Understanding the Linux /proc Virtual Filesystem and Its Key Entries

The /proc directory is a virtual filesystem in Linux that presents kernel data structures as files, allowing users to view and sometimes modify system attributes.

Mounting /proc

Typically, the kernel automatically mounts /proc, but it can also be mounted manually: mount -t proc proc /proc Most files under /proc are read‑only; a few are writable and can be used to change kernel configuration.

Key Directories and Files

/proc/pid

Each running process has a directory named after its PID. This directory contains numerous files that expose process information, such as: /proc/pid/cmdline – full command line of the process. /proc/pid/comm – short command name (truncated to 16 bytes). /proc/pid/environ – environment variables, null‑separated. /proc/pid/exe – symbolic link to the executable binary. /proc/pid/fd/ – symbolic links for each open file descriptor. /proc/pid/maps – memory mapping layout. /proc/pid/status and /proc/pid/stat – human‑readable and raw process status information. /proc/pid/smaps – detailed memory usage per mapping. /proc/pid/attr/ – security attributes (e.g., SELinux context). /proc/pid/oom_adj and /proc/pid/oom_score – OOM killer preferences.

/proc/self and /proc/thread-self

/proc/self

is a symlink to the calling process's /proc/<pid> directory, while /proc/thread-self points to /proc/<pid>/task/<tid>, allowing threads to access their own view.

Security Attributes

The /proc/pid/attr hierarchy provides an API for security modules. Important files include: current – current security context. exec – context used for execve(2) operations. fscreate, keycreate, socketcreate – control creation permissions for files, keys, and sockets.

These files are only present if the kernel is compiled with CONFIG_SECURITY.

Memory‑Related Files

/proc/pid/mem

– allows reading/writing a process's memory via open, read, seek. /proc/pid/clear_refs – write‑only file to reset page reference bits for memory‑usage measurement. /proc/pid/statm – simple memory usage summary (size, resident, shared, text, lib, data, dirty).

Namespace and Cgroup Information

Directories such as /proc/pid/ns/ expose namespace handles (ipc, net, uts) that can be manipulated with setns(2). The /proc/pid/cgroup file references cgroup membership (see cgroups(7)).

Network Information

The /proc/net subtree contains ASCII files describing network state: /proc/net/arp – ARP table. /proc/net/dev – per‑interface statistics (bytes, packets, errors). /proc/net/tcp, /proc/net/udp – socket tables. /proc/net/unix – UNIX domain sockets.

System‑Wide Files

/proc/cpuinfo

– CPU and architecture details. /proc/meminfo – current memory usage statistics. /proc/modules – loaded kernel modules. /proc/mounts and /proc/mountinfo – mounted filesystems and their options. /proc/stat – overall kernel and CPU statistics. /proc/sys – tunable kernel parameters.

Practical Commands

Examples for inspecting process information:

# List the current working directory of a process
cd /proc/4451/cwd; /bin/pwd
# Show environment variables of a process
cat /proc/4451/environ | tr '\0' '
'
# Read the command line of a process
cat /proc/$$/cmdline
# Display memory maps
cat /proc/$$/maps
# Show SELinux context (if enabled)
cat /proc/$$/attr/current

These commands illustrate how to navigate the /proc filesystem to obtain detailed runtime information for debugging, performance analysis, and security auditing.