The ‘pseudo’ file system

In the magic Linux world 🐧 there is one specific entity with the label ‘pseudo file system’. It sits tight and altough is a little bit jealous that it’s not part of the /etc/fstab it’s the kernel best sharing friend and exposes all of its secrets.

After this introduction it’s time to give a down to earth explanation. In Linux you have a directory with the path and name /proc, which for the most part exposes each process that is running. If you wake up one day really curious about the number of open files a process is currently handling this is the best place to go.

Let’s visit this land with our best below buddy.

import threading
import time
import os
    
print("PID: {0}".format(os.getpid()))
        
def write(filename, n):
    with open(filename, "w") as f:
        f.write("vip msg")
        f.flush()
        time.sleep(100)
    
threads = []
    
for i in range(0, 10):
    filename = "file-{0}".format(str(i))
    t = threading.Thread(target=write, args=(filename, i,))
    threads.append(t)
for t in threads:
    t.start()
for t in threads:
    t.join()

Long story short we are opening 10 files at once, write very important message to each one of them and wait for some time each worker.

python3 write.py
PID: 16899

Now let’s go to our visit place and see how it’s doing on one of its addresses 16899.

cd /proc/16899/
/proc/16899$ ls
arch_status         exe                mem            personality   status
attr                fd                 mountinfo      projid_map    syscall
autogroup           fdinfo             mounts         root          task
auxv                gid_map            mountstats     sched         timens_offsets
cgroup              io                 net            schedstat     timers
clear_refs          ksm_merging_pages  ns             sessionid     timerslack_ns
cmdline             ksm_stat           numa_maps      setgroups     uid_map
comm                latency            oom_adj        smaps         wchan
coredump_filter     limits             oom_score      smaps_rollup
cpu_resctrl_groups  loginuid           oom_score_adj  stack
cwd                 map_files          pagemap        stat
environ             maps               patch_state    statm

cmdline

environ

fd

fdinfo

limits

mounts

status

task

io

stack

From userland activity there are a few valuable piece of information that we could grab, specificially about processes. Once we get the process ID we care about ( ps -ef ) there are many options, but as a starter we could get the command the process was intitially launched with and the environment variables dedicated to it.

🐧
cat /proc/[pid]/cmdline
cat /proc/[pid]/environ
🐧

And of course all the file descriptors dedicated to this process. In lean times there are only 3 of them :)

tree /proc/[pid]/fd/
/proc/[pid]/fd/
├── 0 -> /dev/pts/0
├── 1 -> /dev/pts/0
└── 2 -> /dev/pts/0