file  access
510                     mode  and file status flags (see open(2)).  If the close-
511                     on-exec file descriptor flag is set, then flags will also
512                     include the value O_CLOEXEC.
513
514                     Before  Linux  3.1,  this field incorrectly displayed the
515                     setting of O_CLOEXEC at the time  the  file  was  opened,
516                     rather  than  the  current  setting  of the close-on-exec
517                     flag.
518
519              mnt_id This field, present since Linux 3.15, is the  ID  of  the
520                     mount point containing this file.  See the description of
521                     /proc/[pid]/mountinfo.
522
523              For eventfd file descriptors (see  eventfd(2)),  we  see  (since
524              Linux 3.8) the following fields:
525
526                  pos: 0
527                  flags:    02
528                  mnt_id:   10
529                  eventfd-count:               40
530
531              eventfd-count  is  the  current value of the eventfd counter, in
532              hexadecimal.
533
534              For epoll file descriptors (see epoll(7)), we see  (since  Linux
535              3.8) the following fields:
536
537                  pos: 0
538                  flags:    02
539                  mnt_id:   10
540                  tfd:        9 events:       19 data: 74253d2500000009
541                  tfd:        7 events:       19 data: 74253d2500000007
542
543              Each  of  the  lines  beginning  tfd  describes  one of the file
544              descriptors being monitored via the epoll file  descriptor  (see
545              epoll_ctl(2)  for some details).  The tfd field is the number of
546              the file descriptor.  The events field is a hexadecimal mask  of
547              the  events  being monitored for this file descriptor.  The data
548              field is the data value associated with this file descriptor.
549
550              For signalfd file descriptors (see signalfd(2)), we  see  (since
551              Linux 3.8) the following fields:
552
553                  pos: 0
554                  flags:    02
555                  mnt_id:   10
556                  sigmask:  0000000000000006
557
558              sigmask is the hexadecimal mask of signals that are accepted via
559              this signalfd file descriptor.  (In this example, bits 2  and  3
560              are  set,  corresponding  to the signals SIGINT and SIGQUIT; see
561              signal(7).)
562
563              For inotify file descriptors (see  inotify(7)),  we  see  (since
564              Linux 3.8) the following fields:
565
566                  pos: 0
567                  flags:    00
568                  mnt_id:   11
569                  inotify wd:2 ino:7ef82a sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:2af87e00220ffd73
570                  inotify wd:1 ino:192627 sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:27261900802dfd73
571
572              Each  of the lines beginning with "inotify" displays information
573              about one file or directory that is being monitored.  The fields
574              in this line are as follows:
575
576              wd     A watch descriptor number (in decimal).
577
578              ino    The inode number of the target file (in hexadecimal).
579
580              sdev   The  ID  of  the device where the target file resides (in
581                     hexadecimal).
582
583              mask   The mask of events being monitored for  the  target  file
584                     (in hexadecimal).
585
586              If  the  kernel was built with exportfs support, the path to the
587              target file is exposed as a file handle, via  three  hexadecimal
588              fields: fhandle-bytes, fhandle-type, and f_handle.
589
590              For  fanotify  file descriptors (see fanotify(7)), we see (since
591              Linux 3.8) the following fields:
592
593                  pos: 0
594                  flags:    02
595                  mnt_id:   11
596                  fanotify flags:0 event-flags:88002
597                  fanotify ino:19264f sdev:800001 mflags:0 mask:1 ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:4f261900a82dfd73
598
599              The fourth line displays information defined when  the  fanotify
600              group was created via fanotify_init(2):
601
602              flags  The  flags  argument given to fanotify_init(2) (expressed
603                     in hexadecimal).
604
605              event-flags
606                     The  event_f_flags  argument  given  to  fanotify_init(2)
607                     (expressed in hexadecimal).
608
609              Each  additional  line  shown  in  the file contains information
610              about one of the marks in the fanotify  group.   Most  of  these
611              fields are as for inotify, except:
612
613              mflags The flags associated with the mark (expressed in hexadec‐
614                     imal).
615
616              mask   The events mask for this mark (expressed in hexadecimal).
617
618              ignored_mask
619                     The mask  of  events  that  are  ignored  for  this  mark
620                     (expressed in hexadecimal).
621
622              For details on these fields, see fanotify_mark(2).
623
624              For  timerfd  file  descriptors  (see timerfd(2)), we see (since
625              Linux 3.17) the following fields:
626
627                  pos:    0
628                  flags:  02004002
629                  mnt_id: 13
630                  clockid: 0
631                  ticks: 0
632                  settime flags: 03
633                  it_value: (7695568592, 640020877)
634                  it_interval: (0, 0)
635
636              clockid
637                     This is the numeric value of the clock ID  (corresponding
638                     to  one  of  the  CLOCK_* constants defined via <time.h>)
639                     that is used to mark the progress of the timer  (in  this
640                     example, 0 is CLOCK_REALTIME).
641
642              ticks  This  is  the  number  of  timer  expirations  that  have
643                     occurred, (i.e., the  value  that  read(2)  on  it  would
644                     return).
645
646              settime flags
647                     This  field  lists  the  flags with which the timerfd was
648                     last armed (see timerfd_settime(2)), in  octal  (in  this
649                     example,   both   TFD_TIMER_ABSTIME   and  TFD_TIMER_CAN‐
650                     CEL_ON_SET are set).
651
652              it_value
653                     This field contains the amount of time  until  the  timer
654                     will  next  expire, expressed in seconds and nanoseconds.
655                     This is always expressed as a relative value,  regardless
656                     of    whether   the   timer   was   created   using   the
657                     TFD_TIMER_ABSTIME flag.
658
659              it_interval
660                     This field contains the interval of the timer, in seconds
661                     and  nanoseconds.   (The  it_value and it_interval fields
662                     contain the values that timerfd_gettime(2) on  this  file
663                     descriptor would return.)
664
665       /proc/[pid]/gid_map (since Linux 3.5)
666              See user_namespaces(7).
667
668       /proc/[pid]/io (since kernel 2.6.20)
669              This file contains I/O statistics for the process, for example:
670
671                  # cat /proc/3828/io
672                  rchar: 323934931
673                  wchar: 323929600
674                  syscr: 632687
675                  syscw: 632675
676                  read_bytes: 0
677                  write_bytes: 323932160
678                  cancelled_write_bytes: 0
679
680              The fields are as follows:
681
682              rchar: characters read
683                     The number of bytes which this task has caused to be read
684                     from storage.  This is simply the sum of bytes which this
685                     process  passed  to read(2) and similar system calls.  It
686                     includes things such as terminal I/O and is unaffected by
687                     whether or not actual physical disk I/O was required (the
688                     read might have been satisfied from pagecache).
689
690              wchar: characters written
691                     The number of bytes which this task has caused, or  shall
692                     cause  to be written to disk.  Similar caveats apply here
693                     as with rchar.
694
695              syscr: read syscalls
696                     Attempt to count the number of read  I/O  operations—that
697                     is, system calls such as read(2) and pread(2).
698
699              syscw: write syscalls
700                     Attempt  to count the number of write I/O operations—that
701                     is, system calls such as write(2) and pwrite(2).
702
703              read_bytes: bytes read
704                     Attempt to count the number of bytes which  this  process
705                     really  did  cause  to be fetched from the storage layer.
706                     This is accurate for block-backed filesystems.
707
708              write_bytes: bytes written
709                     Attempt to count the number of bytes which  this  process
710                     caused to be sent to the storage layer.
711
712              cancelled_write_bytes:
713                     The big inaccuracy here is truncate.  If a process writes
714                     1 MB to a file and then deletes the file, it will in fact
715                     perform  no writeout.  But it will have been accounted as
716                     having caused 1 MB of write.  In other words: this  field
717                     represents  the number of bytes which this process caused
718                     to not happen, by truncating pagecache.  A task can cause
719                     "negative"  I/O  too.   If this task truncates some dirty
720                     pagecache, some I/O which another task has been accounted
721                     for (in its write_bytes) will not be happening.
722
723              Note:  In  the  current implementation, things are a bit racy on
724              32-bit systems: if process A reads  process  B's  /proc/[pid]/io
725              while  process  B  is  updating  one  of  these 64-bit counters,
726              process A could see an intermediate result.
727
728              Permission to access this file is governed by  a  ptrace  access
729              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
730
731       /proc/[pid]/limits (since Linux 2.6.24)
732              This file displays the soft limit, hard limit, and units of mea‐
733              surement for each of the process's resource  limits  (see  getr‐
734              limit(2)).   Up to and including Linux 2.6.35, this file is pro‐
735              tected to allow reading only by the real  UID  of  the  process.
736              Since  Linux  2.6.36,  this file is readable by all users on the
737              system.
738
739       /proc/[pid]/map_files/ (since kernel 3.3)
740              This subdirectory  contains  entries  corresponding  to  memory-
741              mapped  files (see mmap(2)).  Entries are named by memory region
742              start and end address pair (expressed as  hexadecimal  numbers),
743              and  are symbolic links to the mapped files themselves.  Here is
744              an example, with the output wrapped and reformatted to fit on an
745              80-column display:
746
747                  # ls -l /proc/self/map_files/
748                  lr--------. 1 root root 64 Apr 16 21:31
749                              3252e00000-3252e20000 -> /usr/lib64/ld-2.15.so
750                  ...
751
752              Although  these entries are present for memory regions that were
753              mapped with the MAP_FILE flag, the way anonymous  shared  memory
754              (regions created with the MAP_ANON | MAP_SHARED flags) is imple‐
755              mented in Linux means that such  regions  also  appear  on  this
756              directory.   Here  is  an  example  where the target file is the
757              deleted /dev/zero one:
758
759                  lrw-------. 1 root root 64 Apr 16 21:33
760                              7fc075d2f000-7fc075e6f000 -> /dev/zero (deleted)
761
762              Permission to access this file is governed by  a  ptrace  access
763              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
764
765              Until  kernel  version  4.3, this directory appeared only if the
766              CONFIG_CHECKPOINT_RESTORE  kernel   configuration   option   was
767              enabled.   Additionally,  in  those  kernel  versions, privilege
768              (CAP_SYS_ADMIN) was required to view the contents of this direc‐
769              tory.
770
771       /proc/[pid]/maps
772              A  file containing the currently mapped memory regions and their
773              access permissions.  See mmap(2) for  some  further  information
774              about memory mappings.
775
776              Permission  to  access  this file is governed by a ptrace access
777              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
778
779              The format of the file is:
780
781    address           perms offset  dev   inode       pathname
782    00400000-00452000 r-xp 00000000 08:02 173521      /usr/bin/dbus-daemon
783    00651000-00652000 r--p 00051000 08:02 173521      /usr/bin/dbus-daemon
784    00652000-00655000 rw-p 00052000 08:02 173521      /usr/bin/dbus-daemon
785    00e03000-00e24000 rw-p 00000000 00:00 0           [heap]
786    00e24000-011f7000 rw-p 00000000 00:00 0           [heap]
787    ...
788    35b1800000-35b1820000 r-xp 00000000 08:02 135522  /usr/lib64/ld-2.15.so
789    35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522  /usr/lib64/ld-2.15.so
790    35b1a20000-35b1a21000 rw-p 00020000 08:02 135522  /usr/lib64/ld-2.15.so
791    35b1a21000-35b1a22000 rw-p 00000000 00:00 0
792    35b1c00000-35b1dac000 r-xp 00000000 08:02 135870  /usr/lib64/libc-2.15.so
793    35b1dac000-35b1fac000 ---p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
794    35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
795    35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870  /usr/lib64/libc-2.15.so
796    ...
797    f2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0    [stack:986]
798    ...
799    7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0   [stack]
800    7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0   [vdso]
801
802              The address field is the address space in the process  that  the
803              mapping occupies.  The perms field is a set of permissions:
804
805                  r = read
806                  w = write
807                  x = execute
808                  s = shared
809                  p = private (copy on write)
810
811              The  offset  field  is the offset into the file/whatever; dev is
812              the device (major:minor); inode is the inode on that device.   0
813              indicates that no inode is associated with the memory region, as
814              would be the case with BSS (uninitialized data).
815
816              The pathname field will usually be the file that is backing  the
817              mapping.  For ELF files, you can easily coordinate with the off‐
818              set field by looking at the Offset  field  in  the  ELF  program
819              headers (readelf -l).
820
821              There are additional helpful pseudo-paths:
822
823              [stack]
824                     The  initial  process's (also known as the main thread's)
825                     stack.
826
827              [stack:<tid>] (from Linux 3.4 to 4.4)
828                     A thread's stack (where the <tid> is a  thread  ID).   It
829                     corresponds  to  the  /proc/[pid]/task/[tid]/ path.  This
830                     field was removed in  Linux  4.5,  since  providing  this
831                     information  for  a process with large numbers of threads
832                     is expensive.
833
834              [vdso] The  virtual  dynamically  linked  shared  object.    See
835                     vdso(7).
836
837              [heap] The process's heap.
838
839              If  the pathname field is blank, this is an anonymous mapping as
840              obtained via mmap(2).  There is no easy way to  coordinate  this
841              back  to a process's source, short of running it through gdb(1),
842              strace(1), or similar.
843
844              pathname is shown unescaped except for newline characters, which
845              are  replaced with an octal escape sequence.  As a result, it is
846              not possible to determine whether  the  original  pathname  con‐
847              tained  a  newline  character  or  the  literal  \e012 character
848              sequence.
849
850              If the mapping is file-backed and the file has been deleted, the
851              string " (deleted)" is appended to the pathname.  Note that this
852              is ambiguous too.
853
854              Under Linux 2.0, there is no field giving pathname.
855
856       /proc/[pid]/mem
857              This file can be used to access the pages of a process's  memory
858              through open(2), read(2), and lseek(2).
859
860              Permission  to  access  this file is governed by a ptrace access
861              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
862
863       /proc/[pid]/mountinfo (since Linux 2.6.26)
864              This  file  contains  information  about  mount  points  in  the
865              process's  mount  namespace  (see mount_namespaces(7)).  It sup‐
866              plies various information  (e.g.,  propagation  state,  root  of
867              mount for bind mounts, identifier for each mount and its parent)
868              that is missing from the (older)  /proc/[pid]/mounts  file,  and
869              fixes  various  other problems with that file (e.g., nonextensi‐
870              bility, failure to distinguish per-mount  versus  per-superblock
871              options).
872
873              The file contains lines of the form:
874
87536 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
876(1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
877
878              The  numbers  in  parentheses  are  labels  for the descriptions
879              below:
880
881              (1)  mount ID: a unique ID for the mount (may  be  reused  after
882                   umount(2)).
883
884              (2)  parent  ID:  the ID of the parent mount (or of self for the
885                   root of this mount namespace's mount tree).
886
887                   If a new mount is stacked on top  of  a  previous  existing
888                   mount  (so that it hides the existing mount) at pathname P,
889                   then the parent of the new mount is the previous  mount  at
890                   that  location.   Thus,  when  looking  at  all  the mounts
891                   stacked at a particular location, the top-most mount is the
892                   one  that  is not the parent of any other mount at the same
893                   location.  (Note, however, that this top-most mount will be
894                   accessible  only if the longest path subprefix of P that is
895                   a mount point is not itself hidden by a stacked mount.)
896
897                   If the parent mount point lies outside the  process's  root
898                   directory  (see  chroot(2)), the ID shown here won't have a
899                   corresponding record in mountinfo whose mount ID (field  1)
900                   matches this parent mount ID (because mount points that lie
901                   outside the process's  root  directory  are  not  shown  in
902                   mountinfo).  As a special case of this point, the process's
903                   root mount point may have a parent mount (for the initramfs
904                   filesystem) that lies outside the process's root directory,
905                   and an entry for  that  mount  point  will  not  appear  in
906                   mountinfo.
907
908              (3)  major:minor: the value of st_dev for files on this filesys‐
909                   tem (see stat(2)).
910
911              (4)  root: the pathname of the directory in the filesystem which
912                   forms the root of this mount.
913
914              (5)  mount  point:  the  pathname of the mount point relative to
915                   the process's root directory.
916
917              (6)  mount options: per-mount options (see mount(2)).
918
919              (7)  optional  fields:  zero  or  more  fields   of   the   form
920                   "tag[:value]"; see below.
921
922              (8)  separator:  the  end  of the optional fields is marked by a
923                   single hyphen.
924
925              (9)  filesystem  type:  the  filesystem   type   in   the   form
926                   "type[.subtype]".
927
928              (10) mount source: filesystem-specific information or "none".
929
930              (11) super options: per-superblock options (see mount(2)).
931
932              Currently,  the  possible  optional  fields  are shared, master,
933              propagate_from, and unbindable.  See mount_namespaces(7)  for  a
934              description of these fields.  Parsers should ignore all unrecog‐
935              nized optional fields.
936
937              For  more  information  on  mount  propagation  see:  Documenta‐
938              tion/filesystems/sharedsubtree.txt  in  the  Linux kernel source
939              tree.
940
941       /proc/[pid]/mounts (since Linux 2.4.19)
942              This file lists all the filesystems  currently  mounted  in  the
943              process's mount namespace (see mount_namespaces(7)).  The format
944              of this file is documented in fstab(5).
945
946              Since kernel version 2.6.15, this file is pollable: after  open‐
947              ing  the  file  for  reading,  a  change  in  this file (i.e., a
948              filesystem mount or unmount) causes select(2) to mark  the  file
949              descriptor  as  having an exceptional condition, and poll(2) and
950              epoll_wait(2) mark the file as having a  priority  event  (POLL‐
951              PRI).  (Before Linux 2.6.30, a change in this file was indicated
952              by the file descriptor being marked as readable  for  select(2),
953              and  being  marked  as having an error condition for poll(2) and
954              epoll_wait(2).)
955
956       /proc/[pid]/mountstats (since Linux 2.6.17)
957              This file exports information (statistics, configuration  infor‐
958              mation)  about the mount points in the process's mount namespace
959              (see mount_namespaces(7)).  Lines in this file have the form:
960
961                  device /dev/sda7 mounted on /home with fstype ext3 [stats]
962                  (       1      )            ( 2 )             (3 ) (  4  )
963
964              The fields in each line are:
965
966              (1)  The name of the mounted device (or "nodevice" if  there  is
967                   no corresponding device).
968
969              (2)  The mount point within the filesystem tree.
970
971              (3)  The filesystem type.
972
973              (4)  Optional  statistics  and  configuration information.  Cur‐
974                   rently (as at Linux 2.6.26), only  NFS  filesystems  export
975                   information via this field.
976
977              This file is readable only by the owner of the process.
978
979       /proc/[pid]/net (since Linux 2.6.25)
980              See the description of /proc/net.
981
982       /proc/[pid]/ns/ (since Linux 3.0)
983              This  is  a subdirectory containing one entry for each namespace
984              that supports being manipulated by setns(2).  For more  informa‐
985              tion, see namespaces(7).
986
987       /proc/[pid]/numa_maps (since Linux 2.6.14)
988              See numa(7).
989
990       /proc/[pid]/oom_adj (since Linux 2.6.11)
991              This  file  can be used to adjust the score used to select which
992              process should be killed in an  out-of-memory  (OOM)  situation.
993              The  kernel  uses  this  value  for a bit-shift operation of the
994              process's oom_score value: valid values are in the range -16  to
995              +15,  plus  the  special  value  -17, which disables OOM-killing
996              altogether for this process.  A  positive  score  increases  the
997              likelihood  of  this  process  being killed by the OOM-killer; a
998              negative score decreases the likelihood.
999
1000              The default value for this file is 0; a new process inherits its
1001              parent's   oom_adj   setting.   A  process  must  be  privileged
1002              (CAP_SYS_RESOURCE) to update this file.
1003
1004              Since Linux 2.6.36, use of this file is deprecated in  favor  of
1005              /proc/[pid]/oom_score_adj.
1006
1007       /proc/[pid]/oom_score (since Linux 2.6.11)
1008              This  file  displays  the current score that the kernel gives to
1009              this process for the purpose of selecting a process for the OOM-
1010              killer.  A higher score means that the process is more likely to
1011              be selected by the OOM-killer.  The basis for this score is  the
1012              amount  of  memory  used  by  the process, with increases (+) or
1013              decreases (-) for factors including:
1014
1015              * whether the process is privileged (-).
1016
1017              Before kernel 2.6.36 the following factors were also used in the
1018              calculation of oom_score:
1019
1020              * whether  the  process  creates a lot of children using fork(2)
1021                (+);
1022
1023              * whether the process has been running a long time, or has  used
1024                a lot of CPU time (-);
1025
1026              * whether the process has a low nice value (i.e., > 0) (+); and
1027
1028              * whether the process is making direct hardware access (-).
1029
1030              The  oom_score  also  reflects  the  adjustment specified by the
1031              oom_score_adj or oom_adj setting for the process.
1032
1033       /proc/[pid]/oom_score_adj (since Linux 2.6.36)
1034              This file can be used to adjust the badness  heuristic  used  to
1035              select which process gets killed in out-of-memory conditions.
1036
1037              The  badness  heuristic  assigns  a value to each candidate task
1038              ranging from 0 (never kill) to 1000 (always kill)  to  determine
1039              which  process  is targeted.  The units are roughly a proportion
1040              along that range of allowed  memory  the  process  may  allocate
1041              from, based on an estimation of its current memory and swap use.
1042              For example, if a task is using all allowed memory, its  badness
1043              score  will be 1000.  If it is using half of its allowed memory,
1044              its score will be 500.
1045
1046              There is an additional factor included  in  the  badness  score:
1047              root processes are given 3% extra memory over other tasks.
1048
1049              The  amount  of "allowed" memory depends on the context in which
1050              the OOM-killer was called.  If it is due to the memory  assigned
1051              to  the  allocating  task's  cpuset being exhausted, the allowed
1052              memory represents the set of mems assigned to that  cpuset  (see
1053              cpuset(7)).   If  it  is  due  to  a  mempolicy's  node(s) being
1054              exhausted, the allowed memory represents the  set  of  mempolicy
1055              nodes.   If  it  is  due to a memory limit (or swap limit) being
1056              reached, the allowed memory is that configured limit.   Finally,
1057              if  it  is  due  to  the  entire system being out of memory, the
1058              allowed memory represents all allocatable resources.
1059
1060              The value of oom_score_adj is added to the badness score  before
1061              it  is  used to determine which task to kill.  Acceptable values
1062              range    from     -1000     (OOM_SCORE_ADJ_MIN)     to     +1000
1063              (OOM_SCORE_ADJ_MAX).   This  allows  user  space  to control the
1064              preference for OOM-killing, ranging  from  always  preferring  a
1065              certain  task  or completely disabling it from OOM killing.  The
1066              lowest possible value, -1000, is equivalent  to  disabling  OOM-
1067              killing  entirely  for  that task, since it will always report a
1068              badness score of 0.
1069
1070              Consequently, it is very simple for user  space  to  define  the
1071              amount  of  memory  to  consider  for  each  task.   Setting  an
1072              oom_score_adj value of +500, for example, is roughly  equivalent
1073              to  allowing  the  remainder  of  tasks sharing the same system,
1074              cpuset, mempolicy, or memory  controller  resources  to  use  at
1075              least  50%  more  memory.   A  value of -500, on the other hand,
1076              would be roughly equivalent to discounting  50%  of  the  task's
1077              allowed  memory  from  being  considered  as scoring against the
1078              task.
1079
1080              For    backward    compatibility    with    previous    kernels,
1081              /proc/[pid]/oom_adj can still be used to tune the badness score.
1082              Its value is scaled linearly with oom_score_adj.
1083
1084              Writing to /proc/[pid]/oom_score_adj or /proc/[pid]/oom_adj will
1085              change the other with its scaled value.
1086
1087              The  choom(1)  program  provides  a  command-line  interface for
1088              adjusting the oom_score_adj value of  a  running  process  or  a
1089              newly executed command.
1090
1091       /proc/[pid]/pagemap (since Linux 2.6.25)
1092              This  file  shows  the  mapping of each of the process's virtual
1093              pages into physical page frames or swap area.  It  contains  one
1094              64-bit  value  for  each virtual page, with the bits set as fol‐
1095              lows:
1096
1097              63     If set, the page is present in RAM.
1098
1099              62     If set, the page is in swap space
1100
1101              61 (since Linux 3.5)
1102                     The page is a file-mapped  page  or  a  shared  anonymous
1103                     page.
1104
1105              60–57 (since Linux 3.11)
1106                     Zero
1107
1108              56 (since Linux 4.2)
1109                     The page is exclusively mapped.
1110
1111              55 (since Linux 3.11)
1112                     PTE  is soft-dirty (see the kernel source file Documenta‐
1113                     tion/admin-guide/mm/soft-dirty.rst).
1114
1115              54–0   If the page is present in RAM (bit 63), then  these  bits
1116                     provide the page frame number, which can be used to index
1117                     /proc/kpageflags and /proc/kpagecount.  If  the  page  is
1118                     present  in  swap  (bit  62), then bits 4–0 give the swap
1119                     type, and bits 54–5 encode the swap offset.
1120
1121              Before Linux 3.11, bits 60–55 were used to encode the base-2 log
1122              of the page size.
1123
1124              To  employ /proc/[pid]/pagemap efficiently, use /proc/[pid]/maps
1125              to determine which areas of memory are actually mapped and  seek
1126              to skip over unmapped regions.
1127
1128              The  /proc/[pid]/pagemap  file  is  present  only  if  the  CON‐
1129              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1130
1131              Permission to access this file is governed by  a  ptrace  access
1132              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1133
1134       /proc/[pid]/personality (since Linux 2.6.28)
1135              This  read-only  file exposes the process's execution domain, as
1136              set by personality(2).  The value is  displayed  in  hexadecimal
1137              notation.
1138
1139              Permission  to  access  this file is governed by a ptrace access
1140              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1141
1142       /proc/[pid]/root
1143              UNIX and Linux support the idea of a  per-process  root  of  the
1144              filesystem,  set  by  the chroot(2) system call.  This file is a
1145              symbolic link that points to the process's root  directory,  and
1146              behaves in the same way as exe, and fd/*.
1147
1148              Note  however  that this file is not merely a symbolic link.  It
1149              provides the same view of the filesystem  (including  namespaces
1150              and  the  set  of per-process mounts) as the process itself.  An
1151              example illustrates this point.  In one  terminal,  we  start  a
1152              shell  in  new  user  and mount namespaces, and in that shell we
1153              create some new mount points:
1154
1155                  $ PS1='sh1# ' unshare -Urnm
1156                  sh1# mount -t tmpfs tmpfs /etc  # Mount empty tmpfs at /etc
1157                  sh1# mount --bind /usr /dev     # Mount /usr at /dev
1158                  sh1# echo $$
1159                  27123
1160
1161              In a second terminal window, in the initial mount namespace,  we
1162              look  at the contents of the corresponding mounts in the initial
1163              and new namespaces:
1164
1165                  $ PS1='sh2# ' sudo sh
1166                  sh2# ls /etc | wc -l                  # In initial NS
1167                  309
1168                  sh2# ls /proc/27123/root/etc | wc -l  # /etc in other NS
1169                  0                                     # The empty tmpfs dir
1170                  sh2# ls /dev | wc -l                  # In initial NS
1171                  205
1172                  sh2# ls /proc/27123/root/dev | wc -l  # /dev in other NS
1173                  11                                    # Actually bind
1174                                                        # mounted to /usr
1175                  sh2# ls /usr | wc -l                  # /usr in initial NS
1176                  11
1177
1178              In a multithreaded process, the contents of the /proc/[pid]/root
1179              symbolic  link  are not available if the main thread has already
1180              terminated (typically by calling pthread_exit(3)).
1181
1182              Permission to dereference or read  (readlink(2))  this  symbolic
1183              link     is     governed     by    a    ptrace    access    mode
1184              PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1185
1186       /proc/[pid]/seccomp (Linux 2.6.12 to 2.6.22)
1187              This file can be used to read and change  the  process's  secure
1188              computing  (seccomp)  mode  setting.  It contains the value 0 if
1189              the process is not in seccomp mode, and 1 if the process  is  in
1190              strict  seccomp  mode  (see seccomp(2)).  Writing 1 to this file
1191              places the process irreversibly in strict seccomp  mode.   (Fur‐
1192              ther attempts to write to the file fail with the EPERM error.)
1193
1194              In  Linux  2.6.23,  this  file  went away, to be replaced by the
1195              prctl(2) PR_GET_SECCOMP and PR_SET_SECCOMP operations (and later
1196              by seccomp(2) and the Seccomp field in /proc/[pid]/status).
1197
1198       /proc/[pid]/setgroups (since Linux 3.19)
1199              See user_namespaces(7).
1200
1201       /proc/[pid]/smaps (since Linux 2.6.14)
1202              This  file  shows  memory  consumption for each of the process's
1203              mappings.  (The pmap(1) command displays similar information, in
1204              a  form that may be easier for parsing.)  For each mapping there
1205              is a series of lines such as the following:
1206
1207                  00400000-0048a000 r-xp 00000000 fd:03 960637       /bin/bash
1208                  Size:                552 kB
1209                  Rss:                 460 kB
1210                  Pss:                 100 kB
1211                  Shared_Clean:        452 kB
1212                  Shared_Dirty:          0 kB
1213                  Private_Clean:         8 kB
1214                  Private_Dirty:         0 kB
1215                  Referenced:          460 kB
1216                  Anonymous:             0 kB
1217                  AnonHugePages:         0 kB
1218                  ShmemHugePages:        0 kB
1219                  ShmemPmdMapped:        0 kB
1220                  Swap:                  0 kB
1221                  KernelPageSize:        4 kB
1222                  MMUPageSize:           4 kB
1223                  KernelPageSize:        4 kB
1224                  MMUPageSize:           4 kB
1225                  Locked:                0 kB
1226                  ProtectionKey:         0
1227                  VmFlags: rd ex mr mw me dw
1228
1229              The first of these lines shows the same information as  is  dis‐
1230              played for the mapping in /proc/[pid]/maps.  The following lines
1231              show the size of the mapping, the amount of the mapping that  is
1232              currently  resident  in  RAM ("Rss"), the process's proportional
1233              share of this mapping ("Pss"), the number  of  clean  and  dirty
1234              shared  pages  in the mapping, and the number of clean and dirty
1235              private pages in the mapping.  "Referenced" indicates the amount
1236              of  memory  currently marked as referenced or accessed.  "Anony‐
1237              mous" shows the amount of memory that does  not  belong  to  any
1238              file.   "Swap"  shows how much would-be-anonymous memory is also
1239              used, but out on swap.
1240
1241              The "KernelPageSize" line (available since Linux 2.6.29) is  the
1242              page  size  used  by the kernel to back the virtual memory area.
1243              This matches the size used by the MMU in the majority of  cases.
1244              However,  one  counter-example occurs on PPC64 kernels whereby a
1245              kernel using 64 kB as a base page size may still use 4 kB  pages
1246              for  the  MMU  on  older  processors.   To  distinguish  the two
1247              attributes, the "MMUPageSize" line (also available  since  Linux
1248              2.6.29) reports the page size used by the MMU.
1249
1250              The  "Locked"  indicates whether the mapping is locked in memory
1251              or not.
1252
1253              The "ProtectionKey" line (available  since  Linux  4.9,  on  x86
1254              only)  contains the memory protection key (see pkeys(7)) associ‐
1255              ated with the virtual memory area.  This entry is  present  only
1256              if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
1257              TION_KEYS configuration option.
1258
1259              The "VmFlags" line (available since Linux  3.8)  represents  the
1260              kernel  flags  associated  with the virtual memory area, encoded
1261              using the following two-letter codes:
1262
1263                  rd  - readable
1264                  wr  - writable
1265                  ex  - executable
1266                  sh  - shared
1267                  mr  - may read
1268                  mw  - may write
1269                  me  - may execute
1270                  ms  - may share
1271                  gd  - stack segment grows down
1272                  pf  - pure PFN range
1273                  dw  - disabled write to the mapped file
1274                  lo  - pages are locked in memory
1275                  io  - memory mapped I/O area
1276                  sr  - sequential read advise provided
1277                  rr  - random read advise provided
1278                  dc  - do not copy area on fork
1279                  de  - do not expand area on remapping
1280                  ac  - area is accountable
1281                  nr  - swap space is not reserved for the area
1282                  ht  - area uses huge tlb pages
1283                  sf  - perform synchronous page faults (since Linux 4.15)
1284                  nl  - non-linear mapping (removed in Linux 4.0)
1285                  ar  - architecture specific flag
1286                  wf  - wipe on fork (since Linux 4.14)
1287                  dd  - do not include area into core dump
1288                  sd  - soft-dirty flag (since Linux 3.13)
1289                  mm  - mixed map area
1290                  hg  - huge page advise flag
1291                  nh  - no-huge page advise flag
1292                  mg  - mergeable advise flag
1293                  um  - userfaultfd missing pages tracking (since Linux 4.3)
1294                  uw  - userfaultfd wprotect pages tracking (since Linux 4.3)
1295
1296              "ProtectionKey" field contains the memory  protection  key  (see
1297              pkeys(7)) associated with the virtual memory area.  Present only
1298              if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
1299              TION_KEYS configuration option. (since Linux 4.6)
1300
1301              The   /proc/[pid]/smaps   file  is  present  only  if  the  CON‐
1302              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1303
1304       /proc/[pid]/stack (since Linux 2.6.29)
1305              This file provides a symbolic trace of  the  function  calls  in
1306              this  process's kernel stack.  This file is provided only if the
1307              kernel  was  built  with  the  CONFIG_STACKTRACE   configuration
1308              option.
1309
1310              Permission  to  access  this file is governed by a ptrace access
1311              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1312
1313       /proc/[pid]/stat
1314              Status information about the process.  This is  used  by  ps(1).
1315              It is defined in the kernel source file fs/proc/array.c.
1316
1317              The  fields,  in order, with their proper scanf(3) format speci‐
1318              fiers, are listed below.  Whether or not certain of these fields
1319              display  valid  information  is governed by a ptrace access mode
1320              PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT check  (refer  to
1321              ptrace(2)).  If the check denies access, then the field value is
1322              displayed as 0.  The affected  fields  are  indicated  with  the
1323              marking [PT].
1324
1325              (1) pid  %d
1326                        The process ID.
1327
1328              (2) comm  %s
1329                        The  filename of the executable, in parentheses.  This
1330                        is visible whether or not the  executable  is  swapped
1331                        out.
1332
1333              (3) state  %c
1334                        One  of  the  following characters, indicating process
1335                        state:
1336
1337                        R  Running
1338
1339                        S  Sleeping in an interruptible wait
1340
1341                        D  Waiting in uninterruptible disk sleep
1342
1343                        Z  Zombie
1344
1345                        T  Stopped (on a  signal)  or  (before  Linux  2.6.33)
1346                           trace stopped
1347
1348                        t  Tracing stop (Linux 2.6.33 onward)
1349
1350                        W  Paging (only before Linux 2.6.0)
1351
1352                        X  Dead (from Linux 2.6.0 onward)
1353
1354                        x  Dead (Linux 2.6.33 to 3.13 only)
1355
1356                        K  Wakekill (Linux 2.6.33 to 3.13 only)
1357
1358                        W  Waking (Linux 2.6.33 to 3.13 only)
1359
1360                        P  Parked (Linux 3.9 to 3.13 only)
1361
1362              (4) ppid  %d
1363                        The PID of the parent of this process.
1364
1365              (5) pgrp  %d
1366                        The process group ID of the process.
1367
1368              (6) session  %d
1369                        The session ID of the process.
1370
1371              (7) tty_nr  %d
1372                        The  controlling  terminal of the process.  (The minor
1373                        device number is contained in the combination of  bits
1374                        31  to  20  and  7 to 0; the major device number is in
1375                        bits 15 to 8.)
1376
1377              (8) tpgid  %d
1378                        The ID of the foreground process group of the control‐
1379                        ling terminal of the process.
1380
1381              (9) flags  %u
1382                        The  kernel  flags word of the process.  For bit mean‐
1383                        ings, see the PF_* defines in the Linux kernel  source
1384                        file  include/linux/sched.h.   Details  depend  on the
1385                        kernel version.
1386
1387                        The format for this field was %lu before Linux 2.6.
1388
1389              (10) minflt  %lu
1390                        The number of minor faults the process has made  which
1391                        have not required loading a memory page from disk.
1392
1393              (11) cminflt  %lu
1394                        The  number of minor faults that the process's waited-
1395                        for children have made.
1396
1397              (12) majflt  %lu
1398                        The number of major faults the process has made  which
1399                        have required loading a memory page from disk.
1400
1401              (13) cmajflt  %lu
1402                        The  number of major faults that the process's waited-
1403                        for children have made.
1404
1405              (14) utime  %lu
1406                        Amount of time that this process has been scheduled in
1407                        user   mode,   measured  in  clock  ticks  (divide  by
1408                        sysconf(_SC_CLK_TCK)).   This  includes  guest   time,
1409                        guest_time  (time  spent  running  a  virtual CPU, see
1410                        below), so that applications that are not aware of the
1411                        guest time field do not lose that time from their cal‐
1412                        culations.
1413
1414              (15) stime  %lu
1415                        Amount of time that this process has been scheduled in
1416                        kernel  mode,  measured  in  clock  ticks  (divide  by
1417                        sysconf(_SC_CLK_TCK)).
1418
1419              (16) cutime  %ld
1420                        Amount of time that this process's waited-for children
1421                        have  been  scheduled  in user mode, measured in clock
1422                        ticks (divide  by  sysconf(_SC_CLK_TCK)).   (See  also
1423                        times(2).)   This  includes  guest  time,  cguest_time
1424                        (time spent running a virtual CPU, see below).
1425
1426              (17) cstime  %ld
1427                        Amount of time that this process's waited-for children
1428                        have  been scheduled in kernel mode, measured in clock
1429                        ticks (divide by sysconf(_SC_CLK_TCK)).
1430
1431              (18) priority  %ld
1432                        (Explanation for Linux 2.6) For  processes  running  a
1433                        real-time   scheduling   policy   (policy  below;  see
1434                        sched_setscheduler(2)), this is the negated scheduling
1435                        priority, minus one; that is, a number in the range -2
1436                        to -100, corresponding to real-time  priorities  1  to
1437                        99.   For  processes  running  under  a  non-real-time
1438                        scheduling policy, this is the raw nice value (setpri‐
1439                        ority(2))  as  represented  in the kernel.  The kernel
1440                        stores nice values as numbers in the range 0 (high) to
1441                        39 (low), corresponding to the user-visible nice range
1442                        of -20 to 19.
1443
1444                        Before Linux 2.6, this was a scaled value based on the
1445                        scheduler weighting given to this process.
1446
1447              (19) nice  %ld
1448                        The  nice  value  (see setpriority(2)), a value in the
1449                        range 19 (low priority) to -20 (high priority).
1450
1451              (20) num_threads  %ld
1452                        Number of threads in this process (since  Linux  2.6).
1453                        Before kernel 2.6, this field was hard coded to 0 as a
1454                        placeholder for an earlier removed field.
1455
1456              (21) itrealvalue  %ld
1457                        The time in jiffies before the next SIGALRM is sent to
1458                        the  process  due  to an interval timer.  Since kernel
1459                        2.6.17, this field is no  longer  maintained,  and  is
1460                        hard coded as 0.
1461
1462              (22) starttime  %llu
1463                        The  time  the  process started after system boot.  In
1464                        kernels before Linux 2.6, this value was expressed  in
1465                        jiffies.   Since  Linux 2.6, the value is expressed in
1466                        clock ticks (divide by sysconf(_SC_CLK_TCK)).
1467
1468                        The format for this field was %lu before Linux 2.6.
1469
1470              (23) vsize  %lu
1471                        Virtual memory size in bytes.
1472
1473              (24) rss  %ld
1474                        Resident Set Size: number of pages the process has  in
1475                        real  memory.   This  is  just  the  pages which count
1476                        toward text, data, or  stack  space.   This  does  not
1477                        include pages which have not been demand-loaded in, or
1478                        which are swapped out.
1479
1480              (25) rsslim  %lu
1481                        Current soft limit in bytes on the rss of the process;
1482                        see the description of RLIMIT_RSS in getrlimit(2).
1483
1484              (26) startcode  %lu  [PT]
1485                        The address above which program text can run.
1486
1487              (27) endcode  %lu  [PT]
1488                        The address below which program text can run.
1489
1490              (28) startstack  %lu  [PT]
1491                        The address of the start (i.e., bottom) of the stack.
1492
1493              (29) kstkesp  %lu  [PT]
1494                        The  current value of ESP (stack pointer), as found in
1495                        the kernel stack page for the process.
1496
1497              (30) kstkeip  %lu  [PT]
1498                        The current EIP (instruction pointer).
1499
1500              (31) signal  %lu
1501                        The bitmap of pending signals, displayed as a  decimal
1502                        number.   Obsolete, because it does not provide infor‐
1503                        mation on real-time  signals;  use  /proc/[pid]/status
1504                        instead.
1505
1506              (32) blocked  %lu
1507                        The  bitmap of blocked signals, displayed as a decimal
1508                        number.  Obsolete, because it does not provide  infor‐
1509                        mation  on  real-time  signals; use /proc/[pid]/status
1510                        instead.
1511
1512              (33) sigignore  %lu
1513                        The bitmap of ignored signals, displayed as a  decimal
1514                        number.   Obsolete, because it does not provide infor‐
1515                        mation on real-time  signals;  use  /proc/[pid]/status
1516                        instead.
1517
1518              (34) sigcatch  %lu
1519                        The  bitmap  of caught signals, displayed as a decimal
1520                        number.  Obsolete, because it does not provide  infor‐
1521                        mation  on  real-time  signals; use /proc/[pid]/status
1522                        instead.
1523
1524              (35) wchan  %lu  [PT]
1525                        This is the "channel" in which the process is waiting.
1526                        It  is  the  address of a location in the kernel where
1527                        the process is sleeping.  The  corresponding  symbolic
1528                        name can be found in /proc/[pid]/wchan.
1529
1530              (36) nswap  %lu
1531                        Number of pages swapped (not maintained).
1532
1533              (37) cnswap  %lu
1534                        Cumulative nswap for child processes (not maintained).
1535
1536              (38) exit_signal  %d  (since Linux 2.1.22)
1537                        Signal to be sent to parent when we die.
1538
1539              (39) processor  %d  (since Linux 2.2.8)
1540                        CPU number last executed on.
1541
1542              (40) rt_priority  %u  (since Linux 2.5.19)
1543                        Real-time scheduling priority, a number in the range 1
1544                        to 99 for processes scheduled under a  real-time  pol‐
1545                        icy,   or   0,   for   non-real-time   processes  (see
1546                        sched_setscheduler(2)).
1547
1548              (41) policy  %u  (since Linux 2.5.19)
1549                        Scheduling policy (see sched_setscheduler(2)).  Decode
1550                        using the SCHED_* constants in linux/sched.h.
1551
1552                        The format for this field was %lu before Linux 2.6.22.
1553
1554              (42) delayacct_blkio_ticks  %llu  (since Linux 2.6.18)
1555                        Aggregated  block  I/O delays, measured in clock ticks
1556                        (centiseconds).
1557
1558              (43) guest_time  %lu  (since Linux 2.6.24)
1559                        Guest time of the process (time spent running  a  vir‐
1560                        tual  CPU  for  a guest operating system), measured in
1561                        clock ticks (divide by sysconf(_SC_CLK_TCK)).
1562
1563              (44) cguest_time  %ld  (since Linux 2.6.24)
1564                        Guest time of  the  process's  children,  measured  in
1565                        clock ticks (divide by sysconf(_SC_CLK_TCK)).
1566
1567              (45) start_data  %lu  (since Linux 3.3)  [PT]
1568                        Address above which program initialized and uninitial‐
1569                        ized (BSS) data are placed.
1570
1571              (46) end_data  %lu  (since Linux 3.3)  [PT]
1572                        Address below which program initialized and uninitial‐
1573                        ized (BSS) data are placed.
1574
1575              (47) start_brk  %lu  (since Linux 3.3)  [PT]
1576                        Address  above which program heap can be expanded with
1577                        brk(2).
1578
1579              (48) arg_start  %lu  (since Linux 3.5)  [PT]
1580                        Address above  which  program  command-line  arguments
1581                        (argv) are placed.
1582
1583              (49) arg_end  %lu  (since Linux 3.5)  [PT]
1584                        Address  below  program  command-line arguments (argv)
1585                        are placed.
1586
1587              (50) env_start  %lu  (since Linux 3.5)  [PT]
1588                        Address above which program environment is placed.
1589
1590              (51) env_end  %lu  (since Linux 3.5)  [PT]
1591                        Address below which program environment is placed.
1592
1593              (52) exit_code  %d  (since Linux 3.5)  [PT]
1594                        The thread's exit status in the form reported by wait‐
1595                        pid(2).
1596
1597       /proc/[pid]/statm
1598              Provides information about memory usage, measured in pages.  The
1599              columns are:
1600
1601                  size       (1) total program size
1602                             (same as VmSize in /proc/[pid]/status)
1603                  resident   (2) resident set size
1604                             (same as VmRSS in /proc/[pid]/status)
1605                  shared     (3) number of resident shared pages (i.e., backed by a file)
1606                             (same as RssFile+RssShmem in /proc/[pid]/status)
1607                  text       (4) text (code)
1608                  lib        (5) library (unused since Linux 2.6; always 0)
1609                  data       (6) data + stack
1610                  dt         (7) dirty pages (unused since Linux 2.6; always 0)
1611
1612       /proc/[pid]/status
1613              Provides  much  of  the  information  in  /proc/[pid]/stat   and
1614              /proc/[pid]/statm in a format that's easier for humans to parse.
1615              Here's an example:
1616
1617                  $ cat /proc/$$/status
1618                  Name:   bash
1619                  Umask:  0022
1620                  State:  S (sleeping)
1621                  Tgid:   17248
1622                  Ngid:   0
1623                  Pid:    17248
1624                  PPid:   17200
1625                  TracerPid:      0
1626                  Uid:    1000    1000    1000    1000
1627                  Gid:    100     100     100     100
1628                  FDSize: 256
1629                  Groups: 16 33 100
1630                  NStgid: 17248
1631                  NSpid:  17248
1632                  NSpgid: 17248
1633                  NSsid:  17200
1634                  VmPeak:     131168 kB
1635                  VmSize:     131168 kB
1636                  VmLck:           0 kB
1637                  VmPin:           0 kB
1638                  VmHWM:       13484 kB
1639                  VmRSS:       13484 kB
1640                  RssAnon:     10264 kB
1641                  RssFile:      3220 kB
1642                  RssShmem:        0 kB
1643                  VmData:      10332 kB
1644                  VmStk:         136 kB
1645                  VmExe:         992 kB
1646                  VmLib:        2104 kB
1647                  VmPTE:          76 kB
1648                  VmPMD:          12 kB
1649                  VmSwap:          0 kB
1650                  HugetlbPages:          0 kB        # 4.4
1651                  CoreDumping:   0                       # 4.15
1652                  Threads:        1
1653                  SigQ:   0/3067
1654                  SigPnd: 0000000000000000
1655                  ShdPnd: 0000000000000000
1656                  SigBlk: 0000000000010000
1657                  SigIgn: 0000000000384004
1658                  SigCgt: 000000004b813efb
1659                  CapInh: 0000000000000000
1660                  CapPrm: 0000000000000000
1661                  CapEff: 0000000000000000
1662                  CapBnd: ffffffffffffffff
1663                  CapAmb:   0000000000000000
1664                  NoNewPrivs:     0
1665                  Seccomp:        0
1666                  Speculation_Store_Bypass:       vulnerable
1667                  Cpus_allowed:   00000001
1668                  Cpus_allowed_list:      0
1669                  Mems_allowed:   1
1670                  Mems_allowed_list:      0
1671                  voluntary_ctxt_switches:        150
1672                  nonvoluntary_ctxt_switches:     545
1673
1674              The fields are as follows:
1675
1676              * Name: Command run by this process.
1677
1678              * Umask: Process umask, expressed in octal with a leading  zero;
1679                see umask(2).  (Since Linux 4.7.)
1680
1681              * State: Current state of the process.  One of "R (running)", "S
1682                (sleeping)", "D (disk  sleep)",  "T  (stopped)",  "t  (tracing
1683                stop)", "Z (zombie)", or "X (dead)".
1684
1685              * Tgid: Thread group ID (i.e., Process ID).
1686
1687              * Ngid: NUMA group ID (0 if none; since Linux 3.13).
1688
1689              * Pid: Thread ID (see gettid(2)).
1690
1691              * PPid: PID of parent process.
1692
1693              * TracerPid: PID of process tracing this process (0 if not being
1694                traced).
1695
1696              * Uid, Gid: Real, effective,  saved  set,  and  filesystem  UIDs
1697                (GIDs).
1698
1699              * FDSize: Number of file descriptor slots currently allocated.
1700
1701              * Groups: Supplementary group list.
1702
1703              * NStgid:  Thread group ID (i.e., PID) in each of the PID names‐
1704                paces of which [pid] is a member.  The  leftmost  entry  shows
1705                the  value  with  respect  to the PID namespace of the process
1706                that mounted this procfs (or the root namespace if mounted  by
1707                the  kernel),  followed  by  the  value in successively nested
1708                inner namespaces.  (Since Linux 4.1.)
1709
1710              * NSpid: Thread ID in each of the PID namespaces of which  [pid]
1711                is  a  member.   The fields are ordered as for NStgid.  (Since
1712                Linux 4.1.)
1713
1714              * NSpgid: Process group ID in each  of  the  PID  namespaces  of
1715                which  [pid]  is a member.  The fields are ordered as for NSt‐
1716                gid.  (Since Linux 4.1.)
1717
1718              * NSsid: descendant namespace session ID hierarchy Session ID in
1719                each  of  the  PID namespaces of which [pid] is a member.  The
1720                fields are ordered as for NStgid.  (Since Linux 4.1.)
1721
1722              * VmPeak: Peak virtual memory size.
1723
1724              * VmSize: Virtual memory size.
1725
1726              * VmLck: Locked memory size (see mlock(2)).
1727
1728              * VmPin: Pinned memory size (since Linux 3.2).  These are  pages
1729                that can't be moved because something needs to directly access
1730                physical memory.
1731
1732              * VmHWM: Peak resident set size ("high water mark").
1733
1734              * VmRSS: Resident set size.  Note that the value here is the sum
1735                of RssAnon, RssFile, and RssShmem.
1736
1737              * RssAnon:  Size  of  resident  anonymous  memory.  (since Linux
1738                4.5).
1739
1740              * RssFile: Size of resident file mappings.  (since Linux 4.5).
1741
1742              * RssShmem: Size of resident shared memory  (includes  System  V
1743                shared  memory,  mappings  from tmpfs(5), and shared anonymous
1744                mappings).  (since Linux 4.5).
1745
1746              * VmData, VmStk, VmExe: Size of data, stack, and text segments.
1747
1748              * VmLib: Shared library code size.
1749
1750              * VmPTE: Page table entries size (since Linux 2.6.10).
1751
1752              * VmPMD: Size of second-level page tables (added in  Linux  4.0;
1753                removed in Linux 4.15).
1754
1755              * VmSwap:  Swapped-out  virtual memory size by anonymous private
1756                pages; shmem swap usage is not included (since Linux 2.6.34).
1757
1758              * HugetlbPages: Size of hugetlb  memory  portions  (since  Linux
1759                4.4).
1760
1761              * CoreDumping:  Contains the value 1 if the process is currently
1762                dumping core, and 0 if it is not  (since  Linux  4.15).   This
1763                information  can  be  used  by  a  monitoring process to avoid
1764                killing a process that is currently dumping core, which  could
1765                result in a corrupted core dump file.
1766
1767              * Threads: Number of threads in process containing this thread.
1768
1769              * SigQ:  This  field  contains  two slash-separated numbers that
1770                relate to queued signals for the real user ID of this process.
1771                The  first  of these is the number of currently queued signals
1772                for this real user ID, and the second is the resource limit on
1773                the  number  of  queued  signals  for  this  process  (see the
1774                description of RLIMIT_SIGPENDING in getrlimit(2)).
1775
1776              * SigPnd, ShdPnd: Mask (expressed  in  hexadecimal)  of  signals
1777                pending for thread and for process as a whole (see pthreads(7)
1778                and signal(7)).
1779
1780              * SigBlk, SigIgn, SigCgt: Masks (expressed in hexadecimal) indi‐
1781                cating  signals  being  blocked, ignored, and caught (see sig‐
1782                nal(7)).
1783
1784              * CapInh, CapPrm, CapEff: Masks (expressed  in  hexadecimal)  of
1785                capabilities  enabled in inheritable, permitted, and effective
1786                sets (see capabilities(7)).
1787
1788              * CapBnd: Capability  bounding  set,  expressed  in  hexadecimal
1789                (since Linux 2.6.26, see capabilities(7)).
1790
1791              * CapAmb:  Ambient  capability  set,  expressed  in  hexadecimal
1792                (since Linux 4.3, see capabilities(7)).
1793
1794              * NoNewPrivs: Value of the no_new_privs bit (since  Linux  4.10,
1795                see prctl(2)).
1796
1797              * Seccomp:  Seccomp  mode  of  the process (since Linux 3.8, see
1798                seccomp(2)).  0  means  SECCOMP_MODE_DISABLED;  1  means  SEC‐
1799                COMP_MODE_STRICT;  2 means SECCOMP_MODE_FILTER.  This field is
1800                provided only if the kernel was built with the  CONFIG_SECCOMP
1801                kernel configuration option enabled.
1802
1803              * Speculation_Store_Bypass:  Speculation  flaw  mitigation state
1804                (since Linux 4.17, see prctl(2)).
1805
1806              * Cpus_allowed: Hexadecimal mask of CPUs on which  this  process
1807                may run (since Linux 2.6.24, see cpuset(7)).
1808
1809              * Cpus_allowed_list:  Same  as  previous,  but  in "list format"
1810                (since Linux 2.6.26, see cpuset(7)).
1811
1812              * Mems_allowed: Mask of memory nodes  allowed  to  this  process
1813                (since Linux 2.6.24, see cpuset(7)).
1814
1815              * Mems_allowed_list:  Same  as  previous,  but  in "list format"
1816                (since Linux 2.6.26, see cpuset(7)).
1817
1818              * voluntary_ctxt_switches, nonvoluntary_ctxt_switches: Number of
1819                voluntary   and  involuntary  context  switches  (since  Linux
1820                2.6.23).
1821
1822       /proc/[pid]/syscall (since Linux 2.6.27)
1823              This file exposes the system call number and argument  registers
1824              for  the  system  call  currently being executed by the process,
1825              followed by the values of the stack pointer and program  counter
1826              registers.   The  values  of  all  six  argument  registers  are
1827              exposed, although most system calls use fewer registers.
1828
1829              If the process is blocked, but not in a system  call,  then  the
1830              file displays -1 in place of the system call number, followed by
1831              just the values of the stack pointer and  program  counter.   If
1832              process  is  not blocked, then the file contains just the string
1833              "running".
1834
1835              This file is present only if the kernel was configured with CON‐
1836              FIG_HAVE_ARCH_TRACEHOOK.
1837
1838              Permission  to  access  this file is governed by a ptrace access
1839              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1840
1841       /proc/[pid]/task (since Linux 2.6.0)
1842              This is a directory that  contains  one  subdirectory  for  each
1843              thread  in  the  process.   The name of each subdirectory is the
1844              numerical thread ID ([tid]) of the thread (see gettid(2)).
1845
1846              Within each of these subdirectories, there is  a  set  of  files
1847              with the same names and contents as under the /proc/[pid] direc‐
1848              tories.  For attributes that are shared by all threads, the con‐
1849              tents  for each of the files under the task/[tid] subdirectories
1850              will be the same as in the  corresponding  file  in  the  parent
1851              /proc/[pid]  directory (e.g., in a multithreaded process, all of
1852              the task/[tid]/cwd  files  will  have  the  same  value  as  the
1853              /proc/[pid]/cwd  file  in the parent directory, since all of the
1854              threads in a process share a working directory).  For attributes
1855              that are distinct for each thread, the corresponding files under
1856              task/[tid] may have different values (e.g.,  various  fields  in
1857              each  of  the  task/[tid]/status files may be different for each
1858              thread), or they might not exist in /proc/[pid] at all.
1859
1860              In a multithreaded process, the contents of the /proc/[pid]/task
1861              directory  are not available if the main thread has already ter‐
1862              minated (typically by calling pthread_exit(3)).
1863
1864       /proc/[pid]/task/[tid]/children (since Linux 3.5)
1865              A space-separated list of child tasks of this task.  Each  child
1866              task is represented by its TID.
1867
1868              This option is intended for use by the checkpoint-restore (CRIU)
1869              system, and reliably provides a list of children only if all  of
1870              the  child  processes  are  stopped or frozen.  It does not work
1871              properly if children of the target task exit while the  file  is
1872              being  read!  Exiting children may cause non-exiting children to
1873              be omitted from the list.  This makes this interface  even  more
1874              unreliable  than  classic  PID-based approaches if the inspected
1875              task and its children aren't frozen, and most code should proba‐
1876              bly not use this interface.
1877
1878              Until  Linux  4.2, the presence of this file was governed by the
1879              CONFIG_CHECKPOINT_RESTORE kernel  configuration  option.   Since
1880              Linux 4.2, it is governed by the CONFIG_PROC_CHILDREN option.
1881
1882       /proc/[pid]/timers (since Linux 3.10)
1883              A  list  of  the  POSIX  timers for this process.  Each timer is
1884              listed with a line that starts with the string "ID:".  For exam‐
1885              ple:
1886
1887                  ID: 1
1888                  signal: 60/00007fff86e452a8
1889                  notify: signal/pid.2634
1890                  ClockID: 0
1891                  ID: 0
1892                  signal: 60/00007fff86e452a8
1893                  notify: signal/pid.2634
1894                  ClockID: 1
1895
1896              The lines shown for each timer have the following meanings:
1897
1898              ID     The ID for this timer.  This is not the same as the timer
1899                     ID returned by timer_create(2); rather, it  is  the  same
1900                     kernel-internal  ID  that is available via the si_timerid
1901                     field of the siginfo_t structure (see sigaction(2)).
1902
1903              signal This is the signal number that this timer uses to deliver
1904                     notifications   followed   by   a  slash,  and  then  the
1905                     sigev_value value supplied to the signal handler.   Valid
1906                     only for timers that notify via a signal.
1907
1908              notify The  part  before  the slash specifies the mechanism that
1909                     this timer uses to deliver notifications, and is  one  of
1910                     "thread", "signal", or "none".  Immediately following the
1911                     slash  is  either  the  string  "tid"  for  timers   with
1912                     SIGEV_THREAD_ID  notification,  or  "pid" for timers that
1913                     notify by other mechanisms.  Following the "." is the PID
1914                     of  the  process  (or the kernel thread ID of the thread)
1915                     that will be delivered a signal  if  the  timer  delivers
1916                     notifications via a signal.
1917
1918              ClockID
1919                     This  field  identifies the clock that the timer uses for
1920                     measuring time.  For most clocks, this is a  number  that
1921                     matches  one  of the user-space CLOCK_* constants exposed
1922                     via <time.h>.   CLOCK_PROCESS_CPUTIME_ID  timers  display
1923                     with     a     value     of    -6    in    this    field.
1924                     CLOCK_THREAD_CPUTIME_ID timers display with a value of -2
1925                     in this field.
1926
1927              This  file is available only when the kernel was configured with
1928              CONFIG_CHECKPOINT_RESTORE.
1929
1930       /proc/[pid]/timerslack_ns (since Linux 4.6)
1931              This file exposes the process's  "current"  timer  slack  value,
1932              expressed  in  nanoseconds.   The file is writable, allowing the
1933              process's timer slack value to be changed.  Writing  0  to  this
1934              file  resets  the  "current"  timer slack to the "default" timer
1935              slack  value.   For  further  details,  see  the  discussion  of
1936              PR_SET_TIMERSLACK in prctl(2).
1937
1938              Initially,  permission  to  access  this  file was governed by a
1939              ptrace  access  mode   PTRACE_MODE_ATTACH_FSCREDS   check   (see
1940              ptrace(2)).   However, this was subsequently deemed too strict a
1941              requirement (and had the side effect that requiring a process to
1942              have  the  CAP_SYS_PTRACE capability would also allow it to view
1943              and change any process's memory).  Therefore, since  Linux  4.9,
1944              only  the (weaker) CAP_SYS_NICE capability is required to access
1945              this file.
1946
1947       /proc/[pid]/uid_map, /proc/[pid]/gid_map (since Linux 3.5)
1948              See user_namespaces(7).
1949
1950       /proc/[pid]/wchan (since Linux 2.6.0)
1951              The symbolic name corresponding to the location  in  the  kernel
1952              where the process is sleeping.
1953
1954              Permission  to  access  this file is governed by a ptrace access
1955              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1956
1957       /proc/[tid]
1958              There  is a numerical subdirectory for each running thread  that
1959              is  not a thread group leader (i.e., a thread whose thread ID is
1960              not the same as its process ID); the subdirectory  is  named  by
1961              the  thread ID.  Each one of these subdirectories contains files
1962              and subdirectories exposing information about  the  thread  with
1963              the  thread  ID  tid.  The contents of these directories are the
1964              same as the corresponding /proc/[pid]/task/[tid] directories.
1965
1966              The /proc/[tid] subdirectories are not  visible  when  iterating
1967              through  /proc  with  getdents(2) (and thus are not visible when
1968              one uses ls(1) to view the contents  of  /proc).   However,  the
1969              pathnames  of  these directories are visible to (i.e., usable as
1970              arguments in) system calls that operate on pathnames.
1971
1972       /proc/apm
1973              Advanced power management version and battery  information  when
1974              CONFIG_APM is defined at kernel compilation time.
1975
1976       /proc/buddyinfo
1977              This file contains information which is used for diagnosing mem‐
1978              ory fragmentation issues.  Each line starts with the identifica‐
1979              tion  of  the node and the name of the zone which together iden‐
1980              tify a memory region.  This is then followed  by  the  count  of
1981              available  chunks  of  a  certain order in which these zones are
1982              split.  The size in bytes of a certain order  is  given  by  the
1983              formula:
1984
1985                  (2^order) * PAGE_SIZE
1986
1987              The  binary  buddy  allocator  algorithm  inside the kernel will
1988              split one chunk into two chunks of a smaller  order  (thus  with
1989              half  the size) or combine two contiguous chunks into one larger
1990              chunk of a higher order (thus with double the size)  to  satisfy
1991              allocation  requests  and  to counter memory fragmentation.  The
1992              order matches the column number, when starting to count at zero.
1993
1994              For example on an x86-64 system:
1995
1996  Node 0, zone     DMA     1    1    1    0    2    1    1    0    1    1    3
1997  Node 0, zone   DMA32    65   47    4   81   52   28   13   10    5    1  404
1998  Node 0, zone  Normal   216   55  189  101   84   38   37   27    5    3  587
1999
2000              In this example, there is one node containing  three  zones  and
2001              there are 11 different chunk sizes.  If the page size is 4 kilo‐
2002              bytes, then the first zone called  DMA  (on  x86  the  first  16
2003              megabyte  of memory) has 1 chunk of 4 kilobytes (order 0) avail‐
2004              able and has 3 chunks of 4 megabytes (order 10) available.
2005
2006              If the memory is heavily fragmented,  the  counters  for  higher
2007              order  chunks  will  be  zero and allocation of large contiguous
2008              areas will fail.
2009
2010              Further information about the zones can be found in  /proc/zone‐
2011              info.
2012
2013       /proc/bus
2014              Contains subdirectories for installed busses.
2015
2016       /proc/bus/pccard
2017              Subdirectory  for  PCMCIA  devices  when CONFIG_PCMCIA is set at
2018              kernel compilation time.
2019
2020       /proc/bus/pccard/drivers
2021
2022       /proc/bus/pci
2023              Contains various bus subdirectories and pseudo-files  containing
2024              information  about  PCI  busses,  installed  devices, and device
2025              drivers.  Some of these files are not ASCII.
2026
2027       /proc/bus/pci/devices
2028              Information about PCI devices.  They  may  be  accessed  through
2029              lspci(8) and setpci(8).
2030
2031       /proc/cgroups (since Linux 2.6.24)
2032              See cgroups(7).
2033
2034       /proc/cmdline
2035              Arguments  passed  to the Linux kernel at boot time.  Often done
2036              via a boot manager such as lilo(8) or grub(8).
2037
2038       /proc/config.gz (since Linux 2.6)
2039              This file exposes the configuration options that  were  used  to
2040              build  the  currently running kernel, in the same format as they
2041              would be shown in the .config file that resulted when  configur‐
2042              ing  the  kernel  (using make xconfig, make config, or similar).
2043              The file contents are compressed;  view  or  search  them  using
2044              zcat(1)  and  zgrep(1).  As long as no changes have been made to
2045              the following file, the contents of /proc/config.gz are the same
2046              as those provided by:
2047
2048                  cat /lib/modules/$(uname -r)/build/.config
2049
2050              /proc/config.gz  is  provided  only  if the kernel is configured
2051              with CONFIG_IKCONFIG_PROC.
2052
2053       /proc/crypto
2054              A list of the ciphers provided by the kernel  crypto  API.   For
2055              details,  see  the  kernel Linux Kernel Crypto API documentation
2056              available  under  the   kernel   source   directory   Documenta‐
2057              tion/crypto/ (or Documentation/DocBook before 4.10; the documen‐
2058              tation can be built using a command such as make htmldocs in the
2059              root directory of the kernel source tree).
2060
2061       /proc/cpuinfo
2062              This  is  a  collection of CPU and system architecture dependent
2063              items, for each supported architecture a  different  list.   Two
2064              common   entries  are  processor  which  gives  CPU  number  and
2065              bogomips; a system constant that  is  calculated  during  kernel
2066              initialization.   SMP  machines  have  information for each CPU.
2067              The lscpu(1) command gathers its information from this file.
2068
2069       /proc/devices
2070              Text listing of major numbers and device groups.   This  can  be
2071              used by MAKEDEV scripts for consistency with the kernel.
2072
2073       /proc/diskstats (since Linux 2.5.69)
2074              This  file  contains  disk  I/O statistics for each disk device.
2075              See the Linux kernel source file  Documentation/iostats.txt  for
2076              further information.
2077
2078       /proc/dma
2079              This  is a list of the registered ISA DMA (direct memory access)
2080              channels in use.
2081
2082       /proc/driver
2083              Empty subdirectory.
2084
2085       /proc/execdomains
2086              List of the execution domains (ABI personalities).
2087
2088       /proc/fb
2089              Frame buffer information when CONFIG_FB is defined during kernel
2090              compilation.
2091
2092       /proc/filesystems
2093              A  text  listing  of  the filesystems which are supported by the
2094              kernel, namely filesystems which were compiled into  the  kernel
2095              or  whose  kernel  modules  are  currently  loaded.   (See  also
2096              filesystems(5).)  If a filesystem is marked with  "nodev",  this
2097              means  that  it  does  not  require a block device to be mounted
2098              (e.g., virtual filesystem, network filesystem).
2099
2100              Incidentally, this file may be used by mount(8) when no filesys‐
2101              tem  is specified and it didn't manage to determine the filesys‐
2102              tem type.  Then filesystems contained in  this  file  are  tried
2103              (excepted those that are marked with "nodev").
2104
2105       /proc/fs
2106              Contains subdirectories that in turn contain files with informa‐
2107              tion about (certain) mounted filesystems.
2108
2109       /proc/ide
2110              This directory exists on systems with the IDE  bus.   There  are
2111              directories  for  each  IDE  channel and attached device.  Files
2112              include:
2113
2114                  cache              buffer size in KB
2115                  capacity           number of sectors
2116                  driver             driver version
2117                  geometry           physical and logical geometry
2118                  identify           in hexadecimal
2119                  media              media type
2120                  model              manufacturer's model number
2121                  settings           drive settings
2122                  smart_thresholds   IDE disk management thresholds (in hex)
2123                  smart_values       IDE disk management values (in hex)
2124
2125              The hdparm(8) utility provides access to this information  in  a
2126              friendly format.
2127
2128       /proc/interrupts
2129              This  is  used to record the number of interrupts per CPU per IO
2130              device.  Since Linux 2.6.24, for the i386 and  x86-64  architec‐
2131              tures,  at  least, this also includes interrupts internal to the
2132              system (that is, not associated with a device as such), such  as
2133              NMI  (nonmaskable  interrupt),  LOC (local timer interrupt), and
2134              for SMP systems, TLB (TLB flush  interrupt),  RES  (rescheduling
2135              interrupt),  CAL  (remote function call interrupt), and possibly
2136              others.  Very easy to read formatting, done in ASCII.
2137
2138       /proc/iomem
2139              I/O memory map in Linux 2.4.
2140
2141       /proc/ioports
2142              This is a list of currently registered Input-Output port regions
2143              that are in use.
2144
2145       /proc/kallsyms (since Linux 2.5.71)
2146              This  holds  the  kernel exported symbol definitions used by the
2147              modules(X) tools to dynamically link and bind loadable  modules.
2148              In  Linux  2.5.47 and earlier, a similar file with slightly dif‐
2149              ferent syntax was named ksyms.
2150
2151       /proc/kcore
2152              This file represents the physical memory of the  system  and  is
2153              stored  in the ELF core file format.  With this pseudo-file, and
2154              an unstripped kernel (/usr/src/linux/vmlinux) binary, GDB can be
2155              used to examine the current state of any kernel data structures.
2156
2157              The  total  length  of  the  file is the size of physical memory
2158              (RAM) plus 4 KiB.
2159
2160       /proc/keys (since Linux 2.6.10)
2161              See keyrings(7).
2162
2163       /proc/key-users (since Linux 2.6.10)
2164              See keyrings(7).
2165
2166       /proc/kmsg
2167              This file can be used instead of the syslog(2)  system  call  to
2168              read  kernel messages.  A process must have superuser privileges
2169              to read this file, and only one process should read  this  file.
2170              This  file  should  not  be  read if a syslog process is running
2171              which uses the syslog(2) system call facility to log kernel mes‐
2172              sages.
2173
2174              Information in this file is retrieved with the dmesg(1) program.
2175
2176       /proc/kpagecgroup (since Linux 4.3)
2177              This  file  contains  a 64-bit inode number of the memory cgroup
2178              each page is charged to, indexed by page frame number  (see  the
2179              discussion of /proc/[pid]/pagemap).
2180
2181              The  /proc/kpagecgroup  file is present only if the CONFIG_MEMCG
2182              kernel configuration option is enabled.
2183
2184       /proc/kpagecount (since Linux 2.6.25)
2185              This file contains a 64-bit count of the number  of  times  each
2186              physical page frame is mapped, indexed by page frame number (see
2187              the discussion of /proc/[pid]/pagemap).
2188
2189              The  /proc/kpagecount  file  is  present  only   if   the   CON‐
2190              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2191
2192       /proc/kpageflags (since Linux 2.6.25)
2193              This  file  contains 64-bit masks corresponding to each physical
2194              page frame; it is indexed by page frame number (see the  discus‐
2195              sion of /proc/[pid]/pagemap).  The bits are as follows:
2196
2197                   0 - KPF_LOCKED
2198                   1 - KPF_ERROR
2199                   2 - KPF_REFERENCED
2200                   3 - KPF_UPTODATE
2201                   4 - KPF_DIRTY
2202                   5 - KPF_LRU
2203                   6 - KPF_ACTIVE
2204                   7 - KPF_SLAB
2205                   8 - KPF_WRITEBACK
2206                   9 - KPF_RECLAIM
2207                  10 - KPF_BUDDY
2208                  11 - KPF_MMAP           (since Linux 2.6.31)
2209                  12 - KPF_ANON           (since Linux 2.6.31)
2210                  13 - KPF_SWAPCACHE      (since Linux 2.6.31)
2211                  14 - KPF_SWAPBACKED     (since Linux 2.6.31)
2212                  15 - KPF_COMPOUND_HEAD  (since Linux 2.6.31)
2213                  16 - KPF_COMPOUND_TAIL  (since Linux 2.6.31)
2214                  17 - KPF_HUGE           (since Linux 2.6.31)
2215                  18 - KPF_UNEVICTABLE    (since Linux 2.6.31)
2216                  19 - KPF_HWPOISON       (since Linux 2.6.31)
2217                  20 - KPF_NOPAGE         (since Linux 2.6.31)
2218                  21 - KPF_KSM            (since Linux 2.6.32)
2219                  22 - KPF_THP            (since Linux 3.4)
2220                  23 - KPF_BALLOON        (since Linux 3.18)
2221                  24 - KPF_ZERO_PAGE      (since Linux 4.0)
2222                  25 - KPF_IDLE           (since Linux 4.3)
2223
2224              For  further details on the meanings of these bits, see the ker‐
2225              nel   source   file    Documentation/admin-guide/mm/pagemap.rst.
2226              Before kernel 2.6.29, KPF_WRITEBACK, KPF_RECLAIM, KPF_BUDDY, and
2227              KPF_LOCKED did not report correctly.
2228
2229              The  /proc/kpageflags  file  is  present  only   if   the   CON‐
2230              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2231
2232       /proc/ksyms (Linux 1.1.23–2.5.47)
2233              See /proc/kallsyms.
2234
2235       /proc/loadavg
2236              The  first  three  fields  in this file are load average figures
2237              giving the number of jobs in the run queue (state R) or  waiting
2238              for disk I/O (state D) averaged over 1, 5, and 15 minutes.  They
2239              are the same as the load average numbers given by uptime(1)  and
2240              other  programs.  The fourth field consists of two numbers sepa‐
2241              rated by a slash (/).  The first of these is the number of  cur‐
2242              rently runnable kernel scheduling entities (processes, threads).
2243              The value after the slash is the  number  of  kernel  scheduling
2244              entities that currently exist on the system.  The fifth field is
2245              the PID of the process that was most  recently  created  on  the
2246              system.
2247
2248       /proc/locks
2249              This  file  shows current file locks (flock(2) and fcntl(2)) and
2250              leases (fcntl(2)).
2251
2252              An example of the content shown in this file is the following:
2253
2254                  1: POSIX  ADVISORY  READ  5433 08:01:7864448 128 128
2255                  2: FLOCK  ADVISORY  WRITE 2001 08:01:7864554 0 EOF
2256                  3: FLOCK  ADVISORY  WRITE 1568 00:2f:32388 0 EOF
2257                  4: POSIX  ADVISORY  WRITE 699 00:16:28457 0 EOF
2258                  5: POSIX  ADVISORY  WRITE 764 00:16:21448 0 0
2259                  6: POSIX  ADVISORY  READ  3548 08:01:7867240 1 1
2260                  7: POSIX  ADVISORY  READ  3548 08:01:7865567 1826 2335
2261                  8: OFDLCK ADVISORY  WRITE -1 08:01:8713209 128 191
2262
2263              The fields shown in each line are as follows:
2264
2265              (1) The ordinal position of the lock in the list.
2266
2267              (2) The lock type.  Values that may appear here include:
2268
2269                  FLOCK  This is a BSD file lock created using flock(2).
2270
2271                  OFDLCK This is an open file description (OFD)  lock  created
2272                         using fcntl(2).
2273
2274                  POSIX  This   is  a  POSIX  byte-range  lock  created  using
2275                         fcntl(2).
2276
2277              (3) Among the strings that can appear here are the following:
2278
2279                  ADVISORY
2280                         This is an advisory lock.
2281
2282                  MANDATORY
2283                         This is a mandatory lock.
2284
2285              (4) The type of lock.  Values that can appear here are:
2286
2287                  READ   This is a POSIX or OFD read lock,  or  a  BSD  shared
2288                         lock.
2289
2290                  WRITE  This is a POSIX or OFD write lock, or a BSD exclusive
2291                         lock.
2292
2293              (5) The PID of the process that owns the lock.
2294
2295                  Because OFD locks are not owned by a single  process  (since
2296                  multiple  processes  may have file descriptors that refer to
2297                  the same open file description), the value -1  is  displayed
2298                  in  this  field  for  OFD locks.  (Before kernel 4.14, a bug
2299                  meant that the PID of the process  that  initially  acquired
2300                  the lock was displayed instead of the value -1.)
2301
2302              (6) Three  colon-separated subfields that identify the major and
2303                  minor device ID of  the  device  containing  the  filesystem
2304                  where  the locked file resides, followed by the inode number
2305                  of the locked file.
2306
2307              (7) The byte offset of the first byte  of  the  lock.   For  BSD
2308                  locks, this value is always 0.
2309
2310              (8) The  byte  offset of the last byte of the lock.  EOF in this
2311                  field means that the lock extends to the end  of  the  file.
2312                  For BSD locks, the value shown is always EOF.
2313
2314              Since  Linux 4.9, the list of locks shown in /proc/locks is fil‐
2315              tered to show just the locks for the processes in the PID names‐
2316              pace  (see pid_namespaces(7)) for which the /proc filesystem was
2317              mounted.  (In the initial PID namespace, there is  no  filtering
2318              of the records shown in this file.)
2319
2320              The  lslocks(8)  command  provides  a bit more information about
2321              each lock.
2322
2323       /proc/malloc (only up to and including Linux 2.2)
2324              This file is present only  if  CONFIG_DEBUG_MALLOC  was  defined
2325              during compilation.
2326
2327       /proc/meminfo
2328              This  file  reports statistics about memory usage on the system.
2329              It is used by free(1) to report the amount of free and used mem‐
2330              ory (both physical and swap) on the system as well as the shared
2331              memory and buffers used by the kernel.  Each line  of  the  file
2332              consists  of a parameter name, followed by a colon, the value of
2333              the parameter, and an option unit of measurement  (e.g.,  "kB").
2334              The  list  below  describes  the  parameter names and the format
2335              specifier required to read the field  value.   Except  as  noted
2336              below,  all of the fields have been present since at least Linux
2337              2.6.0.  Some fields are displayed only if the kernel was config‐
2338              ured  with  various options; those dependencies are noted in the
2339              list.
2340
2341              MemTotal %lu
2342                     Total usable RAM (i.e., physical RAM minus a few reserved
2343                     bits and the kernel binary code).
2344
2345              MemFree %lu
2346                     The sum of LowFree+HighFree.
2347
2348              MemAvailable %lu (since Linux 3.14)
2349                     An  estimate of how much memory is available for starting
2350                     new applications, without swapping.
2351
2352              Buffers %lu
2353                     Relatively temporary storage for  raw  disk  blocks  that
2354                     shouldn't get tremendously large (20 MB or so).
2355
2356              Cached %lu
2357                     In-memory  cache  for  files read from the disk (the page
2358                     cache).  Doesn't include SwapCached.
2359
2360              SwapCached %lu
2361                     Memory that once was swapped out, is swapped back in  but
2362                     still  also  is in the swap file.  (If memory pressure is
2363                     high, these pages don't need  to  be  swapped  out  again
2364                     because  they  are  already in the swap file.  This saves
2365                     I/O.)
2366
2367              Active %lu
2368                     Memory that has been used more recently and  usually  not
2369                     reclaimed unless absolutely necessary.
2370
2371              Inactive %lu
2372                     Memory  which  has  been  less recently used.  It is more
2373                     eligible to be reclaimed for other purposes.
2374
2375              Active(anon) %lu (since Linux 2.6.28)
2376                     [To be documented.]
2377
2378              Inactive(anon) %lu (since Linux 2.6.28)
2379                     [To be documented.]
2380
2381              Active(file) %lu (since Linux 2.6.28)
2382                     [To be documented.]
2383
2384              Inactive(file) %lu (since Linux 2.6.28)
2385                     [To be documented.]
2386
2387              Unevictable %lu (since Linux 2.6.28)
2388                     (From Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU  was
2389                     required.)  [To be documented.]
2390
2391              Mlocked %lu (since Linux 2.6.28)
2392                     (From  Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU was
2393                     required.)  [To be documented.]
2394
2395              HighTotal %lu
2396                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2397                     Total  amount  of  highmem.   Highmem is all memory above
2398                     ~860 MB of physical memory.  Highmem areas are for use by
2399                     user-space  programs,  or for the page cache.  The kernel
2400                     must use tricks to access this memory, making  it  slower
2401                     to access than lowmem.
2402
2403              HighFree %lu
2404                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2405                     Amount of free highmem.
2406
2407              LowTotal %lu
2408                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2409                     Total  amount  of  lowmem.  Lowmem is memory which can be
2410                     used for everything that highmem can be used for, but  it
2411                     is  also  available for the kernel's use for its own data
2412                     structures.  Among many other things, it is where  every‐
2413                     thing  from  Slab  is  allocated.  Bad things happen when
2414                     you're out of lowmem.
2415
2416              LowFree %lu
2417                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2418                     Amount of free lowmem.
2419
2420              MmapCopy %lu (since Linux 2.6.29)
2421                     (CONFIG_MMU is required.)  [To be documented.]
2422
2423              SwapTotal %lu
2424                     Total amount of swap space available.
2425
2426              SwapFree %lu
2427                     Amount of swap space that is currently unused.
2428
2429              Dirty %lu
2430                     Memory which is waiting to get written back to the disk.
2431
2432              Writeback %lu
2433                     Memory which is actively being written back to the disk.
2434
2435              AnonPages %lu (since Linux 2.6.18)
2436                     Non-file backed pages mapped into user-space page tables.
2437
2438              Mapped %lu
2439                     Files  which have been mapped into memory (with mmap(2)),
2440                     such as libraries.
2441
2442              Shmem %lu (since Linux 2.6.32)
2443                     Amount of memory consumed in tmpfs(5) filesystems.
2444
2445              KReclaimable %lu (since Linux 4.20)
2446                     Kernel  allocations  that  the  kernel  will  attempt  to
2447                     reclaim  under  memory  pressure.   Includes SReclaimable
2448                     (below), and other direct allocations with a shrinker.
2449
2450              Slab %lu
2451                     In-kernel data structures cache.  (See slabinfo(5).)
2452
2453              SReclaimable %lu (since Linux 2.6.19)
2454                     Part of Slab, that might be reclaimed, such as caches.
2455
2456              SUnreclaim %lu (since Linux 2.6.19)
2457                     Part of Slab, that cannot be reclaimed  on  memory  pres‐
2458                     sure.
2459
2460              KernelStack %lu (since Linux 2.6.32)
2461                     Amount of memory allocated to kernel stacks.
2462
2463              PageTables %lu (since Linux 2.6.18)
2464                     Amount  of  memory  dedicated to the lowest level of page
2465                     tables.
2466
2467              Quicklists %lu (since Linux 2.6.27)
2468                     (CONFIG_QUICKLIST is required.)  [To be documented.]
2469
2470              NFS_Unstable %lu (since Linux 2.6.18)
2471                     NFS pages sent to the server, but not  yet  committed  to
2472                     stable storage.
2473
2474              Bounce %lu (since Linux 2.6.18)
2475                     Memory used for block device "bounce buffers".
2476
2477              WritebackTmp %lu (since Linux 2.6.26)
2478                     Memory used by FUSE for temporary writeback buffers.
2479
2480              CommitLimit %lu (since Linux 2.6.10)
2481                     This is the total amount of memory currently available to
2482                     be allocated on the system, expressed in kilobytes.  This
2483                     limit  is adhered to only if strict overcommit accounting
2484                     is enabled (mode  2  in  /proc/sys/vm/overcommit_memory).
2485                     The   limit   is  calculated  according  to  the  formula
2486                     described under /proc/sys/vm/overcommit_memory.  For fur‐
2487                     ther  details,  see  the  kernel  source  file Documenta‐
2488                     tion/vm/overcommit-accounting.rst.
2489
2490              Committed_AS %lu
2491                     The amount of memory presently allocated on  the  system.
2492                     The  committed memory is a sum of all of the memory which
2493                     has been allocated by processes, even if it has not  been
2494                     "used" by them as of yet.  A process which allocates 1 GB
2495                     of memory (using malloc(3) or similar), but touches  only
2496                     300  MB  of that memory will show up as using only 300 MB
2497                     of memory even if it has the address space allocated  for
2498                     the entire 1 GB.
2499
2500                     This  1 GB is memory which has been "committed" to by the
2501                     VM and can be used at any time by the allocating applica‐
2502                     tion.  With strict overcommit enabled on the system (mode
2503                     2 in /proc/sys/vm/overcommit_memory),  allocations  which
2504                     would exceed the CommitLimit will not be permitted.  This
2505                     is useful if one needs to guarantee that  processes  will
2506                     not  fail due to lack of memory once that memory has been
2507                     successfully allocated.
2508
2509              VmallocTotal %lu
2510                     Total size of vmalloc memory area.
2511
2512              VmallocUsed %lu
2513                     Amount of vmalloc area which is used.  Since  Linux  4.4,
2514                     this  field is no longer calculated, and is hard coded as
2515                     0.  See /proc/vmallocinfo.
2516
2517              VmallocChunk %lu
2518                     Largest contiguous block of vmalloc area which  is  free.
2519                     Since  Linux  4.4, this field is no longer calculated and
2520                     is hard coded as 0.  See /proc/vmallocinfo.
2521
2522              HardwareCorrupted %lu (since Linux 2.6.32)
2523                     (CONFIG_MEMORY_FAILURE is required.)  [To be documented.]
2524
2525              LazyFree %lu (since Linux 4.12)
2526                     Shows  the  amount  of  memory   marked   by   madvise(2)
2527                     MADV_FREE.
2528
2529              AnonHugePages %lu (since Linux 2.6.38)
2530                     (CONFIG_TRANSPARENT_HUGEPAGE   is   required.)   Non-file
2531                     backed huge pages mapped into user-space page tables.
2532
2533              ShmemHugePages %lu (since Linux 4.8)
2534                     (CONFIG_TRANSPARENT_HUGEPAGE is required.)   Memory  used
2535                     by shared memory (shmem) and tmpfs(5) allocated with huge
2536                     pages.
2537
2538              ShmemPmdMapped %lu (since Linux 4.8)
2539                     (CONFIG_TRANSPARENT_HUGEPAGE is required.)  Shared memory
2540                     mapped into user space with huge pages.
2541
2542              CmaTotal %lu (since Linux 3.1)
2543                     Total  CMA  (Contiguous  Memory  Allocator) pages.  (CON‐
2544                     FIG_CMA is required.)
2545
2546              CmaFree %lu (since Linux 3.1)
2547                     Free CMA  (Contiguous  Memory  Allocator)  pages.   (CON‐
2548                     FIG_CMA is required.)
2549
2550              HugePages_Total %lu
2551                     (CONFIG_HUGETLB_PAGE  is required.)  The size of the pool
2552                     of huge pages.
2553
2554              HugePages_Free %lu
2555                     (CONFIG_HUGETLB_PAGE is required.)  The  number  of  huge
2556                     pages in the pool that are not yet allocated.
2557
2558              HugePages_Rsvd %lu (since Linux 2.6.17)
2559                     (CONFIG_HUGETLB_PAGE is required.)  This is the number of
2560                     huge pages for which a commitment to  allocate  from  the
2561                     pool  has been made, but no allocation has yet been made.
2562                     These reserved huge pages guarantee that  an  application
2563                     will  be  able  to  allocate a huge page from the pool of
2564                     huge pages at fault time.
2565
2566              HugePages_Surp %lu (since Linux 2.6.24)
2567                     (CONFIG_HUGETLB_PAGE is required.)  This is the number of
2568                     huge   pages   in   the   pool   above   the   value   in
2569                     /proc/sys/vm/nr_hugepages.  The maximum number of surplus
2570                     huge  pages  is  controlled  by  /proc/sys/vm/nr_overcom‐
2571                     mit_hugepages.
2572
2573              Hugepagesize %lu
2574                     (CONFIG_HUGETLB_PAGE is  required.)   The  size  of  huge
2575                     pages.
2576
2577              DirectMap4k %lu (since Linux 2.6.27)
2578                     Number  of bytes of RAM linearly mapped by kernel in 4 kB
2579                     pages.  (x86.)
2580
2581              DirectMap4M %lu (since Linux 2.6.27)
2582                     Number of bytes of RAM linearly mapped by kernel in 4  MB
2583                     pages.    (x86   with   CONFIG_X86_64  or  CONFIG_X86_PAE
2584                     enabled.)
2585
2586              DirectMap2M %lu (since Linux 2.6.27)
2587                     Number of bytes of RAM linearly mapped by kernel in 2  MB
2588                     pages.    (x86   with   neither  CONFIG_X86_64  nor  CON‐
2589                     FIG_X86_PAE enabled.)
2590
2591              DirectMap1G %lu (since Linux 2.6.27)
2592                     (x86  with  CONFIG_X86_64  and  CONFIG_X86_DIRECT_GBPAGES
2593                     enabled.)
2594
2595       /proc/modules
2596              A  text list of the modules that have been loaded by the system.
2597              See also lsmod(8).
2598
2599       /proc/mounts
2600              Before kernel 2.4.19, this file was a list of all  the  filesys‐
2601              tems  currently mounted on the system.  With the introduction of
2602              per-process mount namespaces in Linux 2.4.19  (see  mount_names‐
2603              paces(7)),  this  file became a link to /proc/self/mounts, which
2604              lists the mount points of the  process's  own  mount  namespace.
2605              The format of this file is documented in fstab(5).
2606
2607       /proc/mtrr
2608              Memory  Type  Range Registers.  See the Linux kernel source file
2609              Documentation/x86/mtrr.txt  (or  Documentation/mtrr.txt   before
2610              Linux 2.6.28) for details.
2611
2612       /proc/net
2613              This  directory  contains  various files and subdirectories con‐
2614              taining information about the networking layer.  The files  con‐
2615              tain  ASCII structures and are, therefore, readable with cat(1).
2616              However, the standard netstat(8)  suite  provides  much  cleaner
2617              access to these files.
2618
2619              With  the  advent  of  network  namespaces,  various information
2620              relating to the network stack is virtualized (see network_names‐
2621              paces(7)).   Thus,  since  Linux 2.6.25, /proc/net is a symbolic
2622              link to the directory /proc/self/net, which  contains  the  same
2623              files and directories as listed below.  However, these files and
2624              directories now expose information for the network namespace  of
2625              which the process is a member.
2626
2627       /proc/net/arp
2628              This  holds  an ASCII readable dump of the kernel ARP table used
2629              for address resolutions.  It will show both dynamically  learned
2630              and preprogrammed ARP entries.  The format is:
2631
2632       IP address     HW type   Flags     HW address          Mask   Device
2633       192.168.0.50   0x1       0x2       00:50:BF:25:68:F3   *      eth0
2634       192.168.0.250  0x1       0xc       00:00:00:00:00:00   *      eth0
2635
2636              Here "IP address" is the IPv4 address of the machine and the "HW
2637              type" is the hardware type of the  address  from  RFC 826.   The
2638              flags are the internal flags of the ARP structure (as defined in
2639              /usr/include/linux/if_arp.h) and the "HW address"  is  the  data
2640              link layer mapping for that IP address if it is known.
2641
2642       /proc/net/dev
2643              The  dev pseudo-file contains network device status information.
2644              This gives the number of received and sent packets,  the  number
2645              of  errors and collisions and other basic statistics.  These are
2646              used by the ifconfig(8) program to report  device  status.   The
2647              format is:
2648
2649 Inter-|   Receive                                                |  Transmit
2650  face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
2651     lo: 2776770   11307    0    0    0     0          0         0  2776770   11307    0    0    0     0       0          0
2652   eth0: 1215645    2751    0    0    0     0          0         0  1782404    4324    0    0    0   427       0          0
2653   ppp0: 1622270    5552    1    0    0     0          0         0   354130    5669    0    0    0     0       0          0
2654   tap0:    7714      81    0    0    0     0          0         0     7714      81    0    0    0     0       0          0
2655
2656       /proc/net/dev_mcast
2657              Defined in /usr/src/linux/net/core/dev_mcast.c:
2658
2659                  indx interface_name  dmi_u dmi_g dmi_address
2660                  2    eth0            1     0     01005e000001
2661                  3    eth1            1     0     01005e000001
2662                  4    eth2            1     0     01005e000001
2663
2664       /proc/net/igmp
2665              Internet     Group     Management    Protocol.     Defined    in
2666              /usr/src/linux/net/core/igmp.c.
2667
2668       /proc/net/rarp
2669              This file uses the same format as the arp file and contains  the
2670              current reverse mapping database used to provide rarp(8) reverse
2671              address lookup services.  If RARP is  not  configured  into  the
2672              kernel, this file will not be present.
2673
2674       /proc/net/raw
2675              Holds  a  dump of the RAW socket table.  Much of the information
2676              is not of use apart from debugging.  The "sl" value is the  ker‐
2677              nel  hash  slot for the socket, the "local_address" is the local
2678              address and protocol number pair.  "St" is the  internal  status
2679              of  the  socket.  The "tx_queue" and "rx_queue" are the outgoing
2680              and incoming data queue in terms of kernel  memory  usage.   The
2681              "tr", "tm->when", and "rexmits" fields are not used by RAW.  The
2682              "uid" field holds the  effective  UID  of  the  creator  of  the
2683              socket.
2684
2685       /proc/net/snmp
2686              This file holds the ASCII data needed for the IP, ICMP, TCP, and
2687              UDP management information bases for an SNMP agent.
2688
2689       /proc/net/tcp
2690              Holds a dump of the TCP socket table.  Much of  the  information
2691              is  not of use apart from debugging.  The "sl" value is the ker‐
2692              nel hash slot for the socket, the "local_address" is  the  local
2693              address  and  port number pair.  The "rem_address" is the remote
2694              address and port number pair (if connected).  "St" is the inter‐
2695              nal status of the socket.  The "tx_queue" and "rx_queue" are the
2696              outgoing and incoming data  queue  in  terms  of  kernel  memory
2697              usage.  The "tr", "tm->when", and "rexmits" fields hold internal
2698              information of the kernel socket state and are useful  only  for
2699              debugging.   The "uid" field holds the effective UID of the cre‐
2700              ator of the socket.
2701
2702       /proc/net/udp
2703              Holds a dump of the UDP socket table.  Much of  the  information
2704              is  not of use apart from debugging.  The "sl" value is the ker‐
2705              nel hash slot for the socket, the "local_address" is  the  local
2706              address  and  port number pair.  The "rem_address" is the remote
2707              address and port number pair (if connected).  "St" is the inter‐
2708              nal status of the socket.  The "tx_queue" and "rx_queue" are the
2709              outgoing and incoming data  queue  in  terms  of  kernel  memory
2710              usage.   The "tr", "tm->when", and "rexmits" fields are not used
2711              by UDP.  The "uid" field holds the effective UID of the  creator
2712              of the socket.  The format is:
2713
2714 sl  local_address rem_address   st tx_queue rx_queue tr rexmits  tm->when uid
2715  1: 01642C89:0201 0C642C89:03FF 01 00000000:00000001 01:000071BA 00000000 0
2716  1: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 6F000100 0
2717  1: 00000000:0201 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0
2718
2719       /proc/net/unix
2720              Lists  the  UNIX  domain  sockets  present within the system and
2721              their status.  The format is:
2722
2723 Num RefCount Protocol Flags    Type St Inode Path
2724  0: 00000002 00000000 00000000 0001 03    42
2725  1: 00000001 00000000 00010000 0001 01  1948 /dev/printer
2726
2727              The fields are as follows:
2728
2729              Num:      the kernel table slot number.
2730
2731              RefCount: the number of users of the socket.
2732
2733              Protocol: currently always 0.
2734
2735              Flags:    the internal kernel flags holding the  status  of  the
2736                        socket.
2737
2738              Type:     the  socket  type.   For  SOCK_STREAM sockets, this is
2739                        0001; for SOCK_DGRAM sockets,  it  is  0002;  and  for
2740                        SOCK_SEQPACKET sockets, it is 0005.
2741
2742              St:       the internal state of the socket.
2743
2744              Inode:    the inode number of the socket.
2745
2746              Path:     the bound pathname (if any) of the socket.  Sockets in
2747                        the abstract namespace are included in the  list,  and
2748                        are  shown with a Path that commences with the charac‐
2749                        ter '@'.
2750
2751       /proc/net/netfilter/nfnetlink_queue
2752              This file contains information about netfilter user-space queue‐
2753              ing,  if  used.  Each line represents a queue.  Queues that have
2754              not been subscribed to by user space are not shown.
2755
2756                     1   4207     0  2 65535     0     0        0  1
2757                    (1)   (2)    (3)(4)  (5)    (6)   (7)      (8)
2758
2759              The fields in each line are:
2760
2761              (1)  The ID of the queue.  This matches what is specified in the
2762                   --queue-num  or  --queue-balance options to the iptables(8)
2763                   NFQUEUE target.  See iptables-extensions(8) for more infor‐
2764                   mation.
2765
2766              (2)  The netlink port ID subscribed to the queue.
2767
2768              (3)  The  number  of  packets currently queued and waiting to be
2769                   processed by the application.
2770
2771              (4)  The copy mode of the queue.  It is either 1 (metadata only)
2772                   or 2 (also copy payload data to user space).
2773
2774              (5)  Copy  range;  that  is,  how  many  bytes of packet payload
2775                   should be copied to user space at most.
2776
2777              (6)  queue dropped.  Number of packets that had to be dropped by
2778                   the kernel because too many packets are already waiting for
2779                   user space to send back the mandatory accept/drop verdicts.
2780
2781              (7)  queue user dropped.  Number of packets  that  were  dropped
2782                   within  the  netlink  subsystem.  Such drops usually happen
2783                   when the corresponding socket buffer is full; that is, user
2784                   space is not able to read messages fast enough.
2785
2786              (8)  sequence  number.  Every queued packet is associated with a
2787                   (32-bit) monotonically-increasing  sequence  number.   This
2788                   shows the ID of the most recent packet queued.
2789
2790              The  last  number  exists  only for compatibility reasons and is
2791              always 1.
2792
2793       /proc/partitions
2794              Contains the major and minor numbers of each partition  as  well
2795              as the number of 1024-byte blocks and the partition name.
2796
2797       /proc/pci
2798              This  is  a  listing of all PCI devices found during kernel ini‐
2799              tialization and their configuration.
2800
2801              This file has been deprecated in favor of a new /proc  interface
2802              for  PCI  (/proc/bus/pci).   It  became  optional  in  Linux 2.2
2803              (available with CONFIG_PCI_OLD_PROC set at kernel  compilation).
2804              It  became  once more nonoptionally enabled in Linux 2.4.  Next,
2805              it was deprecated  in  Linux  2.6  (still  available  with  CON‐
2806              FIG_PCI_LEGACY_PROC  set),  and finally removed altogether since
2807              Linux 2.6.17.
2808
2809       /proc/profile (since Linux 2.4)
2810              This file is present only if the kernel was booted with the pro‐
2811              file=1  command-line option.  It exposes kernel profiling infor‐
2812              mation in a binary format for use  by  readprofile(1).   Writing
2813              (e.g.,  an empty string) to this file resets the profiling coun‐
2814              ters; on some architectures, writing a binary integer "profiling
2815              multiplier"  of  size  sizeof(int)  sets the profiling interrupt
2816              frequency.
2817
2818       /proc/scsi
2819              A directory with the scsi mid-level pseudo-file and various SCSI
2820              low-level driver directories, which contain a file for each SCSI
2821              host in this system, all of which give the status of  some  part
2822              of  the SCSI IO subsystem.  These files contain ASCII structures
2823              and are, therefore, readable with cat(1).
2824
2825              You can also write to some of the files to reconfigure the  sub‐
2826              system or switch certain features on or off.
2827
2828       /proc/scsi/scsi
2829              This  is a listing of all SCSI devices known to the kernel.  The
2830              listing is similar to the one seen  during  bootup.   scsi  cur‐
2831              rently  supports only the add-single-device command which allows
2832              root to add a hotplugged device to the list of known devices.
2833
2834              The command
2835
2836                  echo 'scsi add-single-device 1 0 5 0' > /proc/scsi/scsi
2837
2838              will cause host scsi1 to scan on SCSI channel 0 for a device  on
2839              ID  5 LUN 0.  If there is already a device known on this address
2840              or the address is invalid, an error will be returned.
2841
2842       /proc/scsi/[drivername]
2843              [drivername]  can  currently  be  NCR53c7xx,  aha152x,  aha1542,
2844              aha1740, aic7xxx, buslogic, eata_dma, eata_pio, fdomain, in2000,
2845              pas16, qlogic, scsi_debug, seagate, t128,  u15-24f,  ultrastore,
2846              or  wd7000.  These directories show up for all drivers that reg‐
2847              istered at least one SCSI HBA.   Every  directory  contains  one
2848              file  per  registered  host.  Every host-file is named after the
2849              number the host was assigned during initialization.
2850
2851              Reading these files will usually show driver and host configura‐
2852              tion, statistics, and so on.
2853
2854              Writing  to  these  files  allows  different things on different
2855              hosts.  For example, with the latency  and  nolatency  commands,
2856              root  can  switch on and off command latency measurement code in
2857              the eata_dma driver.  With the lockup and unlock commands,  root
2858              can control bus lockups simulated by the scsi_debug driver.
2859
2860       /proc/self
2861              This  directory  refers  to  the  process  accessing  the  /proc
2862              filesystem, and is identical to the /proc directory named by the
2863              process ID of the same process.
2864
2865       /proc/slabinfo
2866              Information about kernel caches.  See slabinfo(5) for details.
2867
2868       /proc/stat
2869              kernel/system  statistics.   Varies  with  architecture.  Common
2870              entries include:
2871
2872              cpu 10132153 290696 3084719 46828483 16683 0 25195 0 175628 0
2873              cpu0 1393280 32966 572056 13343292 6130 0 17875 0 23933 0
2874                     The  amount  of  time,  measured  in  units  of   USER_HZ
2875                     (1/100ths   of   a  second  on  most  architectures,  use
2876                     sysconf(_SC_CLK_TCK) to obtain the right value), that the
2877                     system  ("cpu"  line)  or  the specific CPU ("cpuN" line)
2878                     spent in various states:
2879
2880                     user   (1) Time spent in user mode.
2881
2882                     nice   (2) Time spent in  user  mode  with  low  priority
2883                            (nice).
2884
2885                     system (3) Time spent in system mode.
2886
2887                     idle   (4)  Time  spent  in  the  idle  task.  This value
2888                            should be USER_HZ times the second  entry  in  the
2889                            /proc/uptime pseudo-file.
2890
2891                     iowait (since Linux 2.5.41)
2892                            (5)  Time waiting for I/O to complete.  This value
2893                            is not reliable, for the following reasons:
2894
2895                            1. The CPU will not  wait  for  I/O  to  complete;
2896                               iowait  is  the time that a task is waiting for
2897                               I/O to complete.  When a  CPU  goes  into  idle
2898                               state  for  outstanding  task I/O, another task
2899                               will be scheduled on this CPU.
2900
2901                            2. On a multi-core CPU, the task waiting  for  I/O
2902                               to  complete  is not running on any CPU, so the
2903                               iowait of each CPU is difficult to calculate.
2904
2905                            3. The value in this field may decrease in certain
2906                               conditions.
2907
2908                     irq (since Linux 2.6.0)
2909                            (6) Time servicing interrupts.
2910
2911                     softirq (since Linux 2.6.0)
2912                            (7) Time servicing softirqs.
2913
2914                     steal (since Linux 2.6.11)
2915                            (8)  Stolen time, which is the time spent in other
2916                            operating systems when running  in  a  virtualized
2917                            environment
2918
2919                     guest (since Linux 2.6.24)
2920                            (9)  Time  spent  running  a virtual CPU for guest
2921                            operating systems under the control of  the  Linux
2922                            kernel.
2923
2924                     guest_nice (since Linux 2.6.33)
2925                            (10) Time spent running a niced guest (virtual CPU
2926                            for guest operating systems under the  control  of
2927                            the Linux kernel).
2928
2929              page 5741 1808
2930                     The  number  of  pages the system paged in and the number
2931                     that were paged out (from disk).
2932
2933              swap 1 0
2934                     The number of swap pages that have been  brought  in  and
2935                     out.
2936
2937              intr 1462898
2938                     This  line shows counts of interrupts serviced since boot
2939                     time, for each of the possible  system  interrupts.   The
2940                     first  column  is  the  total  of all interrupts serviced
2941                     including unnumbered  architecture  specific  interrupts;
2942                     each  subsequent  column is the total for that particular
2943                     numbered interrupt.  Unnumbered interrupts are not shown,
2944                     only summed into the total.
2945
2946              disk_io: (2,0):(31,30,5764,1,2) (3,0):...
2947                     (major,disk_idx):(noinfo,     read_io_ops,     blks_read,
2948                     write_io_ops, blks_written)
2949                     (Linux 2.4 only)
2950
2951              ctxt 115315
2952                     The number of context switches that the system underwent.
2953
2954              btime 769041601
2955                     boot  time,  in  seconds  since  the  Epoch,   1970-01-01
2956                     00:00:00 +0000 (UTC).
2957
2958              processes 86031
2959                     Number of forks since boot.
2960
2961              procs_running 6
2962                     Number  of  processes  in  runnable state.  (Linux 2.5.45
2963                     onward.)
2964
2965              procs_blocked 2
2966                     Number of processes blocked waiting for I/O to  complete.
2967                     (Linux 2.5.45 onward.)
2968
2969              softirq  229245889 94 60001584 13619 5175704 2471304 28 51212741
2970              59130143 0 51240672
2971                     This line shows the number of softirq for all CPUs.   The
2972                     first column is the total of all softirqs and each subse‐
2973                     quent column is the total for particular softirq.  (Linux
2974                     2.6.31 onward.)
2975
2976       /proc/swaps
2977              Swap areas in use.  See also swapon(8).
2978
2979       /proc/sys
2980              This directory (present since 1.3.57) contains a number of files
2981              and subdirectories corresponding  to  kernel  variables.   These
2982              variables  can  be  read  and sometimes modified using the /proc
2983              filesystem, and the (deprecated) sysctl(2) system call.
2984
2985              String values may be terminated by either '\0' or '\n'.
2986
2987              Integer and long values may be written either in decimal  or  in
2988              hexadecimal notation (e.g. 0x3FFF).  When writing multiple inte‐
2989              ger or long values, these may be separated by any of the follow‐
2990              ing whitespace characters: ' ', '\t', or '\n'.  Using other sep‐
2991              arators leads to the error EINVAL.
2992
2993       /proc/sys/abi (since Linux 2.4.10)
2994              This directory may contain files with application binary  infor‐
2995              mation.    See   the   Linux   kernel   source  file  Documenta‐
2996              tion/sysctl/abi.txt for more information.
2997
2998       /proc/sys/debug
2999              This directory may be empty.
3000
3001       /proc/sys/dev
3002              This  directory  contains  device-specific  information   (e.g.,
3003              dev/cdrom/info).  On some systems, it may be empty.
3004
3005       /proc/sys/fs
3006              This  directory contains the files and subdirectories for kernel
3007              variables related to filesystems.
3008
3009       /proc/sys/fs/aio-max-nr and /proc/sys/fs/aio-nr (since Linux 2.6.4)
3010              aio-nr is the running total of the number of events specified by
3011              io_setup(2)  calls  for  all  currently active AIO contexts.  If
3012              aio-nr reaches aio-max-nr, then io_setup(2) will fail  with  the
3013              error  EAGAIN.  Raising aio-max-nr does not result in the preal‐
3014              location or resizing of any kernel data structures.
3015
3016       /proc/sys/fs/binfmt_misc
3017              Documentation for files in this directory can be  found  in  the
3018              Linux     kernel     source     in     the    file    Documenta‐
3019              tion/admin-guide/binfmt-misc.rst     (or      in      Documenta‐
3020              tion/binfmt_misc.txt on older kernels).
3021
3022       /proc/sys/fs/dentry-state (since Linux 2.2)
3023              This file contains information about the status of the directory
3024              cache (dcache).   The  file  contains  six  numbers,  nr_dentry,
3025              nr_unused,   age_limit   (age  in  seconds),  want_pages  (pages
3026              requested by system) and two dummy values.
3027
3028              * nr_dentry  is  the  number  of  allocated   dentries   (dcache
3029                entries).  This field is unused in Linux 2.2.
3030
3031              * nr_unused is the number of unused dentries.
3032
3033              * age_limit is the age in seconds after which dcache entries can
3034                be reclaimed when memory is short.
3035
3036              * want_pages   is   nonzero   when   the   kernel   has   called
3037                shrink_dcache_pages() and the dcache isn't pruned yet.
3038
3039       /proc/sys/fs/dir-notify-enable
3040              This file can be used to disable or enable the dnotify interface
3041              described in fcntl(2) on a system-wide basis.  A value of  0  in
3042              this file disables the interface, and a value of 1 enables it.
3043
3044       /proc/sys/fs/dquot-max
3045              This file shows the maximum number of cached disk quota entries.
3046              On some (2.4) systems, it is not present.  If the number of free
3047              cached  disk quota entries is very low and you have some awesome
3048              number of simultaneous system users, you might want to raise the
3049              limit.
3050
3051       /proc/sys/fs/dquot-nr
3052              This  file  shows the number of allocated disk quota entries and
3053              the number of free disk quota entries.
3054
3055       /proc/sys/fs/epoll (since Linux 2.6.28)
3056              This directory contains the file max_user_watches, which can  be
3057              used  to limit the amount of kernel memory consumed by the epoll
3058              interface.  For further details, see epoll(7).
3059
3060       /proc/sys/fs/file-max
3061              This file defines a system-wide limit  on  the  number  of  open
3062              files for all processes.  System calls that fail when encounter‐
3063              ing this limit fail with the  error  ENFILE.   (See  also  setr‐
3064              limit(2),  which can be used by a process to set the per-process
3065              limit, RLIMIT_NOFILE, on the number of files it may  open.)   If
3066              you  get  lots of error messages in the kernel log about running
3067              out of file handles (look  for  "VFS:  file-max  limit  <number>
3068              reached"), try increasing this value:
3069
3070                  echo 100000 > /proc/sys/fs/file-max
3071
3072              Privileged  processes  (CAP_SYS_ADMIN) can override the file-max
3073              limit.
3074
3075       /proc/sys/fs/file-nr
3076              This (read-only) file contains  three  numbers:  the  number  of
3077              allocated  file  handles  (i.e.,  the  number of files presently
3078              opened); the number of free file handles; and the maximum number
3079              of file handles (i.e., the same value as /proc/sys/fs/file-max).
3080              If the number of allocated file handles is close to the maximum,
3081              you  should  consider increasing the maximum.  Before Linux 2.6,
3082              the kernel allocated file handles  dynamically,  but  it  didn't
3083              free  them  again.  Instead the free file handles were kept in a
3084              list for reallocation; the "free file handles"  value  indicates
3085              the  size  of  that  list.   A large number of free file handles
3086              indicates that there was a past peak in the usage of  open  file
3087              handles.  Since Linux 2.6, the kernel does deallocate freed file
3088              handles, and the "free file handles" value is always zero.
3089
3090       /proc/sys/fs/inode-max (only present until Linux 2.2)
3091              This file contains the maximum number of in-memory inodes.  This
3092              value  should  be  3–4  times larger than the value in file-max,
3093              since stdin, stdout and network sockets also need  an  inode  to
3094              handle  them.  When you regularly run out of inodes, you need to
3095              increase this value.
3096
3097              Starting with Linux 2.4, there is no longer a  static  limit  on
3098              the number of inodes, and this file is removed.
3099
3100       /proc/sys/fs/inode-nr
3101              This file contains the first two values from inode-state.
3102
3103       /proc/sys/fs/inode-state
3104              This  file  contains  seven  numbers: nr_inodes, nr_free_inodes,
3105              preshrink, and four dummy values (always zero).
3106
3107              nr_inodes is the number of  inodes  the  system  has  allocated.
3108              nr_free_inodes represents the number of free inodes.
3109
3110              preshrink is nonzero when the nr_inodes > inode-max and the sys‐
3111              tem needs to prune the inode list instead  of  allocating  more;
3112              since Linux 2.4, this field is a dummy value (always zero).
3113
3114       /proc/sys/fs/inotify (since Linux 2.6.13)
3115              This     directory     contains     files     max_queued_events,
3116              max_user_instances, and max_user_watches, that can  be  used  to
3117              limit the amount of kernel memory consumed by the inotify inter‐
3118              face.  For further details, see inotify(7).
3119
3120       /proc/sys/fs/lease-break-time
3121              This file specifies the grace period that the kernel grants to a
3122              process holding a file lease (fcntl(2)) after it has sent a sig‐
3123              nal to that process notifying it that another process is waiting
3124              to  open the file.  If the lease holder does not remove or down‐
3125              grade the lease within this grace period,  the  kernel  forcibly
3126              breaks the lease.
3127
3128       /proc/sys/fs/leases-enable
3129              This  file  can  be  used  to  enable  or  disable  file  leases
3130              (fcntl(2)) on a system-wide basis.  If this  file  contains  the
3131              value 0, leases are disabled.  A nonzero value enables leases.
3132
3133       /proc/sys/fs/mount-max (since Linux 4.9)
3134              The  value  in  this file specifies the maximum number of mounts
3135              that may exist in a mount namespace.  The default value in  this
3136              file is 100,000.
3137
3138       /proc/sys/fs/mqueue (since Linux 2.6.6)
3139              This   directory   contains   files  msg_max,  msgsize_max,  and
3140              queues_max, controlling the  resources  used  by  POSIX  message
3141              queues.  See mq_overview(7) for details.
3142
3143       /proc/sys/fs/nr_open (since Linux 2.6.25)
3144              This   file  imposes  a  ceiling  on  the  value  to  which  the
3145              RLIMIT_NOFILE resource limit can be raised  (see  getrlimit(2)).
3146              This  ceiling  is  enforced for both unprivileged and privileged
3147              process.  The default value in this file  is  1048576.   (Before
3148              Linux  2.6.25,  the  ceiling for RLIMIT_NOFILE was hard-coded to
3149              the same value.)
3150
3151       /proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid
3152              These files allow you to change the value of the fixed  UID  and
3153              GID.   The  default  is  65534.   Some  filesystems support only
3154              16-bit UIDs and GIDs, although in Linux UIDs  and  GIDs  are  32
3155              bits.   When  one  of  these  filesystems is mounted with writes
3156              enabled, any UID or GID that would exceed 65535 is translated to
3157              the overflow value before being written to disk.
3158
3159       /proc/sys/fs/pipe-max-size (since Linux 2.6.35)
3160              See pipe(7).
3161
3162       /proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)
3163              See pipe(7).
3164
3165       /proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)
3166              See pipe(7).
3167
3168       /proc/sys/fs/protected_fifos (since Linux 4.19)
3169              The value in this file is/can be set to one of the following:
3170
3171              0   Writing to FIFOs is unrestricted.
3172
3173              1   Don't allow O_CREAT open(2) on FIFOs that the caller doesn't
3174                  own in world-writable sticky directories, unless the FIFO is
3175                  owned by the owner of the directory.
3176
3177              2   As  for  the  value  1,  but the restriction also applies to
3178                  group-writable sticky directories.
3179
3180              The intent of the above protections is  to  avoid  unintentional
3181              writes to an attacker-controlled FIFO when a program expected to
3182              create a regular file.
3183
3184       /proc/sys/fs/protected_hardlinks (since Linux 3.6)
3185              When the value in this file is 0, no restrictions are placed  on
3186              the  creation of hard links (i.e., this is the historical behav‐
3187              ior before Linux 3.6).  When the value in this file is 1, a hard
3188              link  can be created to a target file only if one of the follow‐
3189              ing conditions is true:
3190
3191              *  The calling process has the CAP_FOWNER capability in its user
3192                 namespace and the file UID has a mapping in the namespace.
3193
3194              *  The  filesystem  UID of the process creating the link matches
3195                 the owner (UID) of the target file (as described  in  creden‐
3196                 tials(7),  a process's filesystem UID is normally the same as
3197                 its effective UID).
3198
3199              *  All of the following conditions are true:
3200
3201                  ·  the target is a regular file;
3202
3203                  ·  the target file does not have its  set-user-ID  mode  bit
3204                     enabled;
3205
3206                  ·  the  target  file does not have both its set-group-ID and
3207                     group-executable mode bits enabled; and
3208
3209                  ·  the caller has permission to read and  write  the  target
3210                     file  (either  via the file's permissions mask or because
3211                     it has suitable capabilities).
3212
3213              The default value in this file is 0.  Setting  the  value  to  1
3214              prevents a longstanding class of security issues caused by hard-
3215              link-based time-of-check, time-of-use races, most commonly  seen
3216              in  world-writable  directories such as /tmp.  The common method
3217              of exploiting this flaw is to cross  privilege  boundaries  when
3218              following a given hard link (i.e., a root process follows a hard
3219              link created by another user).  Additionally, on systems without
3220              separated  partitions,  this stops unauthorized users from "pin‐
3221              ning" vulnerable  set-user-ID  and  set-group-ID  files  against
3222              being  upgraded  by  the  administrator,  or  linking to special
3223              files.
3224
3225       /proc/sys/fs/protected_regular (since Linux 4.19)
3226              The value in this file is/can be set to one of the following:
3227
3228              0   Writing to regular files is unrestricted.
3229
3230              1   Don't allow O_CREAT open(2) on regular files that the caller
3231                  doesn't own in world-writable sticky directories, unless the
3232                  regular file is owned by the owner of the directory.
3233
3234              2   As for the value 1, but  the  restriction  also  applies  to
3235                  group-writable sticky directories.
3236
3237              The   intent  of  the  above  protections  is  similar  to  pro‐
3238              tected_fifos, but allows an application to avoid  writes  to  an
3239              attacker-controlled regular file, where the application expected
3240              to create one.
3241
3242       /proc/sys/fs/protected_symlinks (since Linux 3.6)
3243              When the value in this file is 0, no restrictions are placed  on
3244              following  symbolic links (i.e., this is the historical behavior
3245              before Linux 3.6).  When the value in this file is  1,  symbolic
3246              links are followed only in the following circumstances:
3247
3248              *  the  filesystem UID of the process following the link matches
3249                 the owner (UID) of the symbolic link (as described in creden‐
3250                 tials(7),  a process's filesystem UID is normally the same as
3251                 its effective UID);
3252
3253              *  the link is not in a sticky world-writable directory; or
3254
3255              *  the symbolic link and its  parent  directory  have  the  same
3256                 owner (UID)
3257
3258              A  system  call  that fails to follow a symbolic link because of
3259              the above restrictions returns the error EACCES in errno.
3260
3261              The default value in this file is 0.  Setting  the  value  to  1
3262              avoids a longstanding class of security issues based on time-of-
3263              check, time-of-use races when accessing symbolic links.
3264
3265       /proc/sys/fs/suid_dumpable (since Linux 2.6.13)
3266              The value in this file is assigned  to  a  process's  "dumpable"
3267              flag in the circumstances described in prctl(2).  In effect, the
3268              value in this file determines whether core dump files  are  pro‐
3269              duced  for  set-user-ID or otherwise protected/tainted binaries.
3270              The "dumpable" setting also affects the ownership of files in  a
3271              process's /proc/[pid] directory, as described above.
3272
3273              Three different integer values can be specified:
3274
3275              0 (default)
3276                     This  provides  the traditional (pre-Linux 2.6.13) behav‐
3277                     ior.  A core dump will not  be  produced  for  a  process
3278                     which  has  changed  credentials  (by calling seteuid(2),
3279                     setgid(2), or similar, or by executing a  set-user-ID  or
3280                     set-group-ID  program) or whose binary does not have read
3281                     permission enabled.
3282
3283              1 ("debug")
3284                     All processes dump core when possible.   (Reasons  why  a
3285                     process might nevertheless not dump core are described in
3286                     core(5).)  The core dump is owned by the filesystem  user
3287                     ID  of  the  dumping  process and no security is applied.
3288                     This is intended for system  debugging  situations  only:
3289                     this  mode  is  insecure  because  it allows unprivileged
3290                     users to examine the memory contents of  privileged  pro‐
3291                     cesses.
3292
3293              2 ("suidsafe")
3294                     Any  binary  which  normally would not be dumped (see "0"
3295                     above) is dumped readable by root only.  This allows  the
3296                     user  to  remove  the  core dump file but not to read it.
3297                     For security reasons core dumps in  this  mode  will  not
3298                     overwrite  one  another  or  other  files.   This mode is
3299                     appropriate when administrators are attempting  to  debug
3300                     problems in a normal environment.
3301
3302                     Additionally, since Linux 3.6, /proc/sys/kernel/core_pat‐
3303                     tern must either be an absolute pathname or a  pipe  com‐
3304                     mand,  as  detailed in core(5).  Warnings will be written
3305                     to the kernel log if core_pattern does not  follow  these
3306                     rules, and no core dump will be produced.
3307
3308              For  details  of the effect of a process's "dumpable" setting on
3309              ptrace access mode checking, see ptrace(2).
3310
3311       /proc/sys/fs/super-max
3312              This file controls the maximum number of superblocks,  and  thus
3313              the  maximum  number of mounted filesystems the kernel can have.
3314              You need increase only super-max  if  you  need  to  mount  more
3315              filesystems than the current value in super-max allows you to.
3316
3317       /proc/sys/fs/super-nr
3318              This file contains the number of filesystems currently mounted.
3319
3320       /proc/sys/kernel
3321              This  directory  contains  files  controlling  a range of kernel
3322              parameters, as described below.
3323
3324       /proc/sys/kernel/acct
3325              This file contains three numbers: highwater, lowwater, and  fre‐
3326              quency.   If BSD-style process accounting is enabled, these val‐
3327              ues control its behavior.  If free space on filesystem where the
3328              log  lives goes below lowwater percent, accounting suspends.  If
3329              free space gets above  highwater  percent,  accounting  resumes.
3330              frequency  determines  how often the kernel checks the amount of
3331              free space (value is in seconds).  Default values are 4,  2  and
3332              30.   That  is,  suspend accounting if 2% or less space is free;
3333              resume it if 4% or more  space  is  free;  consider  information
3334              about amount of free space valid for 30 seconds.
3335
3336       /proc/sys/kernel/auto_msgmni (Linux 2.6.27 to 3.18)
3337              From  Linux 2.6.27 to 3.18, this file was used to control recom‐
3338              puting of the value in /proc/sys/kernel/msgmni upon the addition
3339              or  removal  of  memory  or upon IPC namespace creation/removal.
3340              Echoing "1" into this file enabled msgmni automatic  recomputing
3341              (and  triggered  a  recomputation of msgmni based on the current
3342              amount of available memory and number of IPC namespaces).  Echo‐
3343              ing  "0" disabled automatic recomputing.  (Automatic recomputing
3344              was  also  disabled  if  a  value  was  explicitly  assigned  to
3345              /proc/sys/kernel/msgmni.)   The default value in auto_msgmni was
3346              1.
3347
3348              Since Linux 3.19,  the  content  of  this  file  has  no  effect
3349              (because  msgmni  defaults  to near the maximum value possible),
3350              and reads from this file always return the value "0".
3351
3352       /proc/sys/kernel/cap_last_cap (since Linux 3.2)
3353              See capabilities(7).
3354
3355       /proc/sys/kernel/cap-bound (from Linux 2.2 to 2.6.24)
3356              This file holds the value of the kernel capability bounding  set
3357              (expressed  as  a  signed  decimal  number).   This set is ANDed
3358              against  the  capabilities  permitted  to   a   process   during
3359              execve(2).  Starting with Linux 2.6.25, the system-wide capabil‐
3360              ity bounding set disappeared, and was replaced by  a  per-thread
3361              bounding set; see capabilities(7).
3362
3363       /proc/sys/kernel/core_pattern
3364              See core(5).
3365
3366       /proc/sys/kernel/core_pipe_limit
3367              See core(5).
3368
3369       /proc/sys/kernel/core_uses_pid
3370              See core(5).
3371
3372       /proc/sys/kernel/ctrl-alt-del
3373              This  file  controls  the handling of Ctrl-Alt-Del from the key‐
3374              board.  When the value  in  this  file  is  0,  Ctrl-Alt-Del  is
3375              trapped  and  sent  to  the init(1) program to handle a graceful
3376              restart.  When the value is greater than zero, Linux's  reaction
3377              to  a Vulcan Nerve Pinch (tm) will be an immediate reboot, with‐
3378              out even syncing its dirty buffers.  Note: when a program  (like
3379              dosemu)  has  the  keyboard  in  "raw" mode, the ctrl-alt-del is
3380              intercepted by the program before it ever reaches the kernel tty
3381              layer, and it's up to the program to decide what to do with it.
3382
3383       /proc/sys/kernel/dmesg_restrict (since Linux 2.6.37)
3384              The value in this file determines who can see kernel syslog con‐
3385              tents.  A value of 0 in this file imposes no  restrictions.   If
3386              the  value  is 1, only privileged users can read the kernel sys‐
3387              log.  (See syslog(2) for more details.)  Since Linux  3.4,  only
3388              users  with the CAP_SYS_ADMIN capability may change the value in
3389              this file.
3390
3391       /proc/sys/kernel/domainname and /proc/sys/kernel/hostname
3392              can be used to set the NIS/YP domainname  and  the  hostname  of
3393              your  box  in exactly the same way as the commands domainname(1)
3394              and hostname(1), that is:
3395
3396                  # echo 'darkstar' > /proc/sys/kernel/hostname
3397                  # echo 'mydomain' > /proc/sys/kernel/domainname
3398
3399              has the same effect as
3400
3401                  # hostname 'darkstar'
3402                  # domainname 'mydomain'
3403
3404              Note, however, that the classic darkstar.frop.org has the  host‐
3405              name "darkstar" and DNS (Internet Domain Name Server) domainname
3406              "frop.org", not to be confused with the NIS (Network Information
3407              Service)  or  YP  (Yellow  Pages)  domainname.  These two domain
3408              names are in general different.  For a detailed  discussion  see
3409              the hostname(1) man page.
3410
3411       /proc/sys/kernel/hotplug
3412              This  file  contains  the pathname for the hotplug policy agent.
3413              The default value in this file is /sbin/hotplug.
3414
3415       /proc/sys/kernel/htab-reclaim (before Linux 2.4.9.2)
3416              (PowerPC only) If this file is set to a nonzero value, the  Pow‐
3417              erPC  htab  (see kernel file Documentation/powerpc/ppc_htab.txt)
3418              is pruned each time the system hits the idle loop.
3419
3420       /proc/sys/kernel/keys/*
3421              This directory contains various files that define parameters and
3422              limits   for  the  key-management  facility.   These  files  are
3423              described in keyrings(7).
3424
3425       /proc/sys/kernel/kptr_restrict (since Linux 2.6.38)
3426              The value in this file determines whether kernel  addresses  are
3427              exposed  via  /proc files and other interfaces.  A value of 0 in
3428              this file imposes no restrictions.  If the value  is  1,  kernel
3429              pointers printed using the %pK format specifier will be replaced
3430              with zeros unless the user has the  CAP_SYSLOG  capability.   If
3431              the  value  is  2,  kernel pointers printed using the %pK format
3432              specifier will be replaced with zeros regardless of  the  user's
3433              capabilities.   The  initial  default value for this file was 1,
3434              but the default was changed to 0 in Linux 2.6.39.   Since  Linux
3435              3.4, only users with the CAP_SYS_ADMIN capability can change the
3436              value in this file.
3437
3438       /proc/sys/kernel/l2cr
3439              (PowerPC only) This file contains a flag that  controls  the  L2
3440              cache  of  G3  processor  boards.   If 0, the cache is disabled.
3441              Enabled if nonzero.
3442
3443       /proc/sys/kernel/modprobe
3444              This file contains the pathname for the  kernel  module  loader.
3445              The  default  value is /sbin/modprobe.  The file is present only
3446              if the kernel is built with the CONFIG_MODULES  (CONFIG_KMOD  in
3447              Linux  2.6.26  and  earlier) option enabled.  It is described by
3448              the Linux kernel  source  file  Documentation/kmod.txt  (present
3449              only in kernel 2.4 and earlier).
3450
3451       /proc/sys/kernel/modules_disabled (since Linux 2.6.31)
3452              A toggle value indicating if modules are allowed to be loaded in
3453              an otherwise modular kernel.  This toggle defaults to  off  (0),
3454              but  can  be  set  true  (1).  Once true, modules can be neither
3455              loaded nor unloaded, and the toggle cannot be set back to false.
3456              The  file  is  present only if the kernel is built with the CON‐
3457              FIG_MODULES option enabled.
3458
3459       /proc/sys/kernel/msgmax (since Linux 2.2)
3460              This file defines a system-wide  limit  specifying  the  maximum
3461              number  of  bytes in a single message written on a System V mes‐
3462              sage queue.
3463
3464       /proc/sys/kernel/msgmni (since Linux 2.4)
3465              This file defines the system-wide limit on the number of message
3466              queue identifiers.  See also /proc/sys/kernel/auto_msgmni.
3467
3468       /proc/sys/kernel/msgmnb (since Linux 2.2)
3469              This file defines a system-wide parameter used to initialize the
3470              msg_qbytes setting for subsequently created message queues.  The
3471              msg_qbytes  setting  specifies  the maximum number of bytes that
3472              may be written to the message queue.
3473
3474       /proc/sys/kernel/ngroups_max (since Linux 2.6.4)
3475              This is a read-only file that displays the upper  limit  on  the
3476              number of a process's group memberships.
3477
3478       /proc/sys/kernel/ns_last_pid (since Linux 3.3)
3479              See pid_namespaces(7).
3480
3481       /proc/sys/kernel/ostype and /proc/sys/kernel/osrelease
3482              These files give substrings of /proc/version.
3483
3484       /proc/sys/kernel/overflowgid and /proc/sys/kernel/overflowuid
3485              These  files  duplicate  the  files /proc/sys/fs/overflowgid and
3486              /proc/sys/fs/overflowuid.
3487
3488       /proc/sys/kernel/panic
3489              This  file  gives  read/write  access  to  the  kernel  variable
3490              panic_timeout.   If  this  is  zero,  the  kernel will loop on a
3491              panic; if nonzero, it indicates that the kernel  should  autore‐
3492              boot  after  this  number of seconds.  When you use the software
3493              watchdog device driver, the recommended setting is 60.
3494
3495       /proc/sys/kernel/panic_on_oops (since Linux 2.5.68)
3496              This file controls the kernel's behavior when an oops or BUG  is
3497              encountered.   If this file contains 0, then the system tries to
3498              continue operation.  If it contains 1, then the system delays  a
3499              few  seconds  (to give klogd time to record the oops output) and
3500              then  panics.   If  the  /proc/sys/kernel/panic  file  is   also
3501              nonzero, then the machine will be rebooted.
3502
3503       /proc/sys/kernel/pid_max (since Linux 2.5.34)
3504              This  file  specifies the value at which PIDs wrap around (i.e.,
3505              the value in this file is one greater  than  the  maximum  PID).
3506              PIDs  greater than this value are not allocated; thus, the value
3507              in this file also acts as a system-wide limit on the total  num‐
3508              ber  of processes and threads.  The default value for this file,
3509              32768, results in the same range of PIDs as on earlier  kernels.
3510              On 32-bit platforms, 32768 is the maximum value for pid_max.  On
3511              64-bit systems, pid_max can be set  to  any  value  up  to  2^22
3512              (PID_MAX_LIMIT, approximately 4 million).
3513
3514       /proc/sys/kernel/powersave-nap (PowerPC only)
3515              This file contains a flag.  If set, Linux-PPC will use the "nap"
3516              mode of powersaving, otherwise the "doze" mode will be used.
3517
3518       /proc/sys/kernel/printk
3519              See syslog(2).
3520
3521       /proc/sys/kernel/pty (since Linux 2.6.4)
3522              This directory contains two files relating to the number of UNIX
3523              98 pseudoterminals (see pts(4)) on the system.
3524
3525       /proc/sys/kernel/pty/max
3526              This file defines the maximum number of pseudoterminals.
3527
3528       /proc/sys/kernel/pty/nr
3529              This  read-only file indicates how many pseudoterminals are cur‐
3530              rently in use.
3531
3532       /proc/sys/kernel/random
3533              This directory contains various parameters controlling the oper‐
3534              ation of the file /dev/random.  See random(4) for further infor‐
3535              mation.
3536
3537       /proc/sys/kernel/random/uuid (since Linux 2.4)
3538              Each read from this read-only file returns a randomly  generated
3539              128-bit UUID, as a string in the standard UUID format.
3540
3541       /proc/sys/kernel/randomize_va_space (since Linux 2.6.12)
3542              Select  the address space layout randomization (ASLR) policy for
3543              the system (on architectures that support ASLR).   Three  values
3544              are supported for this file:
3545
3546              0  Turn  ASLR  off.   This is the default for architectures that
3547                 don't support ASLR, and when the kernel is  booted  with  the
3548                 norandmaps parameter.
3549
3550              1  Make the addresses of mmap(2) allocations, the stack, and the
3551                 VDSO page randomized.  Among other things,  this  means  that
3552                 shared libraries will be loaded at randomized addresses.  The
3553                 text segment of PIE-linked binaries will also be loaded at  a
3554                 randomized  address.  This value is the default if the kernel
3555                 was configured with CONFIG_COMPAT_BRK.
3556
3557              2  (Since Linux 2.6.25) Also support heap  randomization.   This
3558                 value  is  the  default if the kernel was not configured with
3559                 CONFIG_COMPAT_BRK.
3560
3561       /proc/sys/kernel/real-root-dev
3562              This file is documented in the Linux kernel source file Documen‐
3563              tation/admin-guide/initrd.rst    (or    Documentation/initrd.txt
3564              before Linux 4.10).
3565
3566       /proc/sys/kernel/reboot-cmd (Sparc only)
3567              This file seems to be a way to give an  argument  to  the  SPARC
3568              ROM/Flash  boot  loader.   Maybe  to  tell  it  what to do after
3569              rebooting?
3570
3571       /proc/sys/kernel/rtsig-max
3572              (Only in kernels up to and including  2.6.7;  see  setrlimit(2))
3573              This  file can be used to tune the maximum number of POSIX real-
3574              time (queued) signals that can be outstanding in the system.
3575
3576       /proc/sys/kernel/rtsig-nr
3577              (Only in kernels up to and including 2.6.7.)   This  file  shows
3578              the number of POSIX real-time signals currently queued.
3579
3580       /proc/[pid]/sched_autogroup_enabled (since Linux 2.6.38)
3581              See sched(7).
3582
3583       /proc/sys/kernel/sched_child_runs_first (since Linux 2.6.23)
3584              If this file contains the value zero, then, after a fork(2), the
3585              parent is first scheduled on the CPU.  If the  file  contains  a
3586              nonzero  value,  then  the  child is scheduled first on the CPU.
3587              (Of course, on a multiprocessor system, the parent and the child
3588              might both immediately be scheduled on a CPU.)
3589
3590       /proc/sys/kernel/sched_rr_timeslice_ms (since Linux 3.9)
3591              See sched_rr_get_interval(2).
3592
3593       /proc/sys/kernel/sched_rt_period_us (since Linux 2.6.25)
3594              See sched(7).
3595
3596       /proc/sys/kernel/sched_rt_runtime_us (since Linux 2.6.25)
3597              See sched(7).
3598
3599       /proc/sys/kernel/seccomp (since Linux 4.14)
3600              This  directory provides additional seccomp information and con‐
3601              figuration.  See seccomp(2) for further details.
3602
3603       /proc/sys/kernel/sem (since Linux 2.4)
3604              This file contains 4 numbers defining limits for  System  V  IPC
3605              semaphores.  These fields are, in order:
3606
3607              SEMMSL  The maximum semaphores per semaphore set.
3608
3609              SEMMNS  A  system-wide  limit on the number of semaphores in all
3610                      semaphore sets.
3611
3612              SEMOPM  The maximum number of operations that may  be  specified
3613                      in a semop(2) call.
3614
3615              SEMMNI  A  system-wide  limit on the maximum number of semaphore
3616                      identifiers.
3617
3618       /proc/sys/kernel/sg-big-buff
3619              This file shows the size of the generic SCSI device (sg) buffer.
3620              You  can't  tune it just yet, but you could change it at compile
3621              time by editing include/scsi/sg.h  and  changing  the  value  of
3622              SG_BIG_BUFF.   However,  there shouldn't be any reason to change
3623              this value.
3624
3625       /proc/sys/kernel/shm_rmid_forced (since Linux 3.1)
3626              If this file is set to 1, all System V  shared  memory  segments
3627              will be marked for destruction as soon as the number of attached
3628              processes falls to zero; in other words, it is no longer  possi‐
3629              ble to create shared memory segments that exist independently of
3630              any attached process.
3631
3632              The effect is as though a shmctl(2) IPC_RMID is performed on all
3633              existing  segments as well as all segments created in the future
3634              (until this file is reset to 0).  Note  that  existing  segments
3635              that  are  attached  to no process will be immediately destroyed
3636              when this file is set to  1.   Setting  this  option  will  also
3637              destroy  segments  that  were  created, but never attached, upon
3638              termination  of  the  process  that  created  the  segment  with
3639              shmget(2).
3640
3641              Setting  this file to 1 provides a way of ensuring that all Sys‐
3642              tem V shared memory segments are counted  against  the  resource
3643              usage  and  resource limits (see the description of RLIMIT_AS in
3644              getrlimit(2)) of at least one process.
3645
3646              Because setting this file to 1 produces behavior  that  is  non‐
3647              standard and could also break existing applications, the default
3648              value in this file is 0.  Set this file to 1 only if you have  a
3649              good  understanding  of  the semantics of the applications using
3650              System V shared memory on your system.
3651
3652       /proc/sys/kernel/shmall (since Linux 2.2)
3653              This file contains the system-wide limit on the total number  of
3654              pages of System V shared memory.
3655
3656       /proc/sys/kernel/shmmax (since Linux 2.2)
3657              This file can be used to query and set the run-time limit on the
3658              maximum (System V IPC) shared memory segment size  that  can  be
3659              created.  Shared memory segments up to 1 GB are now supported in
3660              the kernel.  This value defaults to SHMMAX.
3661
3662       /proc/sys/kernel/shmmni (since Linux 2.4)
3663              This file specifies the system-wide maximum number of  System  V
3664              shared memory segments that can be created.
3665
3666       /proc/sys/kernel/sysctl_writes_strict (since Linux 3.16)
3667              The  value  in  this file determines how the file offset affects
3668              the behavior of updating entries in files under /proc/sys.   The
3669              file has three possible values:
3670
3671              -1  This  provides  legacy  handling,  with  no printk warnings.
3672                  Each write(2) must fully contain the value  to  be  written,
3673                  and  multiple  writes on the same file descriptor will over‐
3674                  write the entire value, regardless of the file position.
3675
3676              0   (default) This provides the same behavior  as  for  -1,  but
3677                  printk  warnings  are  written  for  processes  that perform
3678                  writes when the file offset is not 0.
3679
3680              1   Respect the file offset when writing strings into  /proc/sys
3681                  files.   Multiple  writes  will  append to the value buffer.
3682                  Anything written beyond the maximum length of the value buf‐
3683                  fer  will  be  ignored.  Writes to numeric /proc/sys entries
3684                  must always be at file offset 0 and the value must be  fully
3685                  contained in the buffer provided to write(2).
3686
3687       /proc/sys/kernel/sysrq
3688              This  file  controls  the functions allowed to be invoked by the
3689              SysRq key.  By default, the file contains 1 meaning  that  every
3690              possible  SysRq  request  is  allowed (in older kernel versions,
3691              SysRq was disabled by default, and you were required to specifi‐
3692              cally enable it at run-time, but this is not the case any more).
3693              Possible values in this file are:
3694
3695              0    Disable sysrq completely
3696
3697              1    Enable all functions of sysrq
3698
3699              > 1  Bit mask of allowed sysrq functions, as follows:
3700                     2  Enable control of console logging level
3701                     4  Enable control of keyboard (SAK, unraw)
3702                     8  Enable debugging dumps of processes etc.
3703                    16  Enable sync command
3704                    32  Enable remount read-only
3705                    64  Enable signaling of processes (term, kill, oom-kill)
3706                   128  Allow reboot/poweroff
3707                   256  Allow nicing of all real-time tasks
3708
3709              This file is present only if the CONFIG_MAGIC_SYSRQ kernel  con‐
3710              figuration option is enabled.  For further details see the Linux
3711              kernel source file Documentation/admin-guide/sysrq.rst (or Docu‐
3712              mentation/sysrq.txt before Linux 4.10).
3713
3714       /proc/sys/kernel/version
3715              This file contains a string such as:
3716
3717                  #5 Wed Feb 25 21:49:24 MET 1998
3718
3719              The  "#5"  means  that  this is the fifth kernel built from this
3720              source base and the date following it  indicates  the  time  the
3721              kernel was built.
3722
3723       /proc/sys/kernel/threads-max (since Linux 2.3.11)
3724              This  file  specifies  the  system-wide  limit  on the number of
3725              threads (tasks) that can be created on the system.
3726
3727              Since Linux 4.1, the value that can be written to threads-max is
3728              bounded.  The minimum value that can be written is 20.  The max‐
3729              imum value  that  can  be  written  is  given  by  the  constant
3730              FUTEX_TID_MASK  (0x3fffffff).   If a value outside of this range
3731              is written to threads-max, the error EINVAL occurs.
3732
3733              The value written is checked against the  available  RAM  pages.
3734              If the thread structures would occupy too much (more than 1/8th)
3735              of the available RAM pages, threads-max is reduced accordingly.
3736
3737       /proc/sys/kernel/yama/ptrace_scope (since Linux 3.5)
3738              See ptrace(2).
3739
3740       /proc/sys/kernel/zero-paged (PowerPC only)
3741              This file contains a flag.  When  enabled  (nonzero),  Linux-PPC
3742              will  pre-zero  pages  in  the  idle  loop, possibly speeding up
3743              get_free_pages.
3744
3745       /proc/sys/net
3746              This directory contains networking stuff.  Explanations for some
3747              of  the  files  under  this directory can be found in tcp(7) and
3748              ip(7).
3749
3750       /proc/sys/net/core/bpf_jit_enable
3751              See bpf(2).
3752
3753       /proc/sys/net/core/somaxconn
3754              This file defines a ceiling value for the  backlog  argument  of
3755              listen(2); see the listen(2) manual page for details.
3756
3757       /proc/sys/proc
3758              This directory may be empty.
3759
3760       /proc/sys/sunrpc
3761              This  directory  supports  Sun remote procedure call for network
3762              filesystem (NFS).  On some systems, it is not present.
3763
3764       /proc/sys/user (since Linux 4.9)
3765              See namespaces(7).
3766
3767       /proc/sys/vm
3768              This directory contains files for memory management tuning, buf‐
3769              fer and cache management.
3770
3771       /proc/sys/vm/admin_reserve_kbytes (since Linux 3.10)
3772              This file defines the amount of free memory (in KiB) on the sys‐
3773              tem that should  be  reserved  for  users  with  the  capability
3774              CAP_SYS_ADMIN.
3775
3776              The  default  value  in  this file is the minimum of [3% of free
3777              pages, 8MiB] expressed as KiB.  The default is intended to  pro‐
3778              vide  enough  for the superuser to log in and kill a process, if
3779              necessary, under the default overcommit 'guess' mode (i.e., 0 in
3780              /proc/sys/vm/overcommit_memory).
3781
3782              Systems   running   in  "overcommit  never"  mode  (i.e.,  2  in
3783              /proc/sys/vm/overcommit_memory) should  increase  the  value  in
3784              this  file  to  account  for the full virtual memory size of the
3785              programs used to recover (e.g.,  login(1)  ssh(1),  and  top(1))
3786              Otherwise,  the  superuser  may not be able to log in to recover
3787              the system.  For example, on x86-64 a suitable value  is  131072
3788              (128MiB reserved).
3789
3790              Changing  the value in this file takes effect whenever an appli‐
3791              cation requests memory.
3792
3793       /proc/sys/vm/compact_memory (since Linux 2.6.35)
3794              When 1 is written to this file, all  zones  are  compacted  such
3795              that  free memory is available in contiguous blocks where possi‐
3796              ble.  The effect  of  this  action  can  be  seen  by  examining
3797              /proc/buddyinfo.
3798
3799              Present  only  if  the  kernel  was  configured with CONFIG_COM‐
3800              PACTION.
3801
3802       /proc/sys/vm/drop_caches (since Linux 2.6.16)
3803              Writing to this file causes the kernel  to  drop  clean  caches,
3804              dentries,  and inodes from memory, causing that memory to become
3805              free.  This can be useful for memory management testing and per‐
3806              forming  reproducible filesystem benchmarks.  Because writing to
3807              this file causes the benefits of caching  to  be  lost,  it  can
3808              degrade overall system performance.
3809
3810              To free pagecache, use:
3811
3812                  echo 1 > /proc/sys/vm/drop_caches
3813
3814              To free dentries and inodes, use:
3815
3816                  echo 2 > /proc/sys/vm/drop_caches
3817
3818              To free pagecache, dentries and inodes, use:
3819
3820                  echo 3 > /proc/sys/vm/drop_caches
3821
3822              Because  writing  to this file is a nondestructive operation and
3823              dirty objects are not freeable,  the  user  should  run  sync(1)
3824              first.
3825
3826       /proc/sys/vm/legacy_va_layout (since Linux 2.6.9)
3827              If  nonzero, this disables the new 32-bit memory-mapping layout;
3828              the kernel will use the legacy (2.4) layout for all processes.
3829
3830       /proc/sys/vm/memory_failure_early_kill (since Linux 2.6.32)
3831              Control how to kill processes when an uncorrected  memory  error
3832              (typically a 2-bit error in a memory module) that cannot be han‐
3833              dled by the kernel is detected in the  background  by  hardware.
3834              In some cases (like the page still having a valid copy on disk),
3835              the kernel will handle the failure transparently without affect‐
3836              ing  any applications.  But if there is no other up-to-date copy
3837              of the data, it will kill processes to prevent any data  corrup‐
3838              tions from propagating.
3839
3840              The file has one of the following values:
3841
3842              1:  Kill  all  processes that have the corrupted-and-not-reload‐
3843                  able page mapped as soon  as  the  corruption  is  detected.
3844                  Note  that  this  is not supported for a few types of pages,
3845                  such as kernel internally allocated data or the swap  cache,
3846                  but works for the majority of user pages.
3847
3848              0:  Unmap  the  corrupted  page  from  all  processes and kill a
3849                  process only if it tries to access the page.
3850
3851              The kill is performed using a SIGBUS signal with si_code set  to
3852              BUS_MCEERR_AO.   Processes  can handle this if they want to; see
3853              sigaction(2) for more details.
3854
3855              This feature is  active  only  on  architectures/platforms  with
3856              advanced  machine  check  handling  and  depends on the hardware
3857              capabilities.
3858
3859              Applications can override the memory_failure_early_kill  setting
3860              individually with the prctl(2) PR_MCE_KILL operation.
3861
3862              Present  only  if  the  kernel  was  configured with CONFIG_MEM‐
3863              ORY_FAILURE.
3864
3865       /proc/sys/vm/memory_failure_recovery (since Linux 2.6.32)
3866              Enable memory failure recovery (when supported by the platform).
3867
3868              1:  Attempt recovery.
3869
3870              0:  Always panic on a memory failure.
3871
3872              Present only if  the  kernel  was  configured  with  CONFIG_MEM‐
3873              ORY_FAILURE.
3874
3875       /proc/sys/vm/oom_dump_tasks (since Linux 2.6.25)
3876              Enables a system-wide task dump (excluding kernel threads) to be
3877              produced when the kernel  performs  an  OOM-killing.   The  dump
3878              includes  the  following  information  for  each  task  (thread,
3879              process): thread ID, real user ID, thread group ID (process ID),
3880              virtual memory size, resident set size, the CPU that the task is
3881              scheduled  on,   oom_adj   score   (see   the   description   of
3882              /proc/[pid]/oom_adj),  and  command  name.   This  is helpful to
3883              determine why the OOM-killer was invoked  and  to  identify  the
3884              rogue task that caused it.
3885
3886              If this contains the value zero, this information is suppressed.
3887              On very large systems with thousands of tasks,  it  may  not  be
3888              feasible  to  dump  the  memory  state information for each one.
3889              Such systems should not be forced to incur a performance penalty
3890              in OOM situations when the information may not be desired.
3891
3892              If  this  is  set to nonzero, this information is shown whenever
3893              the OOM-killer actually kills a memory-hogging task.
3894
3895              The default value is 0.
3896
3897       /proc/sys/vm/oom_kill_allocating_task (since Linux 2.6.24)
3898              This enables or disables killing the OOM-triggering task in out-
3899              of-memory situations.
3900
3901              If  this  is  set  to zero, the OOM-killer will scan through the
3902              entire tasklist and select a task based on heuristics  to  kill.
3903              This  normally selects a rogue memory-hogging task that frees up
3904              a large amount of memory when killed.
3905
3906              If this is set to nonzero, the OOM-killer simply kills the  task
3907              that  triggered the out-of-memory condition.  This avoids a pos‐
3908              sibly expensive tasklist scan.
3909
3910              If /proc/sys/vm/panic_on_oom is  nonzero,  it  takes  precedence
3911              over  whatever  value  is used in /proc/sys/vm/oom_kill_allocat‐
3912              ing_task.
3913
3914              The default value is 0.
3915
3916       /proc/sys/vm/overcommit_kbytes (since Linux 3.14)
3917              This writable file provides an alternative to /proc/sys/vm/over‐
3918              commit_ratio    for    controlling    the    CommitLimit    when
3919              /proc/sys/vm/overcommit_memory has the value 2.  It  allows  the
3920              amount  of  memory overcommitting to be specified as an absolute
3921              value (in kB), rather than as a  percentage,  as  is  done  with
3922              overcommit_ratio.  This allows for finer-grained control of Com‐
3923              mitLimit on systems with extremely large memory sizes.
3924
3925              Only one of overcommit_kbytes or overcommit_ratio  can  have  an
3926              effect:  if  overcommit_kbytes  has  a nonzero value, then it is
3927              used to calculate  CommitLimit,  otherwise  overcommit_ratio  is
3928              used.  Writing a value to either of these files causes the value
3929              in the other file to be set to zero.
3930
3931       /proc/sys/vm/overcommit_memory
3932              This file contains the kernel virtual  memory  accounting  mode.
3933              Values are:
3934
3935                     0: heuristic overcommit (this is the default)
3936                     1: always overcommit, never check
3937                     2: always check, never overcommit
3938
3939              In  mode 0, calls of mmap(2) with MAP_NORESERVE are not checked,
3940              and the default check is very weak, leading to the risk of  get‐
3941              ting a process "OOM-killed".
3942
3943              In  mode  1,  the kernel pretends there is always enough memory,
3944              until memory actually runs out.  One use case for this  mode  is
3945              scientific  computing  applications  that  employ  large  sparse
3946              arrays.  In Linux kernel  versions  before  2.6.0,  any  nonzero
3947              value implies mode 1.
3948
3949              In mode 2 (available since Linux 2.6), the total virtual address
3950              space that can be allocated (CommitLimit  in  /proc/meminfo)  is
3951              calculated as
3952
3953                  CommitLimit = (total_RAM - total_huge_TLB) *
3954                                overcommit_ratio / 100 + total_swap
3955
3956              where:
3957
3958                   *  total_RAM is the total amount of RAM on the system;
3959
3960                   *  total_huge_TLB  is  the  amount  of memory set aside for
3961                      huge pages;
3962
3963                   *  overcommit_ratio is the value  in  /proc/sys/vm/overcom‐
3964                      mit_ratio; and
3965
3966                   *  total_swap is the amount of swap space.
3967
3968              For  example,  on  a system with 16 GB of physical RAM, 16 GB of
3969              swap, no space dedicated to huge pages, and an  overcommit_ratio
3970              of 50, this formula yields a CommitLimit of 24 GB.
3971
3972              Since Linux 3.14, if the value in /proc/sys/vm/overcommit_kbytes
3973              is nonzero, then CommitLimit is instead calculated as:
3974
3975                  CommitLimit = overcommit_kbytes + total_swap
3976
3977              See also the  description  of  /proc/sys/vm/admin_reserve_kbytes
3978              and /proc/sys/vm/user_reserve_kbytes.
3979
3980       /proc/sys/vm/overcommit_ratio (since Linux 2.6.0)
3981              This  writable  file defines a percentage by which memory can be
3982              overcommitted.  The default value in the file is  50.   See  the
3983              description of /proc/sys/vm/overcommit_memory.
3984
3985       /proc/sys/vm/panic_on_oom (since Linux 2.6.18)
3986              This enables or disables a kernel panic in an out-of-memory sit‐
3987              uation.
3988
3989              If this file is set to the value 0, the kernel's OOM-killer will
3990              kill  some  rogue  process.   Usually, the OOM-killer is able to
3991              kill a rogue process and the system will survive.
3992
3993              If this file is set to the value 1,  then  the  kernel  normally
3994              panics when out-of-memory happens.  However, if a process limits
3995              allocations to certain nodes  using  memory  policies  (mbind(2)
3996              MPOL_BIND)  or  cpusets (cpuset(7)) and those nodes reach memory
3997              exhaustion status, one process may be killed by the  OOM-killer.
3998              No panic occurs in this case: because other nodes' memory may be
3999              free, this means the system as a whole may not have  reached  an
4000              out-of-memory situation yet.
4001
4002              If  this  file  is  set to the value 2, the kernel always panics
4003              when an out-of-memory condition occurs.
4004
4005              The default value is 0.  1 and 2 are for failover of clustering.
4006              Select either according to your policy of failover.
4007
4008       /proc/sys/vm/swappiness
4009              The value in this file controls how aggressively the kernel will
4010              swap memory pages.  Higher values increase aggressiveness, lower
4011              values decrease aggressiveness.  The default value is 60.
4012
4013       /proc/sys/vm/user_reserve_kbytes (since Linux 3.10)
4014              Specifies  an amount of memory (in KiB) to reserve for user pro‐
4015              cesses.  This is intended to prevent a user from starting a sin‐
4016              gle  memory hogging process, such that they cannot recover (kill
4017              the hog).  The value in  this  file  has  an  effect  only  when
4018              /proc/sys/vm/overcommit_memory  is  set to 2 ("overcommit never"
4019              mode).  In this case, the system reserves an  amount  of  memory
4020              that   is   the   minimum   of  [3%  of  current  process  size,
4021              user_reserve_kbytes].
4022
4023              The default value in this file is the minimum  of  [3%  of  free
4024              pages, 128MiB] expressed as KiB.
4025
4026              If  the  value  in this file is set to zero, then a user will be
4027              allowed to allocate all free memory with a single process (minus
4028              the  amount reserved by /proc/sys/vm/admin_reserve_kbytes).  Any
4029              subsequent attempts to execute a command will result  in  "fork:
4030              Cannot allocate memory".
4031
4032              Changing  the value in this file takes effect whenever an appli‐
4033              cation requests memory.
4034
4035       /proc/sys/vm/unprivileged_userfaultfd (since Linux 5.2)
4036              This (writable)  file  exposes  a  flag  that  controls  whether
4037              unprivileged processes are allowed to employ userfaultfd(2).  If
4038              this file has the value 1, then unprivileged processes  may  use
4039              userfaultfd(2).   If  this  file has the value 0, then only pro‐
4040              cesses that have the CAP_SYS_PTRACE capability may employ  user‐
4041              faultfd(2).  The default value in this file is 1.
4042
4043       /proc/sysrq-trigger (since Linux 2.4.21)
4044              Writing  a  character to this file triggers the same SysRq func‐
4045              tion as typing ALT-SysRq-<character>  (see  the  description  of
4046              /proc/sys/kernel/sysrq).  This file is normally writable only by
4047              root.  For further details see the Linux kernel source file Doc‐
4048              umentation/admin-guide/sysrq.rst   (or   Documentation/sysrq.txt
4049              before Linux 4.10).
4050
4051       /proc/sysvipc
4052              Subdirectory containing  the  pseudo-files  msg,  sem  and  shm.
4053              These  files  list the System V Interprocess Communication (IPC)
4054              objects (respectively: message queues,  semaphores,  and  shared
4055              memory)  that  currently  exist on the system, providing similar
4056              information to that available via  ipcs(1).   These  files  have
4057              headers  and  are  formatted  (one IPC object per line) for easy
4058              understanding.  sysvipc(7) provides further  background  on  the
4059              information shown by these files.
4060
4061       /proc/thread-self (since Linux 3.17)
4062              This directory refers to the thread accessing the /proc filesys‐
4063              tem, and is identical  to  the  /proc/self/task/[tid]  directory
4064              named by the process thread ID ([tid]) of the same thread.
4065
4066       /proc/timer_list (since Linux 2.6.21)
4067              This  read-only  file  exposes  a  list of all currently pending
4068              (high-resolution) timers, all  clock-event  sources,  and  their
4069              parameters in a human-readable form.
4070
4071       /proc/timer_stats (from  Linux 2.6.21 until Linux 4.10)
4072              This  is  a  debugging facility to make timer (ab)use in a Linux
4073              system visible to kernel and user-space developers.  It  can  be
4074              used  by  kernel  and user-space developers to verify that their
4075              code does not make undue use of timers.  The goal  is  to  avoid
4076              unnecessary wakeups, thereby optimizing power consumption.
4077
4078              If  enabled in the kernel (CONFIG_TIMER_STATS), but not used, it
4079              has almost zero run-time overhead and a relatively  small  data-
4080              structure  overhead.  Even if collection is enabled at run time,
4081              overhead is low: all  the  locking  is  per-CPU  and  lookup  is
4082              hashed.
4083
4084              The  /proc/timer_stats  file  is  used  both to control sampling
4085              facility and to read out the sampled information.
4086
4087              The timer_stats functionality is inactive on bootup.  A sampling
4088              period can be started using the following command:
4089
4090                  # echo 1 > /proc/timer_stats
4091
4092              The following command stops a sampling period:
4093
4094                  # echo 0 > /proc/timer_stats
4095
4096              The statistics can be retrieved by:
4097
4098                  $ cat /proc/timer_stats
4099
4100              While  sampling  is enabled, each readout from /proc/timer_stats
4101              will see newly updated statistics.  Once sampling  is  disabled,
4102              the  sampled  information  is  kept until a new sample period is
4103              started.  This allows multiple readouts.
4104
4105              Sample output from /proc/timer_stats:
4106
4107    $ cat /proc/timer_stats
4108    Timer Stats Version: v0.3
4109    Sample period: 1.764 s
4110    Collection: active
4111      255,     0 swapper/3        hrtimer_start_range_ns (tick_sched_timer)
4112       71,     0 swapper/1        hrtimer_start_range_ns (tick_sched_timer)
4113       58,     0 swapper/0        hrtimer_start_range_ns (tick_sched_timer)
4114        4,  1694 gnome-shell      mod_delayed_work_on (delayed_work_timer_fn)
4115       17,     7 rcu_sched        rcu_gp_kthread (process_timeout)
4116    ...
4117        1,  4911 kworker/u16:0    mod_delayed_work_on (delayed_work_timer_fn)
4118       1D,  2522 kworker/0:0      queue_delayed_work_on (delayed_work_timer_fn)
4119    1029 total events, 583.333 events/sec
4120
4121              The output columns are:
4122
4123              *  a count of the number  of  events,  optionally  (since  Linux
4124                 2.6.23)  followed  by  the letter 'D' if this is a deferrable
4125                 timer;
4126
4127              *  the PID of the process that initialized the timer;
4128
4129              *  the name of the process that initialized the timer;
4130
4131              *  the function where the timer was initialized; and
4132
4133              *  (in parentheses) the callback  function  that  is  associated
4134                 with the timer.
4135
4136              During  the Linux 4.11 development cycle, this file  was removed
4137              because of security concerns, as it exposes  information  across
4138              namespaces.   Furthermore,  it  is  possible  to obtain the same
4139              information via in-kernel tracing facilities such as ftrace.
4140
4141       /proc/tty
4142              Subdirectory containing the pseudo-files and subdirectories  for
4143              tty drivers and line disciplines.
4144
4145       /proc/uptime
4146              This  file  contains two numbers (values in seconds): the uptime
4147              of the system (including time spent in suspend) and  the  amount
4148              of time spent in the idle process.
4149
4150       /proc/version
4151              This string identifies the kernel version that is currently run‐
4152              ning.  It  includes  the  contents  of  /proc/sys/kernel/ostype,
4153              /proc/sys/kernel/osrelease  and  /proc/sys/kernel/version.   For
4154              example:
4155
4156        Linux version 1.0.9 (quinlan@phaze) #1 Sat May 14 01:51:54 EDT 1994
4157
4158       /proc/vmstat (since Linux 2.6.0)
4159              This file displays various virtual memory statistics.  Each line
4160              of  this  file  contains  a single name-value pair, delimited by
4161              white space.  Some lines are present only if the kernel was con‐
4162              figured  with  suitable  options.   (In  some cases, the options
4163              required for particular files have changed  across  kernel  ver‐
4164              sions,  so  they  are  not listed here.  Details can be found by
4165              consulting the kernel source code.)  The following fields may be
4166              present:
4167
4168              nr_free_pages (since Linux 2.6.31)
4169
4170              nr_alloc_batch (since Linux 3.12)
4171
4172              nr_inactive_anon (since Linux 2.6.28)
4173
4174              nr_active_anon (since Linux 2.6.28)
4175
4176              nr_inactive_file (since Linux 2.6.28)
4177
4178              nr_active_file (since Linux 2.6.28)
4179
4180              nr_unevictable (since Linux 2.6.28)
4181
4182              nr_mlock (since Linux 2.6.28)
4183
4184              nr_anon_pages (since Linux 2.6.18)
4185
4186              nr_mapped (since Linux 2.6.0)
4187
4188              nr_file_pages (since Linux 2.6.18)
4189
4190              nr_dirty (since Linux 2.6.0)
4191
4192              nr_writeback (since Linux 2.6.0)
4193
4194              nr_slab_reclaimable (since Linux 2.6.19)
4195
4196              nr_slab_unreclaimable (since Linux 2.6.19)
4197
4198              nr_page_table_pages (since Linux 2.6.0)
4199
4200              nr_kernel_stack (since Linux 2.6.32)
4201                     Amount of memory allocated to kernel stacks.
4202
4203              nr_unstable (since Linux 2.6.0)
4204
4205              nr_bounce (since Linux 2.6.12)
4206
4207              nr_vmscan_write (since Linux 2.6.19)
4208
4209              nr_vmscan_immediate_reclaim (since Linux 3.2)
4210
4211              nr_writeback_temp (since Linux 2.6.26)
4212
4213              nr_isolated_anon (since Linux 2.6.32)
4214
4215              nr_isolated_file (since Linux 2.6.32)
4216
4217              nr_shmem (since Linux 2.6.32)
4218                     Pages used by shmem and tmpfs(5).
4219
4220              nr_dirtied (since Linux 2.6.37)
4221
4222              nr_written (since Linux 2.6.37)
4223
4224              nr_pages_scanned (since Linux 3.17)
4225
4226              numa_hit (since Linux 2.6.18)
4227
4228              numa_miss (since Linux 2.6.18)
4229
4230              numa_foreign (since Linux 2.6.18)
4231
4232              numa_interleave (since Linux 2.6.18)
4233
4234              numa_local (since Linux 2.6.18)
4235
4236              numa_other (since Linux 2.6.18)
4237
4238              workingset_refault (since Linux 3.15)
4239
4240              workingset_activate (since Linux 3.15)
4241
4242              workingset_nodereclaim (since Linux 3.15)
4243
4244              nr_anon_transparent_hugepages (since Linux 2.6.38)
4245
4246              nr_free_cma (since Linux 3.7)
4247                     Number of free CMA (Contiguous Memory Allocator) pages.
4248
4249              nr_dirty_threshold (since Linux 2.6.37)
4250
4251              nr_dirty_background_threshold (since Linux 2.6.37)
4252
4253              pgpgin (since Linux 2.6.0)
4254
4255              pgpgout (since Linux 2.6.0)
4256
4257              pswpin (since Linux 2.6.0)
4258
4259              pswpout (since Linux 2.6.0)
4260
4261              pgalloc_dma (since Linux 2.6.5)
4262
4263              pgalloc_dma32 (since Linux 2.6.16)
4264
4265              pgalloc_normal (since Linux 2.6.5)
4266
4267              pgalloc_high (since Linux 2.6.5)
4268
4269              pgalloc_movable (since Linux 2.6.23)
4270
4271              pgfree (since Linux 2.6.0)
4272
4273              pgactivate (since Linux 2.6.0)
4274
4275              pgdeactivate (since Linux 2.6.0)
4276
4277              pgfault (since Linux 2.6.0)
4278
4279              pgmajfault (since Linux 2.6.0)
4280
4281              pgrefill_dma (since Linux 2.6.5)
4282
4283              pgrefill_dma32 (since Linux 2.6.16)
4284
4285              pgrefill_normal (since Linux 2.6.5)
4286
4287              pgrefill_high (since Linux 2.6.5)
4288
4289              pgrefill_movable (since Linux 2.6.23)
4290
4291              pgsteal_kswapd_dma (since Linux 3.4)
4292
4293              pgsteal_kswapd_dma32 (since Linux 3.4)
4294
4295              pgsteal_kswapd_normal (since Linux 3.4)
4296
4297              pgsteal_kswapd_high (since Linux 3.4)
4298
4299              pgsteal_kswapd_movable (since Linux 3.4)
4300
4301              pgsteal_direct_dma
4302
4303              pgsteal_direct_dma32 (since Linux 3.4)
4304
4305              pgsteal_direct_normal (since Linux 3.4)
4306
4307              pgsteal_direct_high (since Linux 3.4)
4308
4309              pgsteal_direct_movable (since Linux 2.6.23)
4310
4311              pgscan_kswapd_dma
4312
4313              pgscan_kswapd_dma32 (since Linux 2.6.16)
4314
4315              pgscan_kswapd_normal (since Linux 2.6.5)
4316
4317              pgscan_kswapd_high
4318
4319              pgscan_kswapd_movable (since Linux 2.6.23)
4320
4321              pgscan_direct_dma
4322
4323              pgscan_direct_dma32 (since Linux 2.6.16)
4324
4325              pgscan_direct_normal
4326
4327              pgscan_direct_high
4328
4329              pgscan_direct_movable (since Linux 2.6.23)
4330
4331              pgscan_direct_throttle (since Linux 3.6)
4332
4333              zone_reclaim_failed (since linux 2.6.31)
4334
4335              pginodesteal (since linux 2.6.0)
4336
4337              slabs_scanned (since linux 2.6.5)
4338
4339              kswapd_inodesteal (since linux 2.6.0)
4340
4341              kswapd_low_wmark_hit_quickly (since 2.6.33)
4342
4343              kswapd_high_wmark_hit_quickly (since 2.6.33)
4344
4345              pageoutrun (since Linux 2.6.0)
4346
4347              allocstall (since Linux 2.6.0)
4348
4349              pgrotated (since Linux 2.6.0)
4350
4351              drop_pagecache (since Linux 3.15)
4352
4353              drop_slab (since Linux 3.15)
4354
4355              numa_pte_updates (since Linux 3.8)
4356
4357              numa_huge_pte_updates (since Linux 3.13)
4358
4359              numa_hint_faults (since Linux 3.8)
4360
4361              numa_hint_faults_local (since Linux 3.8)
4362
4363              numa_pages_migrated (since Linux 3.8)
4364
4365              pgmigrate_success (since Linux 3.8)
4366
4367              pgmigrate_fail (since Linux 3.8)
4368
4369              compact_migrate_scanned (since Linux 3.8)
4370
4371              compact_free_scanned (since Linux 3.8)
4372
4373              compact_isolated (since Linux 3.8)
4374
4375              compact_stall (since Linux 2.6.35)
4376                     See     the     kernel     source     file     Documenta‐
4377                     tion/admin-guide/mm/transhuge.rst.
4378
4379              compact_fail (since Linux 2.6.35)
4380                     See     the     kernel     source     file     Documenta‐
4381                     tion/admin-guide/mm/transhuge.rst.
4382
4383              compact_success (since Linux 2.6.35)
4384                     See     the     kernel     source     file     Documenta‐
4385                     tion/admin-guide/mm/transhuge.rst.
4386
4387              htlb_buddy_alloc_success (since Linux 2.6.26)
4388
4389              htlb_buddy_alloc_fail (since Linux 2.6.26)
4390
4391              unevictable_pgs_culled (since Linux 2.6.28)
4392
4393              unevictable_pgs_scanned (since Linux 2.6.28)
4394
4395              unevictable_pgs_rescued (since Linux 2.6.28)
4396
4397              unevictable_pgs_mlocked (since Linux 2.6.28)
4398
4399              unevictable_pgs_munlocked (since Linux 2.6.28)
4400
4401              unevictable_pgs_cleared (since Linux 2.6.28)
4402
4403              unevictable_pgs_stranded (since Linux 2.6.28)
4404
4405              thp_fault_alloc (since Linux 2.6.39)
4406                     See     the     kernel     source     file     Documenta‐
4407                     tion/admin-guide/mm/transhuge.rst.
4408
4409              thp_fault_fallback (since Linux 2.6.39)
4410                     See     the     kernel     source     file     Documenta‐
4411                     tion/admin-guide/mm/transhuge.rst.
4412
4413              thp_collapse_alloc (since Linux 2.6.39)
4414                     See     the     kernel     source     file     Documenta‐
4415                     tion/admin-guide/mm/transhuge.rst.
4416
4417              thp_collapse_alloc_failed (since Linux 2.6.39)
4418                     See     the     kernel     source     file     Documenta‐
4419                     tion/admin-guide/mm/transhuge.rst.
4420
4421              thp_split (since Linux 2.6.39)
4422                     See     the     kernel     source     file     Documenta‐
4423                     tion/admin-guide/mm/transhuge.rst.
4424
4425              thp_zero_page_alloc (since Linux 3.8)
4426                     See     the     kernel     source     file     Documenta‐
4427                     tion/admin-guide/mm/transhuge.rst.
4428
4429              thp_zero_page_alloc_failed (since Linux 3.8)
4430                     See     the     kernel     source     file     Documenta‐
4431                     tion/admin-guide/mm/transhuge.rst.
4432
4433              balloon_inflate (since Linux 3.18)
4434
4435              balloon_deflate (since Linux 3.18)
4436
4437              balloon_migrate (since Linux 3.18)
4438
4439              nr_tlb_remote_flush (since Linux 3.12)
4440
4441              nr_tlb_remote_flush_received (since Linux 3.12)
4442
4443              nr_tlb_local_flush_all (since Linux 3.12)
4444
4445              nr_tlb_local_flush_one (since Linux 3.12)
4446
4447              vmacache_find_calls (since Linux 3.16)
4448
4449              vmacache_find_hits (since Linux 3.16)
4450
4451              vmacache_full_flushes (since Linux 3.19)
4452
4453       /proc/zoneinfo (since Linux 2.6.13)
4454              This file displays information about memory zones.  This is use‐
4455              ful for analyzing virtual memory behavior.
4456

NOTES

4458       Many files contain strings (e.g., the  environment  and  command  line)
4459       that  are  in  the  internal  format, with subfields terminated by null
4460       bytes ('\0').  When inspecting  such  files,  you  may  find  that  the
4461       results are more readable if you use a command of the following form to
4462       display them:
4463
4464           $ cat file | tr '\000' '\n'
4465
4466       This manual page is incomplete, possibly inaccurate, and is the kind of
4467       thing that needs to be updated very often.
4468

SEE ALSO

4470       cat(1), dmesg(1), find(1), free(1), htop(1), init(1), ps(1), pstree(1),
4471       tr(1),   uptime(1),   chroot(2),   mmap(2),   readlink(2),   syslog(2),
4472       slabinfo(5),   sysfs(5),   hier(7),   namespaces(7),  time(7),  arp(8),
4473       hdparm(8),  ifconfig(8),  lsmod(8),  lspci(8),  mount(8),   netstat(8),
4474       procinfo(8), route(8), sysctl(8)
4475
4476       The Linux kernel source files: Documentation/filesystems/proc.txt, Doc‐
4477       umentation/sysctl/fs.txt,  Documentation/sysctl/kernel.txt,  Documenta‐
4478       tion/sysctl/net.txt, and Documentation/sysctl/vm.txt.
4479

COLOPHON

4481       This  page  is  part of release 5.07 of the Linux man-pages project.  A
4482       description of the project, information about reporting bugs,  and  the
4483       latest     version     of     this    page,    can    be    found    at
4484       https://www.kernel.org/doc/man-pages/.
4485
4486
4487
4488Linux                             2020-04-11                           PROC(5)
Impressum