Tuesday, July 27, 2010

The /proc Filesystem

Most of the /proc filesystem is read only, however there are some directories and files like /proc/sys which can be edited to modify the kernel.  Lets look into each area of the /proc filesystem.

/proc/apm -> used for checking the battery status and gaining information about a system's battery

/proc/buddyinfo -> used to diagnose fragmentation issues in memory

/proc/cmdline -> parameters that were passed to the kernel during boot

/proc/cpuinfo -> identifies the CPU and information about it on the system

/proc/crypto -> lists all installed cryptographic ciphers used by the kernel

/proc/devices -> displays information on various character and block devices

/proc/dma -> contains a list of registered ISA DMA channels

/proc/fb -> contains a list of frame buffer devices

/proc/filesystems -> shows a list of file system types that are currently supported by the kernel

/proc/interrupts -> lists the number of interrupts per IRQ

/proc/iomem -> shows a current map of the system's memory for each physical device

/proc/ioports -> contains a list of currently registered port regions

/proc/loadvg -> contains load average of the CPU and IO over time, as well as the number of running processes

/proc/mdstat -> contains information about multi-disk RAID configurations

/proc/meminfo -> contains information about memory usage on the system

/proc/modules -> contains the modules currently loaded into the kernel

/proc/mounts -> contains a list of all mounts in use by the system (similar to /etc/mtab)

/proc/partitions -> contains partition block allocation information

/proc/pci -> lists all pci devices on the system, use /sbin/lspci -vb for a more readable version

/proc/slabinfo -> detailed information about system memory

/proc/stat -> information about the system since last reboot

/proc/swaps -> shows swap space and utilization

/proc/uptime -> shows amount of time system has been up (uptime command is better)

/proc/version -> shows kernel version information as well as gcc

These are just some of the files contained in the /proc directory which provide information useful for troubleshooting and maintanence.  There are also a number of directories listed in the /proc directory which are numbered.  These numbers represent the process ID (PID) of different programs and stores the information of them within these directories.

$ ls -l | grep apache

dr-xr-xr-x 5 apache apache 0 Feb 23 09:54 4427
dr-xr-xr-x 5 apache apache 0 Feb 23 09:54 4324
dr-xr-xr-x 5 apache apache 0 Feb 23 09:54 4387
dr-xr-xr-x 5 apache apache 0 Feb 23 09:54 4426
dr-xr-xr-x 5 apache apache 0 Feb 23 09:54 4427

You can see from the example that these directories are owned by the apache process and the folders are numbered after the processes running them.  This makes it easier for troubleshooting to hunt down information about particular processes.  There are a few other directories worth noting in the /proc filesystem as well.

/proc/bus -> this directory contains information relating to the various buses available on the system
/proc/driver -> contains information relating to drivers in use by the kernel
/proc/fs -> this directory shows which file systems are exported if an NFS server is running
/proc/ide -> this directory contains information about each IDE device, each channel has a directory
/proc/irq -> each IRQ has its own directory which contains configuration for each IRQ
/proc/net -> provides details about system networking including parameters and statistics
/proc/scsi -> same as /proc/ide but for SCSI drives
/proc/sys -> this directory is unique in that it allows you to tune the kernel and its features
/proc/sys/dev -> contains parameters for particular devices
/proc/sys/fs -> contains information relating to filesystem parameters and features

The one particular directory to note here is the /proc/sys directory.  This directory contains files that can be used to tune the kernel in its running state.  You can use the echo command to insert changes into the different files and change the paremeter of the kernel, however note that a reboot to the system will restore any changes made with the echo command.  An easy way to see which files can be modifed is to use the ls -l command and look for the 'w' write access to the particular file.  There is another command sysctl which can be used in place of directing echo output to files.  The sysctl command will also change parameters in the kernel.  In order for the changes to be permanent you must edit them in the /etc/sysctl.conf file which is executed during system boot.  This would be used more after testing is done with the echo command to tune the kernel the way you want.  You shouldn't try to memorize all the locations and files in the /proc directory.  An administrator should have an understanding of where the files are and an idea of what they do in order to troubleshoot or tune their system.  There are also other utilities including lspci, top, free, apm, lsusb, and other which can produce the same output of many of the /proc files.