I would appreciate it if you could read the details in Read all the contents of proc / [pid].
# sleep 365d > /dev/null &
[1] 3792
# ls /proc/3792
attr cwd map_files oom_adj schedstat task
autogroup environ maps oom_score sessionid timers
auxv exe mem oom_score_adj setgroups uid_map
cgroup fd mountinfo pagemap smaps wchan
clear_refs fdinfo mounts patch_state stack
cmdline gid_map mountstats personality stat
comm io net projid_map statm
coredump_filter limits ns root status
cpuset loginuid numa_maps sched syscall
# cd /proc/3792
attr/
# ls attr/
current exec fscreate keycreate prev sockcreate
# cat current
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
# cat prev
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
It was an empty file except for current and prev.
Upon examination, these files seem to be referenced by SELinux features.
In Linux, you can manage read, write, and execute permissions for files and directories with a function called permissions, and an extension of that is a function called SELinux.
It seems that it is managed by the value of SELinux context instead of permission.
It seems that current describes the SELinux context of this process itself, and prev describes the SELinux context of the immediately executed process. (It is not well understood)
The SELinux context set in the file created by this process seems to be written in ʻexec, Since / proc / 3792 / exec` this time is an empty file, it seems to be created with the default value.
You can check the default value here.
# semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ unconfined_u s0-s0:c0.c1023 *
root unconfined_u s0-s0:c0.c1023 *
system_u system_u s0-s0:c0.c1023 *
I will study SELinux in the future.
autogroup
# cat autogroup
/autogroup-401 nice 0
It seems that the value used by the CPU for scheduling is described.
auxv
# ll | grep auxv
-r--------. 1 root root 0 Jan 12 05:09 auxv
# cat auxv
! Temple
d@@Awa d
捐 beef ゚ class P sucking
# od -x auxv
0000000 0021 0000 0000 0000 0000 9fbb 7fff 0000
0000020 0010 0000 0000 0000 fbff 1f8b 0000 0000
0000040 0006 0000 0000 0000 1000 0000 0000 0000
0000060 0011 0000 0000 0000 0064 0000 0000 0000
0000100 0003 0000 0000 0000 0040 0040 0000 0000
0000120 0004 0000 0000 0000 0038 0000 0000 0000
....
Contains ELF interpreter information passed to the process at run time. http://surf.ml.seikei.ac.jp/~nakano/JMwww/html/LDP_man-pages/man5/proc.5.html
And that. It seems that auxv is an auxiliary vector.
I tried ʻodandhexdump, but I couldn't understand it because of the enumeration of numbers. Even if you hit file aux v, it will be displayed as ./auxv: empty`, probably because it is a special file.
It seems that the purpose is to read through some function.
It seems that the executable file has a format called ELF. It seems that the header information is described. I didn't know how to fix the garbled characters.
cgroup
# cat cgroup
11:cpuset:/
10:blkio:/
9:devices:/user.slice
8:hugetlb:/
7:net_prio,net_cls:/
6:perf_event:/
5:memory:/
4:cpuacct,cpu:/
3:pids:/
2:freezer:/
1:name=systemd:/user.slice/user-1000.slice/session-89.scope
cgroup is a feature that allows you to set limits on processes. It seems that you can set the CPU usage rate and the upper limit of memory in detail. Upward compatible with autogroup.
From left: Hierarchy ID number: Set of subsystems associated with the hierarchy: Control group in the hierarchy to which the process belongs
That's right. Study required.
clear_refs
# cat clear_refs
cat: clear_refs: Invalid argument
I got angry when I cated.
# ll clear_refs
--w-------. 1 root root 0 Jan 11 06:40 clear_refs
I had only write privileges with root privileges.
I opened it with vi clear_refs but it was an empty file.
Refer to when measuring memory? It seems. I didn't understand too much.
If the permissions are only for writing, such as -w -------, It is intended to do something by writing data to that file.
I received a comment. It seems that some operation is performed through this file. I want to be able to read the source code of the kernel? CentOS ?. cmdline
# cat cmdline
sleep365d
# tr \\0 _ < cmdline
sleep_365d_
The command executed when the process started. It seems that arguments (such as ls -l) are also displayed. The delimiter was \ 0 (NULL).
comm
# cat comm
sleep
The command name displayed by ps -c.
coredump_filter
# cat coredump_filter
00000033
It seems that it is a bit filter setting of the error that is thrown when the process terminates abnormally. I don't know what mask each 00000033 is.
spuset
# cat cpuset
/
It seems to be referenced by cgroup. I searched a lot, but I'm sorry.
There were too many things I didn't understand. I'm worried if the article I tweet is meaningful if I don't understand it. In the first place, there were many contents such as "Is this item used now ...?", And I could not distinguish it. I definitely want to hold down the cgroup.
http://blue-9.hatenadiary.com/entry/2017/03/14/212929 http://www.usupi.org/sysad/024.html http://man7.org/linux/man-pages/man5/proc.5.html https://www.atmarkit.co.jp/flinux/rensai/watch2007/watch10a.html https://access.redhat.com/documentation/ja-jp/red_hat_enterprise_linux/6/html/resource_management_guide/sec-cpuset https://blog.goo.ne.jp/tell14/e/d03e57fbe77a73f7991da7016824cfbf http://manpages.ubuntu.com/manpages/bionic/ja/man5/proc.5.html
Recommended Posts