Unlocking Linux Secrets: A Deep Dive into the /proc Virtual Filesystem

Introduction to /proc

In Linux, the /proc directory is a virtual filesystem that provides an interface to kernel data structures, allowing users to view and modify various system attributes. It is usually automatically mounted at /proc, but can also be mounted manually. mount -t proc proc /proc Most files under /proc are read‑only; some are writable and can be used to change kernel configuration.

Key Directories

/proc/[pid]

Each running process has a numeric PID directory containing information about that process. Subdirectories such as task hold per‑thread data, and symbolic links like /proc/self refer to the calling process.

ls -al /proc/1234

/proc/self

A symbolic link that points to the caller's own /proc/[pid] directory.

ls -al /proc/self

/proc/thread-self

Links to the current thread's /proc/[pid]/task/[tid] directory.

ls -al /proc/thread-self

/proc/[a‑z]*

Various other files under /proc expose system information such as CPU, memory, mounted filesystems, network statistics, and security attributes.

Important Files

/proc/[pid]/attr – Security‑module interface (e.g., SELinux) providing files like current, exec, fscreate, etc.

/proc/[pid]/autogroup – See sched(7).

/proc/[pid]/auxv – ELF auxiliary vector passed to the process.

/proc/[pid]/cgroup – See cgroups(7).

/proc/[pid]/clear_refs – Writable file to reset page‑reference bits; accepts specific numeric values depending on kernel version.

/proc/[pid]/cmdline – Full command line of the process (empty for zombies).

/proc/[pid]/comm – Short command name; can be read or written via prctl or pthread_setname_np.

/proc/[pid]/environ – Environment variables of the process, NUL‑separated.

/proc/[pid]/exe – Symbolic link to the executable binary.

/proc/[pid]/fd – Directory of open file descriptors (0 = stdin, 1 = stdout, 2 = stderr).

/proc/[pid]/fdinfo – Detailed information about each file descriptor.

/proc/[pid]/limits – Soft and hard resource limits.

/proc/[pid]/maps – Memory mappings with address, permissions, offset, device, inode, and pathname.

/proc/[pid]/mem – Allows reading/writing the process's memory via open, read, seek.

/proc/[pid]/mountinfo – Detailed mount information (mount ID, parent ID, device, root, mount point, options, filesystem type, source, super options).

/proc/[pid]/ns – Namespace links (ipc, net, uts) that can be entered with setns.

/proc/[pid]/status – Human‑readable version of /proc/[pid]/stat and /proc/[pid]/statm, showing UID, GID, memory usage, threads, capabilities, etc.

/proc/[pid]/task – Subdirectory for each thread (tid) containing the same hierarchy as /proc/[pid].

System‑Wide Files

/proc/cmdline – Kernel command‑line parameters passed at boot.

/proc/cpuinfo – CPU model, cores, and other hardware details.

/proc/meminfo – Current memory usage statistics.

/proc/modules – List of loaded kernel modules.

/proc/net – Network‑related virtual files (e.g., arp, dev, tcp, udp, unix) providing statistics and socket information.

/proc/stat – Kernel and system statistics.

/proc/sys – Tunable kernel parameters.

Examples

# Show the working directory of a process
cd /proc/4451/cwd; /bin/pwd

# Print environment variables of a process
cat /proc/4451/environ | tr '\000' '
'

# List open file descriptor information
cat /proc/5040/fdinfo/99