{ "mode": "man", "parameter": "procfs", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/procfs/5/json", "generated": "2026-06-13T13:55:35Z", "sections": { "NAME": { "content": "proc - process information pseudo-filesystem\n", "subsections": [] }, "DESCRIPTION": { "content": "The proc filesystem is a pseudo-filesystem which provides an interface to kernel data struc‐\ntures. It is commonly mounted at /proc. Typically, it is mounted automatically by the sys‐\ntem, but it can also be mounted manually using a command such as:\n\nmount -t proc proc /proc\n\nMost of the files in the proc filesystem are read-only, but some files are writable, allowing\nkernel variables to be changed.\n", "subsections": [ { "name": "Mount options", "content": "The proc filesystem supports the following mount options:\n\nhidepid=n (since Linux 3.3)\nThis option controls who can access the information in /proc/[pid] directories. The\nargument, n, is one of the following values:\n\n0 Everybody may access all /proc/[pid] directories. This is the traditional behav‐\nior, and the default if this mount option is not specified.\n\n1 Users may not access files and subdirectories inside any /proc/[pid] directories\nbut their own (the /proc/[pid] directories themselves remain visible). Sensitive\nfiles such as /proc/[pid]/cmdline and /proc/[pid]/status are now protected against\nother users. This makes it impossible to learn whether any user is running a spe‐\ncific program (so long as the program doesn't otherwise reveal itself by its be‐\nhavior).\n\n2 As for mode 1, but in addition the /proc/[pid] directories belonging to other\nusers become invisible. This means that /proc/[pid] entries can no longer be used\nto discover the PIDs on the system. This doesn't hide the fact that a process\nwith a specific PID value exists (it can be learned by other means, for example,\nby \"kill -0 $PID\"), but it hides a process's UID and GID, which could otherwise be\nlearned by employing stat(2) on a /proc/[pid] directory. This greatly complicates\nan attacker's task of gathering information about running processes (e.g., discov‐\nering whether some daemon is running with elevated privileges, whether another\nuser is running some sensitive program, whether other users are running any pro‐\ngram at all, and so on).\n\ngid=gid (since Linux 3.3)\nSpecifies the ID of a group whose members are authorized to learn process information\notherwise prohibited by hidepid (i.e., users in this group behave as though /proc was\nmounted with hidepid=0). This group should be used instead of approaches such as\nputting nonroot users into the sudoers(5) file.\n" }, { "name": "Overview", "content": "Underneath /proc, there are the following general groups of files and subdirectories:\n\n/proc/[pid] subdirectories\nEach one of these subdirectories contains files and subdirectories exposing informa‐\ntion about the process with the corresponding process ID.\n\nUnderneath each of the /proc/[pid] directories, a task subdirectory contains subdirec‐\ntories of the form task/[tid], which contain corresponding information about each of\nthe threads in the process, where tid is the kernel thread ID of the thread.\n\nThe /proc/[pid] subdirectories are visible when iterating through /proc with get‐‐\ndents(2) (and thus are visible when one uses ls(1) to view the contents of /proc).\n\n/proc/[tid] subdirectories\nEach one of these subdirectories contains files and subdirectories exposing informa‐\ntion about the thread with the corresponding thread ID. The contents of these direc‐\ntories are the same as the corresponding /proc/[pid]/task/[tid] directories.\n\nThe /proc/[tid] subdirectories are not visible when iterating through /proc with get‐‐\ndents(2) (and thus are not visible when one uses ls(1) to view the contents of /proc).\n\n/proc/self\nWhen a process accesses this magic symbolic link, it resolves to the process's own\n/proc/[pid] directory.\n\n/proc/thread-self\nWhen a thread accesses this magic symbolic link, it resolves to the process's own\n/proc/self/task/[tid] directory.\n\n/proc/[a-z]*\nVarious other files and subdirectories under /proc expose system-wide information.\n\nAll of the above are described in more detail below.\n" }, { "name": "Files and directories", "content": "The following list provides details of many of the files and directories under the /proc hi‐\nerarchy.\n\n/proc/[pid]\nThere is a numerical subdirectory for each running process; the subdirectory is named\nby the process ID. Each /proc/[pid] subdirectory contains the pseudo-files and direc‐\ntories described below.\n\nThe files inside each /proc/[pid] directory are normally owned by the effective user\nand effective group ID of the process. However, as a security measure, the ownership\nis made root:root if the process's \"dumpable\" attribute is set to a value other than\n1.\n\nBefore Linux 4.11, root:root meant the \"global\" root user ID and group ID (i.e., UID 0\nand GID 0 in the initial user namespace). Since Linux 4.11, if the process is in a\nnoninitial user namespace that has a valid mapping for user (group) ID 0 inside the\nnamespace, then the user (group) ownership of the files under /proc/[pid] is instead\nmade the same as the root user (group) ID of the namespace. This means that inside a\ncontainer, things work as expected for the container \"root\" user.\n\nThe process's \"dumpable\" attribute may change for the following reasons:\n\n* The attribute was explicitly set via the prctl(2) PRSETDUMPABLE operation.\n\n* The attribute was reset to the value in the file /proc/sys/fs/suiddumpable (de‐\nscribed below), for the reasons described in prctl(2).\n\nResetting the \"dumpable\" attribute to 1 reverts the ownership of the /proc/[pid]/*\nfiles to the process's effective UID and GID. Note, however, that if the effective\nUID or GID is subsequently modified, then the \"dumpable\" attribute may be reset, as\ndescribed in prctl(2). Therefore, it may be desirable to reset the \"dumpable\" attri‐\nbute after making any desired changes to the process's effective UID or GID.\n\n/proc/[pid]/attr\nThe files in this directory provide an API for security modules. The contents of this\ndirectory are files that can be read and written in order to set security-related at‐\ntributes. This directory was added to support SELinux, but the intention was that the\nAPI be general enough to support other security modules. For the purpose of explana‐\ntion, examples of how SELinux uses these files are provided below.\n\nThis directory is present only if the kernel was configured with CONFIGSECURITY.\n\n/proc/[pid]/attr/current (since Linux 2.6.0)\nThe contents of this file represent the current security attributes of the process.\n\nIn SELinux, this file is used to get the security context of a process. Prior to\nLinux 2.6.11, this file could not be used to set the security context (a write was al‐\nways denied), since SELinux limited process security transitions to execve(2) (see the\ndescription of /proc/[pid]/attr/exec, below). Since Linux 2.6.11, SELinux lifted this\nrestriction and began supporting \"set\" operations via writes to this node if autho‐\nrized by policy, although use of this operation is only suitable for applications that\nare trusted to maintain any desired separation between the old and new security con‐\ntexts.\n\nPrior to Linux 2.6.28, SELinux did not allow threads within a multithreaded process to\nset their security context via this node as it would yield an inconsistency among the\nsecurity contexts of the threads sharing the same memory space. Since Linux 2.6.28,\nSELinux lifted this restriction and began supporting \"set\" operations for threads\nwithin a multithreaded process if the new security context is bounded by the old secu‐\nrity context, where the bounded relation is defined in policy and guarantees that the\nnew security context has a subset of the permissions of the old security context.\n\nOther security modules may choose to support \"set\" operations via writes to this node.\n\n/proc/[pid]/attr/exec (since Linux 2.6.0)\nThis file represents the attributes to assign to the process upon a subsequent ex‐‐\necve(2).\n\nIn SELinux, this is needed to support role/domain transitions, and execve(2) is the\npreferred point to make such transitions because it offers better control over the\ninitialization of the process in the new security label and the inheritance of state.\nIn SELinux, this attribute is reset on execve(2) so that the new program reverts to\nthe default behavior for any execve(2) calls that it may make. In SELinux, a process\ncan set only its own /proc/[pid]/attr/exec attribute.\n\n/proc/[pid]/attr/fscreate (since Linux 2.6.0)\nThis file represents the attributes to assign to files created by subsequent calls to\nopen(2), mkdir(2), symlink(2), and mknod(2)\n\nSELinux employs this file to support creation of a file (using the aforementioned sys‐\ntem calls) in a secure state, so that there is no risk of inappropriate access being\nobtained between the time of creation and the time that attributes are set. In\nSELinux, this attribute is reset on execve(2), so that the new program reverts to the\ndefault behavior for any file creation calls it may make, but the attribute will per‐\nsist across multiple file creation calls within a program unless it is explicitly re‐\nset. In SELinux, a process can set only its own /proc/[pid]/attr/fscreate attribute.\n\n/proc/[pid]/attr/keycreate (since Linux 2.6.18)\nIf a process writes a security context into this file, all subsequently created keys\n(addkey(2)) will be labeled with this context. For further information, see the ker‐\nnel source file Documentation/security/keys/core.rst (or file Documentation/secu‐\nrity/keys.txt on Linux between 3.0 and 4.13, or Documentation/keys.txt before Linux\n3.0).\n\n/proc/[pid]/attr/prev (since Linux 2.6.0)\nThis file contains the security context of the process before the last execve(2); that\nis, the previous value of /proc/[pid]/attr/current.\n\n/proc/[pid]/attr/socketcreate (since Linux 2.6.18)\nIf a process writes a security context into this file, all subsequently created sock‐\nets will be labeled with this context.\n\n/proc/[pid]/autogroup (since Linux 2.6.38)\nSee sched(7).\n\n/proc/[pid]/auxv (since 2.6.0)\nThis contains the contents of the ELF interpreter information passed to the process at\nexec time. The format is one unsigned long ID plus one unsigned long value for each\nentry. The last entry contains two zeros. See also getauxval(3).\n\nPermission to access this file is governed by a ptrace access mode\nPTRACEMODEREADFSCREDS check; see ptrace(2).\n\n/proc/[pid]/cgroup (since Linux 2.6.24)\nSee cgroups(7).\n\n/proc/[pid]/clearrefs (since Linux 2.6.22)\n\nThis is a write-only file, writable only by owner of the process.\n\nThe following values may be written to the file:\n\n1 (since Linux 2.6.22)\nReset the PGReferenced and ACCESSED/YOUNG bits for all the pages associated\nwith the process. (Before kernel 2.6.32, writing any nonzero value to this\nfile had this effect.)\n\n2 (since Linux 2.6.32)\nReset the PGReferenced and ACCESSED/YOUNG bits for all anonymous pages associ‐\nated with the process.\n\n3 (since Linux 2.6.32)\nReset the PGReferenced and ACCESSED/YOUNG bits for all file-mapped pages asso‐\nciated with the process.\n\nClearing the PGReferenced and ACCESSED/YOUNG bits provides a method to measure ap‐\nproximately how much memory a process is using. One first inspects the values in the\n\"Referenced\" fields for the VMAs shown in /proc/[pid]/smaps to get an idea of the mem‐\nory footprint of the process. One then clears the PGReferenced and ACCESSED/YOUNG\nbits and, after some measured time interval, once again inspects the values in the\n\"Referenced\" fields to get an idea of the change in memory footprint of the process\nduring the measured interval. If one is interested only in inspecting the selected\nmapping types, then the value 2 or 3 can be used instead of 1.\n\nFurther values can be written to affect different properties:\n\n4 (since Linux 3.11)\nClear the soft-dirty bit for all the pages associated with the process. This\nis used (in conjunction with /proc/[pid]/pagemap) by the check-point restore\nsystem to discover which pages of a process have been dirtied since the file\n/proc/[pid]/clearrefs was written to.\n\n5 (since Linux 4.0)\nReset the peak resident set size (\"high water mark\") to the process's current\nresident set size value.\n\nWriting any value to /proc/[pid]/clearrefs other than those listed above has no ef‐\nfect.\n\nThe /proc/[pid]/clearrefs file is present only if the CONFIGPROCPAGEMONITOR kernel\nconfiguration option is enabled.\n\n/proc/[pid]/cmdline\nThis read-only file holds the complete command line for the process, unless the\nprocess is a zombie. In the latter case, there is nothing in this file: that is, a\nread on this file will return 0 characters. The command-line arguments appear in this\nfile as a set of strings separated by null bytes ('\\0'), with a further null byte af‐\nter the last string.\n\nIf, after an execve(2), the process modifies its argv strings, those changes will show\nup here. This is not the same thing as modifying the argv array.\n\nFurthermore, a process may change the memory location that this file refers via\nprctl(2) operations such as PRSETMMARGSTART.\n\nThink of this file as the command line that the process wants you to see.\n\n/proc/[pid]/comm (since Linux 2.6.33)\nThis file exposes the process's comm value—that is, the command name associated with\nthe process. Different threads in the same process may have different comm values,\naccessible via /proc/[pid]/task/[tid]/comm. A thread may modify its comm value, or\nthat of any of other thread in the same thread group (see the discussion of\nCLONETHREAD in clone(2)), by writing to the file /proc/self/task/[tid]/comm. Strings\nlonger than TASKCOMMLEN (16) characters (including the terminating null byte) are\nsilently truncated.\n\nThis file provides a superset of the prctl(2) PRSETNAME and PRGETNAME operations,\nand is employed by pthreadsetnamenp(3) when used to rename threads other than the\ncaller. The value in this file is used for the %e specifier in /proc/sys/ker‐\nnel/corepattern; see core(5).\n\n/proc/[pid]/coredumpfilter (since Linux 2.6.23)\nSee core(5).\n\n/proc/[pid]/cpuset (since Linux 2.6.12)\nSee cpuset(7).\n\n/proc/[pid]/cwd\nThis is a symbolic link to the current working directory of the process. To find out\nthe current working directory of process 20, for instance, you can do this:\n\n$ cd /proc/20/cwd; pwd -P\n\nIn a multithreaded process, the contents of this symbolic link are not available if\nthe main thread has already terminated (typically by calling pthreadexit(3)).\n\nPermission to dereference or read (readlink(2)) this symbolic link is governed by a\nptrace access mode PTRACEMODEREADFSCREDS check; see ptrace(2).\n\n/proc/[pid]/environ\nThis file contains the initial environment that was set when the currently executing\nprogram was started via execve(2). The entries are separated by null bytes ('\\0'),\nand there may be a null byte at the end. Thus, to print out the environment of\nprocess 1, you would do:\n\n$ cat /proc/1/environ | tr '\\000' '\\n'\n\nIf, after an execve(2), the process modifies its environment (e.g., by calling func‐\ntions such as putenv(3) or modifying the environ(7) variable directly), this file will\nnot reflect those changes.\n\nFurthermore, a process may change the memory location that this file refers via\nprctl(2) operations such as PRSETMMENVSTART.\n\nPermission to access this file is governed by a ptrace access mode\nPTRACEMODEREADFSCREDS check; see ptrace(2).\n\n/proc/[pid]/exe\nUnder Linux 2.2 and later, this file is a symbolic link containing the actual pathname\nof the executed command. This symbolic link can be dereferenced normally; attempting\nto open it will open the executable. You can even type /proc/[pid]/exe to run another\ncopy of the same executable that is being run by process [pid]. If the pathname has\nbeen unlinked, the symbolic link will contain the string '(deleted)' appended to the\noriginal pathname. In a multithreaded process, the contents of this symbolic link are\nnot available if the main thread has already terminated (typically by calling\npthreadexit(3)).\n\nPermission to dereference or read (readlink(2)) this symbolic link is governed by a\nptrace access mode PTRACEMODEREADFSCREDS check; see ptrace(2).\n\nUnder Linux 2.0 and earlier, /proc/[pid]/exe is a pointer to the binary which was exe‐\ncuted, and appears as a symbolic link. A readlink(2) call on this file under Linux\n2.0 returns a string in the format:\n\n[device]:inode\n\nFor example, [0301]:1502 would be inode 1502 on device major 03 (IDE, MFM, etc.\ndrives) minor 01 (first partition on the first drive).\n\nfind(1) with the -inum option can be used to locate the file.\n\n/proc/[pid]/fd/\nThis is a subdirectory containing one entry for each file which the process has open,\nnamed by its file descriptor, and which is a symbolic link to the actual file. Thus,\n0 is standard input, 1 standard output, 2 standard error, and so on.\n\nFor file descriptors for pipes and sockets, the entries will be symbolic links whose\ncontent is the file type with the inode. A readlink(2) call on this file returns a\nstring in the format:\n\ntype:[inode]\n\nFor example, socket:[2248868] will be a socket and its inode is 2248868. For sockets,\nthat inode can be used to find more information in one of the files under /proc/net/.\n\nFor file descriptors that have no corresponding inode (e.g., file descriptors produced\nby bpf(2), epollcreate(2), eventfd(2), inotifyinit(2), perfeventopen(2), sig‐‐\nnalfd(2), timerfdcreate(2), and userfaultfd(2)), the entry will be a symbolic link\nwith contents of the form\n\nanoninode:\n\nIn many cases (but not all), the file-type is surrounded by square brackets.\n\nFor example, an epoll file descriptor will have a symbolic link whose content is the\nstring anoninode:[eventpoll].\n\nIn a multithreaded process, the contents of this directory are not available if the\nmain thread has already terminated (typically by calling pthreadexit(3)).\n\nPrograms that take a filename as a command-line argument, but don't take input from\nstandard input if no argument is supplied, and programs that write to a file named as\na command-line argument, but don't send their output to standard output if no argument\nis supplied, can nevertheless be made to use standard input or standard output by us‐\ning /proc/[pid]/fd files as command-line arguments. For example, assuming that -i is\nthe flag designating an input file and -o is the flag designating an output file:\n\n$ foobar -i /proc/self/fd/0 -o /proc/self/fd/1 ...\n\nand you have a working filter.\n\n/proc/self/fd/N is approximately the same as /dev/fd/N in some UNIX and UNIX-like sys‐\ntems. Most Linux MAKEDEV scripts symbolically link /dev/fd to /proc/self/fd, in fact.\n\nMost systems provide symbolic links /dev/stdin, /dev/stdout, and /dev/stderr, which\nrespectively link to the files 0, 1, and 2 in /proc/self/fd. Thus the example command\nabove could be written as:\n\n$ foobar -i /dev/stdin -o /dev/stdout ...\n\nPermission to dereference or read (readlink(2)) the symbolic links in this directory\nis governed by a ptrace access mode PTRACEMODEREADFSCREDS check; see ptrace(2).\n\nNote that for file descriptors referring to inodes (pipes and sockets, see above),\nthose inodes still have permission bits and ownership information distinct from those\nof the /proc/[pid]/fd entry, and that the owner may differ from the user and group IDs\nof the process. An unprivileged process may lack permissions to open them, as in this\nexample:\n\n$ echo test | sudo -u nobody cat\ntest\n$ echo test | sudo -u nobody cat /proc/self/fd/0\ncat: /proc/self/fd/0: Permission denied\n\nFile descriptor 0 refers to the pipe created by the shell and owned by that shell's\nuser, which is not nobody, so cat does not have permission to create a new file de‐\nscriptor to read from that inode, even though it can still read from its existing file\ndescriptor 0.\n\n/proc/[pid]/fdinfo/ (since Linux 2.6.22)\nThis is a subdirectory containing one entry for each file which the process has open,\nnamed by its file descriptor. The files in this directory are readable only by the\nowner of the process. The contents of each file can be read to obtain information\nabout the corresponding file descriptor. The content depends on the type of file re‐\nferred to by the corresponding file descriptor.\n\nFor regular files and directories, we see something like:\n\n$ cat /proc/12015/fdinfo/4\npos: 1000\nflags: 01002002\nmntid: 21\n\nThe fields are as follows:\n\npos This is a decimal number showing the file offset.\n\nflags This is an octal number that displays the file access mode and file status\nflags (see open(2)). If the close-on-exec file descriptor flag is set, then\nflags will also include the value OCLOEXEC.\n\nBefore Linux 3.1, this field incorrectly displayed the setting of OCLOEXEC at\nthe time the file was opened, rather than the current setting of the close-on-\nexec flag.\n\nmntid This field, present since Linux 3.15, is the ID of the mount point containing\nthis file. See the description of /proc/[pid]/mountinfo.\n\nFor eventfd file descriptors (see eventfd(2)), we see (since Linux 3.8) the following\nfields:\n\npos: 0\nflags: 02\nmntid: 10\neventfd-count: 40\n\neventfd-count is the current value of the eventfd counter, in hexadecimal.\n\nFor epoll file descriptors (see epoll(7)), we see (since Linux 3.8) the following\nfields:\n\npos: 0\nflags: 02\nmntid: 10\ntfd: 9 events: 19 data: 74253d2500000009\ntfd: 7 events: 19 data: 74253d2500000007\n\nEach of the lines beginning tfd describes one of the file descriptors being monitored\nvia the epoll file descriptor (see epollctl(2) for some details). The tfd field is\nthe number of the file descriptor. The events field is a hexadecimal mask of the\nevents being monitored for this file descriptor. The data field is the data value as‐\nsociated with this file descriptor.\n\nFor signalfd file descriptors (see signalfd(2)), we see (since Linux 3.8) the follow‐\ning fields:\n\npos: 0\nflags: 02\nmntid: 10\nsigmask: 0000000000000006\n\nsigmask is the hexadecimal mask of signals that are accepted via this signalfd file\ndescriptor. (In this example, bits 2 and 3 are set, corresponding to the signals SIG‐‐\nINT and SIGQUIT; see signal(7).)\n\nFor inotify file descriptors (see inotify(7)), we see (since Linux 3.8) the following\nfields:\n\npos: 0\nflags: 00\nmntid: 11\ninotify wd:2 ino:7ef82a sdev:800001 mask:800afff ignoredmask:0 fhandle-bytes:8 fhandle-type:1 fhandle:2af87e00220ffd73\ninotify wd:1 ino:192627 sdev:800001 mask:800afff ignoredmask:0 fhandle-bytes:8 fhandle-type:1 fhandle:27261900802dfd73\n\nEach of the lines beginning with \"inotify\" displays information about one file or di‐\nrectory that is being monitored. The fields in this line are as follows:\n\nwd A watch descriptor number (in decimal).\n\nino The inode number of the target file (in hexadecimal).\n\nsdev The ID of the device where the target file resides (in hexadecimal).\n\nmask The mask of events being monitored for the target file (in hexadecimal).\n\nIf the kernel was built with exportfs support, the path to the target file is exposed\nas a file handle, via three hexadecimal fields: fhandle-bytes, fhandle-type, and\nfhandle.\n\nFor fanotify file descriptors (see fanotify(7)), we see (since Linux 3.8) the follow‐\ning fields:\n\npos: 0\nflags: 02\nmntid: 11\nfanotify flags:0 event-flags:88002\nfanotify ino:19264f sdev:800001 mflags:0 mask:1 ignoredmask:0 fhandle-bytes:8 fhandle-type:1 fhandle:4f261900a82dfd73\n\nThe fourth line displays information defined when the fanotify group was created via\nfanotifyinit(2):\n\nflags The flags argument given to fanotifyinit(2) (expressed in hexadecimal).\n\nevent-flags\nThe eventfflags argument given to fanotifyinit(2) (expressed in hexadeci‐\nmal).\n\nEach additional line shown in the file contains information about one of the marks in\nthe fanotify group. Most of these fields are as for inotify, except:\n\nmflags The flags associated with the mark (expressed in hexadecimal).\n\nmask The events mask for this mark (expressed in hexadecimal).\n\nignoredmask\nThe mask of events that are ignored for this mark (expressed in hexadecimal).\n\nFor details on these fields, see fanotifymark(2).\n\nFor timerfd file descriptors (see timerfd(2)), we see (since Linux 3.17) the following\nfields:\n\npos: 0\nflags: 02004002\nmntid: 13\nclockid: 0\nticks: 0\nsettime flags: 03\nitvalue: (7695568592, 640020877)\nitinterval: (0, 0)\n\nclockid\nThis is the numeric value of the clock ID (corresponding to one of the CLOCK*\nconstants defined via ) that is used to mark the progress of the timer\n(in this example, 0 is CLOCKREALTIME).\n\nticks This is the number of timer expirations that have occurred, (i.e., the value\nthat read(2) on it would return).\n\nsettime flags\nThis field lists the flags with which the timerfd was last armed (see\ntimerfdsettime(2)), in octal (in this example, both TFDTIMERABSTIME and\nTFDTIMERCANCELONSET are set).\n\nitvalue\nThis field contains the amount of time until the timer will next expire, ex‐\npressed in seconds and nanoseconds. This is always expressed as a relative\nvalue, regardless of whether the timer was created using the TFDTIMERABSTIME\nflag.\n\nitinterval\nThis field contains the interval of the timer, in seconds and nanoseconds.\n(The itvalue and itinterval fields contain the values that timerfdgettime(2)\non this file descriptor would return.)\n\n/proc/[pid]/gidmap (since Linux 3.5)\nSee usernamespaces(7).\n\n/proc/[pid]/io (since kernel 2.6.20)\nThis file contains I/O statistics for the process, for example:\n\n# cat /proc/3828/io\nrchar: 323934931\nwchar: 323929600\nsyscr: 632687\nsyscw: 632675\nreadbytes: 0\nwritebytes: 323932160\ncancelledwritebytes: 0\n\nThe fields are as follows:\n\nrchar: characters read\nThe number of bytes which this task has caused to be read from storage. This\nis simply the sum of bytes which this process passed to read(2) and similar\nsystem calls. It includes things such as terminal I/O and is unaffected by\nwhether or not actual physical disk I/O was required (the read might have been\nsatisfied from pagecache).\n\nwchar: characters written\nThe number of bytes which this task has caused, or shall cause to be written to\ndisk. Similar caveats apply here as with rchar.\n\nsyscr: read syscalls\nAttempt to count the number of read I/O operations—that is, system calls such\nas read(2) and pread(2).\n\nsyscw: write syscalls\nAttempt to count the number of write I/O operations—that is, system calls such\nas write(2) and pwrite(2).\n\nreadbytes: bytes read\nAttempt to count the number of bytes which this process really did cause to be\nfetched from the storage layer. This is accurate for block-backed filesystems.\n\nwritebytes: bytes written\nAttempt to count the number of bytes which this process caused to be sent to\nthe storage layer.\n\ncancelledwritebytes:\nThe big inaccuracy here is truncate. If a process writes 1 MB to a file and\nthen deletes the file, it will in fact perform no writeout. But it will have\nbeen accounted as having caused 1 MB of write. In other words: this field rep‐\nresents the number of bytes which this process caused to not happen, by trun‐\ncating pagecache. A task can cause \"negative\" I/O too. If this task truncates\nsome dirty pagecache, some I/O which another task has been accounted for (in\nits writebytes) will not be happening.\n\nNote: In the current implementation, things are a bit racy on 32-bit systems: if\nprocess A reads process B's /proc/[pid]/io while process B is updating one of these\n64-bit counters, process A could see an intermediate result.\n\nPermission to access this file is governed by a ptrace access mode\nPTRACEMODEREADFSCREDS check; see ptrace(2).\n\n/proc/[pid]/limits (since Linux 2.6.24)\nThis file displays the soft limit, hard limit, and units of measurement for each of\nthe process's resource limits (see getrlimit(2)). Up to and including Linux 2.6.35,\nthis file is protected to allow reading only by the real UID of the process. Since\nLinux 2.6.36, this file is readable by all users on the system.\n\n/proc/[pid]/mapfiles/ (since kernel 3.3)\nThis subdirectory contains entries corresponding to memory-mapped files (see mmap(2)).\nEntries are named by memory region start and end address pair (expressed as hexadeci‐\nmal numbers), and are symbolic links to the mapped files themselves. Here is an exam‐\nple, with the output wrapped and reformatted to fit on an 80-column display:\n\n# ls -l /proc/self/mapfiles/\nlr--------. 1 root root 64 Apr 16 21:31\n3252e00000-3252e20000 -> /usr/lib64/ld-2.15.so\n...\n\nAlthough these entries are present for memory regions that were mapped with the\nMAPFILE flag, the way anonymous shared memory (regions created with the MAPANON |\nMAPSHARED flags) is implemented in Linux means that such regions also appear on this\ndirectory. Here is an example where the target file is the deleted /dev/zero one:\n\nlrw-------. 1 root root 64 Apr 16 21:33\n7fc075d2f000-7fc075e6f000 -> /dev/zero (deleted)\n\nPermission to access this file is governed by a ptrace access mode\nPTRACEMODEREADFSCREDS check; see ptrace(2).\n\nUntil kernel version 4.3, this directory appeared only if the CONFIGCHECKPOINTRE‐‐\nSTORE kernel configuration option was enabled.\n\nCapabilities are required to read the contents of the symbolic links in this direc‐\ntory: before Linux 5.9, the reading process requires CAPSYSADMIN in the initial user\nnamespace; since Linux 5.9, the reading process must have either CAPSYSADMIN or\nCAPCHECKPOINTRESTORE in the user namespace where it resides.\n\n/proc/[pid]/maps\nA file containing the currently mapped memory regions and their access permissions.\nSee mmap(2) for some further information about memory mappings.\n\nPermission to access this file is governed by a ptrace access mode\nPTRACEMODEREADFSCREDS check; see ptrace(2).\n\nThe format of the file is:\n\naddress perms offset dev inode pathname\n00400000-00452000 r-xp 00000000 08:02 173521 /usr/bin/dbus-daemon\n00651000-00652000 r--p 00051000 08:02 173521 /usr/bin/dbus-daemon\n00652000-00655000 rw-p 00052000 08:02 173521 /usr/bin/dbus-daemon\n00e03000-00e24000 rw-p 00000000 00:00 0 [heap]\n00e24000-011f7000 rw-p 00000000 00:00 0 [heap]\n...\n35b1800000-35b1820000 r-xp 00000000 08:02 135522 /usr/lib64/ld-2.15.so\n35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522 /usr/lib64/ld-2.15.so\n35b1a20000-35b1a21000 rw-p 00020000 08:02 135522 /usr/lib64/ld-2.15.so\n35b1a21000-35b1a22000 rw-p 00000000 00:00 0\n35b1c00000-35b1dac000 r-xp 00000000 08:02 135870 /usr/lib64/libc-2.15.so\n35b1dac000-35b1fac000 ---p 001ac000 08:02 135870 /usr/lib64/libc-2.15.so\n35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870 /usr/lib64/libc-2.15.so\n35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870 /usr/lib64/libc-2.15.so\n...\nf2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0 [stack:986]\n...\n7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0 [stack]\n7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0 [vdso]\n\nThe address field is the address space in the process that the mapping occupies. The\nperms field is a set of permissions:\n\nr = read\nw = write\nx = execute\ns = shared\np = private (copy on write)\n\nThe offset field is the offset into the file/whatever; dev is the device (major:mi‐\nnor); inode is the inode on that device. 0 indicates that no inode is associated with\nthe memory region, as would be the case with BSS (uninitialized data).\n\nThe pathname field will usually be the file that is backing the mapping. For ELF\nfiles, you can easily coordinate with the offset field by looking at the Offset field\nin the ELF program headers (readelf -l).\n\nThere are additional helpful pseudo-paths:\n\n[stack]\nThe initial process's (also known as the main thread's) stack.\n\n[stack:] (from Linux 3.4 to 4.4)\nA thread's stack (where the is a thread ID). It corresponds to the\n/proc/[pid]/task/[tid]/ path. This field was removed in Linux 4.5, since pro‐\nviding this information for a process with large numbers of threads is expen‐\nsive.\n\n[vdso] The virtual dynamically linked shared object. See vdso(7).\n\n[heap] The process's heap.\n\nIf the pathname field is blank, this is an anonymous mapping as obtained via mmap(2).\nThere is no easy way to coordinate this back to a process's source, short of running\nit through gdb(1), strace(1), or similar.\n\npathname is shown unescaped except for newline characters, which are replaced with an\noctal escape sequence. As a result, it is not possible to determine whether the orig‐\ninal pathname contained a newline character or the literal \\012 character sequence.\n\nIf the mapping is file-backed and the file has been deleted, the string \" (deleted)\"\nis appended to the pathname. Note that this is ambiguous too.\n\nUnder Linux 2.0, there is no field giving pathname.\n\n/proc/[pid]/mem\nThis file can be used to access the pages of a process's memory through open(2),\nread(2), and lseek(2).\n\nPermission to access this file is governed by a ptrace access mode PTRACEMODEAT‐‐\nTACHFSCREDS check; see ptrace(2).\n\n/proc/[pid]/mountinfo (since Linux 2.6.26)\nThis file contains information about mount points in the process's mount namespace\n(see mountnamespaces(7)). It supplies various information (e.g., propagation state,\nroot of mount for bind mounts, identifier for each mount and its parent) that is miss‐\ning from the (older) /proc/[pid]/mounts file, and fixes various other problems with\nthat file (e.g., nonextensibility, failure to distinguish per-mount versus per-su‐\nperblock options).\n\nThe file contains lines of the form:\n\n36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue\n(1)(2)(3) (4) (5) (6) (7) (8) (9) (10) (11)\n\nThe numbers in parentheses are labels for the descriptions below:\n\n(1) mount ID: a unique ID for the mount (may be reused after umount(2)).\n\n(2) parent ID: the ID of the parent mount (or of self for the root of this mount\nnamespace's mount tree).\n\nIf a new mount is stacked on top of a previous existing mount (so that it hides\nthe existing mount) at pathname P, then the parent of the new mount is the previ‐\nous mount at that location. Thus, when looking at all the mounts stacked at a\nparticular location, the top-most mount is the one that is not the parent of any\nother mount at the same location. (Note, however, that this top-most mount will\nbe accessible only if the longest path subprefix of P that is a mount point is\nnot itself hidden by a stacked mount.)\n\nIf the parent mount point lies outside the process's root directory (see ch‐‐\nroot(2)), the ID shown here won't have a corresponding record in mountinfo whose\nmount ID (field 1) matches this parent mount ID (because mount points that lie\noutside the process's root directory are not shown in mountinfo). As a special\ncase of this point, the process's root mount point may have a parent mount (for\nthe initramfs filesystem) that lies outside the process's root directory, and an\nentry for that mount point will not appear in mountinfo.\n\n(3) major:minor: the value of stdev for files on this filesystem (see stat(2)).\n\n(4) root: the pathname of the directory in the filesystem which forms the root of\nthis mount.\n\n(5) mount point: the pathname of the mount point relative to the process's root di‐\nrectory.\n\n(6) mount options: per-mount options (see mount(2)).\n\n(7) optional fields: zero or more fields of the form \"tag[:value]\"; see below.\n\n(8) separator: the end of the optional fields is marked by a single hyphen.\n\n(9) filesystem type: the filesystem type in the form \"type[.subtype]\".\n\n(10) mount source: filesystem-specific information or \"none\".\n\n(11) super options: per-superblock options (see mount(2)).\n\nCurrently, the possible optional fields are shared, master, propagatefrom, and un‐\nbindable. See mountnamespaces(7) for a description of these fields. Parsers should\nignore all unrecognized optional fields.\n\nFor more information on mount propagation see: Documentation/filesystems/sharedsub‐\ntree.txt in the Linux kernel source tree.\n\n/proc/[pid]/mounts (since Linux 2.4.19)\nThis file lists all the filesystems currently mounted in the process's mount namespace\n(see mountnamespaces(7)). The format of this file is documented in fstab(5).\n\nSince kernel version 2.6.15, this file is pollable: after opening the file for read‐\ning, a change in this file (i.e., a filesystem mount or unmount) causes select(2) to\nmark the file descriptor as having an exceptional condition, and poll(2) and\nepollwait(2) mark the file as having a priority event (POLLPRI). (Before Linux\n2.6.30, a change in this file was indicated by the file descriptor being marked as\nreadable for select(2), and being marked as having an error condition for poll(2) and\nepollwait(2).)\n\n/proc/[pid]/mountstats (since Linux 2.6.17)\nThis file exports information (statistics, configuration information) about the mount\npoints in the process's mount namespace (see mountnamespaces(7)). Lines in this file\nhave the form:\n\ndevice /dev/sda7 mounted on /home with fstype ext3 [stats]\n( 1 ) ( 2 ) (3 ) ( 4 )\n\nThe fields in each line are:\n\n(1) The name of the mounted device (or \"nodevice\" if there is no corresponding de‐\nvice).\n\n(2) The mount point within the filesystem tree.\n\n(3) The filesystem type.\n\n(4) Optional statistics and configuration information. Currently (as at Linux\n2.6.26), only NFS filesystems export information via this field.\n\nThis file is readable only by the owner of the process.\n\n/proc/[pid]/net (since Linux 2.6.25)\nSee the description of /proc/net.\n\n/proc/[pid]/ns/ (since Linux 3.0)\nThis is a subdirectory containing one entry for each namespace that supports being ma‐\nnipulated by setns(2). For more information, see namespaces(7).\n\n/proc/[pid]/numamaps (since Linux 2.6.14)\nSee numa(7).\n\n/proc/[pid]/oomadj (since Linux 2.6.11)\nThis file can be used to adjust the score used to select which process should be\nkilled in an out-of-memory (OOM) situation. The kernel uses this value for a bit-\nshift operation of the process's oomscore value: valid values are in the range -16 to\n+15, plus the special value -17, which disables OOM-killing altogether for this\nprocess. A positive score increases the likelihood of this process being killed by\nthe OOM-killer; a negative score decreases the likelihood.\n\nThe default value for this file is 0; a new process inherits its parent's oomadj set‐\nting. A process must be privileged (CAPSYSRESOURCE) to update this file.\n\nSince Linux 2.6.36, use of this file is deprecated in favor of\n/proc/[pid]/oomscoreadj.\n\n/proc/[pid]/oomscore (since Linux 2.6.11)\nThis file displays the current score that the kernel gives to this process for the\npurpose of selecting a process for the OOM-killer. A higher score means that the\nprocess is more likely to be selected by the OOM-killer. The basis for this score is\nthe amount of memory used by the process, with increases (+) or decreases (-) for fac‐\ntors including:\n\n* whether the process is privileged (-).\n\nBefore kernel 2.6.36 the following factors were also used in the calculation of\noomscore:\n\n* whether the process creates a lot of children using fork(2) (+);\n\n* whether the process has been running a long time, or has used a lot of CPU time (-);\n\n* whether the process has a low nice value (i.e., > 0) (+); and\n\n* whether the process is making direct hardware access (-).\n\nThe oomscore also reflects the adjustment specified by the oomscoreadj or oomadj\nsetting for the process.\n\n/proc/[pid]/oomscoreadj (since Linux 2.6.36)\nThis file can be used to adjust the badness heuristic used to select which process\ngets killed in out-of-memory conditions.\n\nThe badness heuristic assigns a value to each candidate task ranging from 0 (never\nkill) to 1000 (always kill) to determine which process is targeted. The units are\nroughly a proportion along that range of allowed memory the process may allocate from,\nbased on an estimation of its current memory and swap use. For example, if a task is\nusing all allowed memory, its badness score will be 1000. If it is using half of its\nallowed memory, its score will be 500.\n\nThere is an additional factor included in the badness score: root processes are given\n3% extra memory over other tasks.\n\nThe amount of \"allowed\" memory depends on the context in which the OOM-killer was\ncalled. If it is due to the memory assigned to the allocating task's cpuset being ex‐\nhausted, the allowed memory represents the set of mems assigned to that cpuset (see\ncpuset(7)). If it is due to a mempolicy's node(s) being exhausted, the allowed memory\nrepresents the set of mempolicy nodes. If it is due to a memory limit (or swap limit)\nbeing reached, the allowed memory is that configured limit. Finally, if it is due to\nthe entire system being out of memory, the allowed memory represents all allocatable\nresources.\n\nThe value of oomscoreadj is added to the badness score before it is used to deter‐\nmine which task to kill. Acceptable values range from -1000 (OOMSCOREADJMIN) to\n+1000 (OOMSCOREADJMAX). This allows user space to control the preference for OOM-\nkilling, ranging from always preferring a certain task or completely disabling it from\nOOM killing. The lowest possible value, -1000, is equivalent to disabling OOM-killing\nentirely for that task, since it will always report a badness score of 0.\n\nConsequently, it is very simple for user space to define the amount of memory to con‐\nsider for each task. Setting an oomscoreadj value of +500, for example, is roughly\nequivalent to allowing the remainder of tasks sharing the same system, cpuset, mempol‐\nicy, or memory controller resources to use at least 50% more memory. A value of -500,\non the other hand, would be roughly equivalent to discounting 50% of the task's al‐\nlowed memory from being considered as scoring against the task.\n\nFor backward compatibility with previous kernels, /proc/[pid]/oomadj can still be\nused to tune the badness score. Its value is scaled linearly with oomscoreadj.\n\nWriting to /proc/[pid]/oomscoreadj or /proc/[pid]/oomadj will change the other with\nits scaled value.\n\nThe choom(1) program provides a command-line interface for adjusting the oomscoreadj\nvalue of a running process or a newly executed command.\n\n/proc/[pid]/pagemap (since Linux 2.6.25)\nThis file shows the mapping of each of the process's virtual pages into physical page\nframes or swap area. It contains one 64-bit value for each virtual page, with the\nbits set as follows:\n\n63 If set, the page is present in RAM.\n\n62 If set, the page is in swap space\n\n61 (since Linux 3.5)\nThe page is a file-mapped page or a shared anonymous page.\n\n60–57 (since Linux 3.11)\nZero\n\n56 (since Linux 4.2)\nThe page is exclusively mapped.\n\n55 (since Linux 3.11)\nPTE is soft-dirty (see the kernel source file Documentation/ad‐\nmin-guide/mm/soft-dirty.rst).\n\n54–0 If the page is present in RAM (bit 63), then these bits provide the page frame\nnumber, which can be used to index /proc/kpageflags and /proc/kpagecount. If\nthe page is present in swap (bit 62), then bits 4–0 give the swap type, and\nbits 54–5 encode the swap offset.\n\nBefore Linux 3.11, bits 60–55 were used to encode the base-2 log of the page size.\n\nTo employ /proc/[pid]/pagemap efficiently, use /proc/[pid]/maps to determine which ar‐\neas of memory are actually mapped and seek to skip over unmapped regions.\n\nThe /proc/[pid]/pagemap file is present only if the CONFIGPROCPAGEMONITOR kernel\nconfiguration option is enabled.\n\nPermission to access this file is governed by a ptrace access mode\nPTRACEMODEREADFSCREDS check; see ptrace(2).\n\n/proc/[pid]/personality (since Linux 2.6.28)\nThis read-only file exposes the process's execution domain, as set by personality(2).\nThe value is displayed in hexadecimal notation.\n\nPermission to access this file is governed by a ptrace access mode PTRACEMODEAT‐‐\nTACHFSCREDS check; see ptrace(2).\n\n/proc/[pid]/root\nUNIX and Linux support the idea of a per-process root of the filesystem, set by the\nchroot(2) system call. This file is a symbolic link that points to the process's root\ndirectory, and behaves in the same way as exe, and fd/*.\n\nNote however that this file is not merely a symbolic link. It provides the same view\nof the filesystem (including namespaces and the set of per-process mounts) as the\nprocess itself. An example illustrates this point. In one terminal, we start a shell\nin new user and mount namespaces, and in that shell we create some new mount points:\n\n$ PS1='sh1# ' unshare -Urnm\nsh1# mount -t tmpfs tmpfs /etc # Mount empty tmpfs at /etc\nsh1# mount --bind /usr /dev # Mount /usr at /dev\nsh1# echo $$\n27123\n\nIn a second terminal window, in the initial mount namespace, we look at the contents\nof the corresponding mounts in the initial and new namespaces:\n\n$ PS1='sh2# ' sudo sh\nsh2# ls /etc | wc -l # In initial NS\n309\nsh2# ls /proc/27123/root/etc | wc -l # /etc in other NS\n0 # The empty tmpfs dir\nsh2# ls /dev | wc -l # In initial NS\n205\nsh2# ls /proc/27123/root/dev | wc -l # /dev in other NS\n11 # Actually bind\n# mounted to /usr\nsh2# ls /usr | wc -l # /usr in initial NS\n11\n\nIn a multithreaded process, the contents of the /proc/[pid]/root symbolic link are not\navailable if the main thread has already terminated (typically by calling\npthreadexit(3)).\n\nPermission to dereference or read (readlink(2)) this symbolic link is governed by a\nptrace access mode PTRACEMODEREADFSCREDS check; see ptrace(2).\n\n/proc/[pid]/seccomp (Linux 2.6.12 to 2.6.22)\nThis file can be used to read and change the process's secure computing (seccomp) mode\nsetting. It contains the value 0 if the process is not in seccomp mode, and 1 if the\nprocess is in strict seccomp mode (see seccomp(2)). Writing 1 to this file places the\nprocess irreversibly in strict seccomp mode. (Further attempts to write to the file\nfail with the EPERM error.)\n\nIn Linux 2.6.23, this file went away, to be replaced by the prctl(2) PRGETSECCOMP\nand PRSETSECCOMP operations (and later by seccomp(2) and the Seccomp field in\n/proc/[pid]/status).\n\n/proc/[pid]/setgroups (since Linux 3.19)\nSee usernamespaces(7).\n\n/proc/[pid]/smaps (since Linux 2.6.14)\nThis file shows memory consumption for each of the process's mappings. (The pmap(1)\ncommand displays similar information, in a form that may be easier for parsing.) For\neach mapping there is a series of lines such as the following:\n\n00400000-0048a000 r-xp 00000000 fd:03 960637 /bin/bash\nSize: 552 kB\nRss: 460 kB\nPss: 100 kB\nSharedClean: 452 kB\nSharedDirty: 0 kB\nPrivateClean: 8 kB\nPrivateDirty: 0 kB\nReferenced: 460 kB\nAnonymous: 0 kB\nAnonHugePages: 0 kB\nShmemHugePages: 0 kB\nShmemPmdMapped: 0 kB\nSwap: 0 kB\nKernelPageSize: 4 kB\nMMUPageSize: 4 kB\nKernelPageSize: 4 kB\nMMUPageSize: 4 kB\nLocked: 0 kB\nProtectionKey: 0\nVmFlags: rd ex mr mw me dw\n\nThe first of these lines shows the same information as is displayed for the mapping in\n/proc/[pid]/maps. The following lines show the size of the mapping, the amount of the\nmapping that is currently resident in RAM (\"Rss\"), the process's proportional share of\nthis mapping (\"Pss\"), the number of clean and dirty shared pages in the mapping, and\nthe number of clean and dirty private pages in the mapping. \"Referenced\" indicates\nthe amount of memory currently marked as referenced or accessed. \"Anonymous\" shows\nthe amount of memory that does not belong to any file. \"Swap\" shows how much would-\nbe-anonymous memory is also used, but out on swap.\n\nThe \"KernelPageSize\" line (available since Linux 2.6.29) is the page size used by the\nkernel to back the virtual memory area. This matches the size used by the MMU in the\nmajority of cases. However, one counter-example occurs on PPC64 kernels whereby a\nkernel using 64 kB as a base page size may still use 4 kB pages for the MMU on older\nprocessors. To distinguish the two attributes, the \"MMUPageSize\" line (also available\nsince Linux 2.6.29) reports the page size used by the MMU.\n\nThe \"Locked\" indicates whether the mapping is locked in memory or not.\n\nThe \"ProtectionKey\" line (available since Linux 4.9, on x86 only) contains the memory\nprotection key (see pkeys(7)) associated with the virtual memory area. This entry is\npresent only if the kernel was built with the CONFIGX86INTELMEMORYPROTECTIONKEYS\nconfiguration option (since Linux 4.6).\n\nThe \"VmFlags\" line (available since Linux 3.8) represents the kernel flags associated\nwith the virtual memory area, encoded using the following two-letter codes:\n\nrd - readable\nwr - writable\nex - executable\nsh - shared\nmr - may read\nmw - may write\nme - may execute\nms - may share\ngd - stack segment grows down\npf - pure PFN range\ndw - disabled write to the mapped file\nlo - pages are locked in memory\nio - memory mapped I/O area\nsr - sequential read advise provided\nrr - random read advise provided\ndc - do not copy area on fork\nde - do not expand area on remapping\nac - area is accountable\nnr - swap space is not reserved for the area\nht - area uses huge tlb pages\nsf - perform synchronous page faults (since Linux 4.15)\nnl - non-linear mapping (removed in Linux 4.0)\nar - architecture specific flag\nwf - wipe on fork (since Linux 4.14)\ndd - do not include area into core dump\nsd - soft-dirty flag (since Linux 3.13)\nmm - mixed map area\nhg - huge page advise flag\nnh - no-huge page advise flag\nmg - mergeable advise flag\num - userfaultfd missing pages tracking (since Linux 4.3)\nuw - userfaultfd wprotect pages tracking (since Linux 4.3)\n\nThe /proc/[pid]/smaps file is present only if the CONFIGPROCPAGEMONITOR kernel con‐\nfiguration option is enabled.\n\n/proc/[pid]/stack (since Linux 2.6.29)\nThis file provides a symbolic trace of the function calls in this process's kernel\nstack. This file is provided only if the kernel was built with the CONFIGSTACKTRACE\nconfiguration option.\n\nPermission to access this file is governed by a ptrace access mode PTRACEMODEAT‐‐\nTACHFSCREDS check; see ptrace(2).\n\n/proc/[pid]/stat\nStatus information about the process. This is used by ps(1). It is defined in the\nkernel source file fs/proc/array.c.\n\nThe fields, in order, with their proper scanf(3) format specifiers, are listed below.\nWhether or not certain of these fields display valid information is governed by a\nptrace access mode PTRACEMODEREADFSCREDS | PTRACEMODENOAUDIT check (refer to\nptrace(2)). If the check denies access, then the field value is displayed as 0. The\naffected fields are indicated with the marking [PT].\n\n(1) pid %d\nThe process ID.\n\n(2) comm %s\nThe filename of the executable, in parentheses. Strings longer than\nTASKCOMMLEN (16) characters (including the terminating null byte) are\nsilently truncated. This is visible whether or not the executable is swapped\nout.\n\n(3) state %c\nOne of the following characters, indicating process state:\n\nR Running\n\nS Sleeping in an interruptible wait\n\nD Waiting in uninterruptible disk sleep\n\nZ Zombie\n\nT Stopped (on a signal) or (before Linux 2.6.33) trace stopped\n\nt Tracing stop (Linux 2.6.33 onward)\n\nW Paging (only before Linux 2.6.0)\n\nX Dead (from Linux 2.6.0 onward)\n\nx Dead (Linux 2.6.33 to 3.13 only)\n\nK Wakekill (Linux 2.6.33 to 3.13 only)\n\nW Waking (Linux 2.6.33 to 3.13 only)\n\nP Parked (Linux 3.9 to 3.13 only)\n\n(4) ppid %d\nThe PID of the parent of this process.\n\n(5) pgrp %d\nThe process group ID of the process.\n\n(6) session %d\nThe session ID of the process.\n\n(7) ttynr %d\nThe controlling terminal of the process. (The minor device number is contained\nin the combination of bits 31 to 20 and 7 to 0; the major device number is in\nbits 15 to 8.)\n\n(8) tpgid %d\nThe ID of the foreground process group of the controlling terminal of the\nprocess.\n\n(9) flags %u\nThe kernel flags word of the process. For bit meanings, see the PF* defines\nin the Linux kernel source file include/linux/sched.h. Details depend on the\nkernel version.\n\nThe format for this field was %lu before Linux 2.6.\n\n(10) minflt %lu\nThe number of minor faults the process has made which have not required loading\na memory page from disk.\n\n(11) cminflt %lu\nThe number of minor faults that the process's waited-for children have made.\n\n(12) majflt %lu\nThe number of major faults the process has made which have required loading a\nmemory page from disk.\n\n(13) cmajflt %lu\nThe number of major faults that the process's waited-for children have made.\n\n(14) utime %lu\nAmount of time that this process has been scheduled in user mode, measured in\nclock ticks (divide by sysconf(SCCLKTCK)). This includes guest time,\nguesttime (time spent running a virtual CPU, see below), so that applications\nthat are not aware of the guest time field do not lose that time from their\ncalculations.\n\n(15) stime %lu\nAmount of time that this process has been scheduled in kernel mode, measured in\nclock ticks (divide by sysconf(SCCLKTCK)).\n\n(16) cutime %ld\nAmount of time that this process's waited-for children have been scheduled in\nuser mode, measured in clock ticks (divide by sysconf(SCCLKTCK)). (See also\ntimes(2).) This includes guest time, cguesttime (time spent running a virtual\nCPU, see below).\n\n(17) cstime %ld\nAmount of time that this process's waited-for children have been scheduled in\nkernel mode, measured in clock ticks (divide by sysconf(SCCLKTCK)).\n\n(18) priority %ld\n(Explanation for Linux 2.6) For processes running a real-time scheduling policy\n(policy below; see schedsetscheduler(2)), this is the negated scheduling pri‐\nority, minus one; that is, a number in the range -2 to -100, corresponding to\nreal-time priorities 1 to 99. For processes running under a non-real-time\nscheduling policy, this is the raw nice value (setpriority(2)) as represented\nin the kernel. The kernel stores nice values as numbers in the range 0 (high)\nto 39 (low), corresponding to the user-visible nice range of -20 to 19.\n\nBefore Linux 2.6, this was a scaled value based on the scheduler weighting\ngiven to this process.\n\n(19) nice %ld\nThe nice value (see setpriority(2)), a value in the range 19 (low priority) to\n-20 (high priority).\n\n(20) numthreads %ld\nNumber of threads in this process (since Linux 2.6). Before kernel 2.6, this\nfield was hard coded to 0 as a placeholder for an earlier removed field.\n\n(21) itrealvalue %ld\nThe time in jiffies before the next SIGALRM is sent to the process due to an\ninterval timer. Since kernel 2.6.17, this field is no longer maintained, and\nis hard coded as 0.\n\n(22) starttime %llu\nThe time the process started after system boot. In kernels before Linux 2.6,\nthis value was expressed in jiffies. Since Linux 2.6, the value is expressed\nin clock ticks (divide by sysconf(SCCLKTCK)).\n\nThe format for this field was %lu before Linux 2.6.\n\n(23) vsize %lu\nVirtual memory size in bytes.\n\n(24) rss %ld\nResident Set Size: number of pages the process has in real memory. This is\njust the pages which count toward text, data, or stack space. This does not\ninclude pages which have not been demand-loaded in, or which are swapped out.\nThis value is inaccurate; see /proc/[pid]/statm below.\n\n(25) rsslim %lu\nCurrent soft limit in bytes on the rss of the process; see the description of\nRLIMITRSS in getrlimit(2).\n\n(26) startcode %lu [PT]\nThe address above which program text can run.\n\n(27) endcode %lu [PT]\nThe address below which program text can run.\n\n(28) startstack %lu [PT]\nThe address of the start (i.e., bottom) of the stack.\n\n(29) kstkesp %lu [PT]\nThe current value of ESP (stack pointer), as found in the kernel stack page for\nthe process.\n\n(30) kstkeip %lu [PT]\nThe current EIP (instruction pointer).\n\n(31) signal %lu\nThe bitmap of pending signals, displayed as a decimal number. Obsolete, be‐\ncause it does not provide information on real-time signals; use\n/proc/[pid]/status instead.\n\n(32) blocked %lu\nThe bitmap of blocked signals, displayed as a decimal number. Obsolete, be‐\ncause it does not provide information on real-time signals; use\n/proc/[pid]/status instead.\n\n(33) sigignore %lu\nThe bitmap of ignored signals, displayed as a decimal number. Obsolete, be‐\ncause it does not provide information on real-time signals; use\n/proc/[pid]/status instead.\n\n(34) sigcatch %lu\nThe bitmap of caught signals, displayed as a decimal number. Obsolete, because\nit does not provide information on real-time signals; use /proc/[pid]/status\ninstead.\n\n(35) wchan %lu [PT]\nThis is the \"channel\" in which the process is waiting. It is the address of a\nlocation in the kernel where the process is sleeping. The corresponding sym‐\nbolic name can be found in /proc/[pid]/wchan.\n\n(36) nswap %lu\nNumber of pages swapped (not maintained).\n\n(37) cnswap %lu\nCumulative nswap for child processes (not maintained).\n\n(38) exitsignal %d (since Linux 2.1.22)\nSignal to be sent to parent when we die.\n\n(39) processor %d (since Linux 2.2.8)\nCPU number last executed on.\n\n(40) rtpriority %u (since Linux 2.5.19)\nReal-time scheduling priority, a number in the range 1 to 99 for processes\nscheduled under a real-time policy, or 0, for non-real-time processes (see\nschedsetscheduler(2)).\n\n(41) policy %u (since Linux 2.5.19)\nScheduling policy (see schedsetscheduler(2)). Decode using the SCHED* con‐\nstants in linux/sched.h.\n\nThe format for this field was %lu before Linux 2.6.22.\n\n(42) delayacctblkioticks %llu (since Linux 2.6.18)\nAggregated block I/O delays, measured in clock ticks (centiseconds).\n\n(43) guesttime %lu (since Linux 2.6.24)\nGuest time of the process (time spent running a virtual CPU for a guest operat‐\ning system), measured in clock ticks (divide by sysconf(SCCLKTCK)).\n\n(44) cguesttime %ld (since Linux 2.6.24)\nGuest time of the process's children, measured in clock ticks (divide by\nsysconf(SCCLKTCK)).\n\n(45) startdata %lu (since Linux 3.3) [PT]\nAddress above which program initialized and uninitialized (BSS) data are\nplaced.\n\n(46) enddata %lu (since Linux 3.3) [PT]\nAddress below which program initialized and uninitialized (BSS) data are\nplaced.\n\n(47) startbrk %lu (since Linux 3.3) [PT]\nAddress above which program heap can be expanded with brk(2).\n\n(48) argstart %lu (since Linux 3.5) [PT]\nAddress above which program command-line arguments (argv) are placed.\n\n(49) argend %lu (since Linux 3.5) [PT]\nAddress below program command-line arguments (argv) are placed.\n\n(50) envstart %lu (since Linux 3.5) [PT]\nAddress above which program environment is placed.\n\n(51) envend %lu (since Linux 3.5) [PT]\nAddress below which program environment is placed.\n\n(52) exitcode %d (since Linux 3.5) [PT]\nThe thread's exit status in the form reported by waitpid(2).\n\n/proc/[pid]/statm\nProvides information about memory usage, measured in pages. The columns are:\n\nsize (1) total program size\n(same as VmSize in /proc/[pid]/status)\nresident (2) resident set size\n(inaccurate; same as VmRSS in /proc/[pid]/status)\nshared (3) number of resident shared pages\n(i.e., backed by a file)\n(inaccurate; same as RssFile+RssShmem in\n/proc/[pid]/status)\ntext (4) text (code)\nlib (5) library (unused since Linux 2.6; always 0)\ndata (6) data + stack\ndt (7) dirty pages (unused since Linux 2.6; always 0)\n\nSome of these values are inaccurate because of a kernel-internal scalability optimiza‐\ntion. If accurate values are required, use /proc/[pid]/smaps or\n/proc/[pid]/smapsrollup instead, which are much slower but provide accurate, detailed\ninformation.\n\n/proc/[pid]/status\nProvides much of the information in /proc/[pid]/stat and /proc/[pid]/statm in a format\nthat's easier for humans to parse. Here's an example:\n\n$ cat /proc/$$/status\nName: bash\nUmask: 0022\nState: S (sleeping)\nTgid: 17248\nNgid: 0\nPid: 17248\nPPid: 17200\nTracerPid: 0\nUid: 1000 1000 1000 1000\nGid: 100 100 100 100\nFDSize: 256\nGroups: 16 33 100\nNStgid: 17248\nNSpid: 17248\nNSpgid: 17248\nNSsid: 17200\nVmPeak: 131168 kB\nVmSize: 131168 kB\nVmLck: 0 kB\nVmPin: 0 kB\nVmHWM: 13484 kB\nVmRSS: 13484 kB\nRssAnon: 10264 kB\nRssFile: 3220 kB\nRssShmem: 0 kB\nVmData: 10332 kB\nVmStk: 136 kB\nVmExe: 992 kB\nVmLib: 2104 kB\nVmPTE: 76 kB\nVmPMD: 12 kB\nVmSwap: 0 kB\nHugetlbPages: 0 kB # 4.4\nCoreDumping: 0 # 4.15\nThreads: 1\nSigQ: 0/3067\nSigPnd: 0000000000000000\nShdPnd: 0000000000000000\nSigBlk: 0000000000010000\nSigIgn: 0000000000384004\nSigCgt: 000000004b813efb\nCapInh: 0000000000000000\nCapPrm: 0000000000000000\nCapEff: 0000000000000000\nCapBnd: ffffffffffffffff\nCapAmb: 0000000000000000\nNoNewPrivs: 0\nSeccomp: 0\nSpeculationStoreBypass: vulnerable\nCpusallowed: 00000001\nCpusallowedlist: 0\nMemsallowed: 1\nMemsallowedlist: 0\nvoluntaryctxtswitches: 150\nnonvoluntaryctxtswitches: 545\n\nThe fields are as follows:\n\nName Command run by this process. Strings longer than TASKCOMMLEN (16) characters\n(including the terminating null byte) are silently truncated.\n\nUmask Process umask, expressed in octal with a leading zero; see umask(2). (Since\nLinux 4.7.)\n\nState Current state of the process. One of \"R (running)\", \"S (sleeping)\", \"D (disk\nsleep)\", \"T (stopped)\", \"t (tracing stop)\", \"Z (zombie)\", or \"X (dead)\".\n\nTgid Thread group ID (i.e., Process ID).\n\nNgid NUMA group ID (0 if none; since Linux 3.13).\n\nPid Thread ID (see gettid(2)).\n\nPPid PID of parent process.\n\nTracerPid\nPID of process tracing this process (0 if not being traced).\n\nUid, Gid\nReal, effective, saved set, and filesystem UIDs (GIDs).\n\nFDSize Number of file descriptor slots currently allocated.\n\nGroups Supplementary group list.\n\nNStgid Thread group ID (i.e., PID) in each of the PID namespaces of which [pid] is a\nmember. The leftmost entry shows the value with respect to the PID namespace\nof the process that mounted this procfs (or the root namespace if mounted by\nthe kernel), followed by the value in successively nested inner namespaces.\n(Since Linux 4.1.)\n\nNSpid Thread ID in each of the PID namespaces of which [pid] is a member. The fields\nare ordered as for NStgid. (Since Linux 4.1.)\n\nNSpgid Process group ID in each of the PID namespaces of which [pid] is a member. The\nfields are ordered as for NStgid. (Since Linux 4.1.)\n\nNSsid descendant namespace session ID hierarchy Session ID in each of the PID name‐\nspaces of which [pid] is a member. The fields are ordered as for NStgid.\n(Since Linux 4.1.)\n\nVmPeak Peak virtual memory size.\n\nVmSize Virtual memory size.\n\nVmLck Locked memory size (see mlock(2)).\n\nVmPin Pinned memory size (since Linux 3.2). These are pages that can't be moved be‐\ncause something needs to directly access physical memory.\n\nVmHWM Peak resident set size (\"high water mark\"). This value is inaccurate; see\n/proc/[pid]/statm above.\n\nVmRSS Resident set size. Note that the value here is the sum of RssAnon, RssFile,\nand RssShmem. This value is inaccurate; see /proc/[pid]/statm above.\n\nRssAnon\nSize of resident anonymous memory. (since Linux 4.5). This value is inaccu‐\nrate; see /proc/[pid]/statm above.\n\nRssFile\nSize of resident file mappings. (since Linux 4.5). This value is inaccurate;\nsee /proc/[pid]/statm above.\n\nRssShmem\nSize of resident shared memory (includes System V shared memory, mappings from\ntmpfs(5), and shared anonymous mappings). (since Linux 4.5).\n\nVmData, VmStk, VmExe\nSize of data, stack, and text segments. This value is inaccurate; see\n/proc/[pid]/statm above.\n\nVmLib Shared library code size.\n\nVmPTE Page table entries size (since Linux 2.6.10).\n\nVmPMD Size of second-level page tables (added in Linux 4.0; removed in Linux 4.15).\n\nVmSwap Swapped-out virtual memory size by anonymous private pages; shmem swap usage is\nnot included (since Linux 2.6.34). This value is inaccurate; see\n/proc/[pid]/statm above.\n\nHugetlbPages\nSize of hugetlb memory portions (since Linux 4.4).\n\nCoreDumping\nContains the value 1 if the process is currently dumping core, and 0 if it is\nnot (since Linux 4.15). This information can be used by a monitoring process\nto avoid killing a process that is currently dumping core, which could result\nin a corrupted core dump file.\n\nThreads\nNumber of threads in process containing this thread.\n\nSigQ This field contains two slash-separated numbers that relate to queued signals\nfor the real user ID of this process. The first of these is the number of cur‐\nrently queued signals for this real user ID, and the second is the resource\nlimit on the number of queued signals for this process (see the description of\nRLIMITSIGPENDING in getrlimit(2)).\n\nSigPnd, ShdPnd\nMask (expressed in hexadecimal) of signals pending for thread and for process\nas a whole (see pthreads(7) and signal(7)).\n\nSigBlk, SigIgn, SigCgt\nMasks (expressed in hexadecimal) indicating signals being blocked, ignored, and\ncaught (see signal(7)).\n\nCapInh, CapPrm, CapEff\nMasks (expressed in hexadecimal) of capabilities enabled in inheritable, per‐\nmitted, and effective sets (see capabilities(7)).\n\nCapBnd Capability bounding set, expressed in hexadecimal (since Linux 2.6.26, see ca‐‐\npabilities(7)).\n\nCapAmb Ambient capability set, expressed in hexadecimal (since Linux 4.3, see capabil‐‐\nities(7)).\n\nNoNewPrivs\nValue of the nonewprivs bit (since Linux 4.10, see prctl(2)).\n\nSeccomp\nSeccomp mode of the process (since Linux 3.8, see seccomp(2)). 0 means SEC‐‐\nCOMPMODEDISABLED; 1 means SECCOMPMODESTRICT; 2 means SECCOMPMODEFILTER.\nThis field is provided only if the kernel was built with the CONFIGSECCOMP\nkernel configuration option enabled.\n\nSpeculationStoreBypass\nSpeculation flaw mitigation state (since Linux 4.17, see prctl(2)).\n\nCpusallowed\nHexadecimal mask of CPUs on which this process may run (since Linux 2.6.24, see\ncpuset(7)).\n\nCpusallowedlist\nSame as previous, but in \"list format\" (since Linux 2.6.26, see cpuset(7)).\n\nMemsallowed\nMask of memory nodes allowed to this process (since Linux 2.6.24, see\ncpuset(7)).\n\nMemsallowedlist\nSame as previous, but in \"list format\" (since Linux 2.6.26, see cpuset(7)).\n\nvoluntaryctxtswitches, nonvoluntaryctxtswitches\nNumber of voluntary and involuntary context switches (since Linux 2.6.23).\n\n/proc/[pid]/syscall (since Linux 2.6.27)\nThis file exposes the system call number and argument registers for the system call\ncurrently being executed by the process, followed by the values of the stack pointer\nand program counter registers. The values of all six argument registers are exposed,\nalthough most system calls use fewer registers.\n\nIf the process is blocked, but not in a system call, then the file displays -1 in\nplace of the system call number, followed by just the values of the stack pointer and\nprogram counter. If process is not blocked, then the file contains just the string\n\"running\".\n\nThis file is present only if the kernel was configured with CONFIGHAVEARCHTRACE‐‐\nHOOK.\n\nPermission to access this file is governed by a ptrace access mode PTRACEMODEAT‐‐\nTACHFSCREDS check; see ptrace(2).\n\n/proc/[pid]/task (since Linux 2.6.0)\nThis is a directory that contains one subdirectory for each thread in the process.\nThe name of each subdirectory is the numerical thread ID ([tid]) of the thread (see\ngettid(2)).\n\nWithin each of these subdirectories, there is a set of files with the same names and\ncontents as under the /proc/[pid] directories. For attributes that are shared by all\nthreads, the contents for each of the files under the task/[tid] subdirectories will\nbe the same as in the corresponding file in the parent /proc/[pid] directory (e.g., in\na multithreaded process, all of the task/[tid]/cwd files will have the same value as\nthe /proc/[pid]/cwd file in the parent directory, since all of the threads in a\nprocess share a working directory). For attributes that are distinct for each thread,\nthe corresponding files under task/[tid] may have different values (e.g., various\nfields in each of the task/[tid]/status files may be different for each thread), or\nthey might not exist in /proc/[pid] at all.\n\nIn a multithreaded process, the contents of the /proc/[pid]/task directory are not\navailable if the main thread has already terminated (typically by calling\npthreadexit(3)).\n\n/proc/[pid]/task/[tid]/children (since Linux 3.5)\nA space-separated list of child tasks of this task. Each child task is represented by\nits TID.\n\nThis option is intended for use by the checkpoint-restore (CRIU) system, and reliably\nprovides a list of children only if all of the child processes are stopped or frozen.\nIt does not work properly if children of the target task exit while the file is being\nread! Exiting children may cause non-exiting children to be omitted from the list.\nThis makes this interface even more unreliable than classic PID-based approaches if\nthe inspected task and its children aren't frozen, and most code should probably not\nuse this interface.\n\nUntil Linux 4.2, the presence of this file was governed by the CONFIGCHECKPOINTRE‐‐\nSTORE kernel configuration option. Since Linux 4.2, it is governed by the CON‐‐\nFIGPROCCHILDREN option.\n\n/proc/[pid]/timers (since Linux 3.10)\nA list of the POSIX timers for this process. Each timer is listed with a line that\nstarts with the string \"ID:\". For example:\n\nID: 1\nsignal: 60/00007fff86e452a8\nnotify: signal/pid.2634\nClockID: 0\nID: 0\nsignal: 60/00007fff86e452a8\nnotify: signal/pid.2634\nClockID: 1\n\nThe lines shown for each timer have the following meanings:\n\nID The ID for this timer. This is not the same as the timer ID returned by\ntimercreate(2); rather, it is the same kernel-internal ID that is available\nvia the sitimerid field of the siginfot structure (see sigaction(2)).\n\nsignal This is the signal number that this timer uses to deliver notifications fol‐\nlowed by a slash, and then the sigevvalue value supplied to the signal han‐\ndler. Valid only for timers that notify via a signal.\n\nnotify The part before the slash specifies the mechanism that this timer uses to de‐\nliver notifications, and is one of \"thread\", \"signal\", or \"none\". Immediately\nfollowing the slash is either the string \"tid\" for timers with SIGEVTHREADID\nnotification, or \"pid\" for timers that notify by other mechanisms. Following\nthe \".\" is the PID of the process (or the kernel thread ID of the thread) that\nwill be delivered a signal if the timer delivers notifications via a signal.\n\nClockID\nThis field identifies the clock that the timer uses for measuring time. For\nmost clocks, this is a number that matches one of the user-space CLOCK* con‐\nstants exposed via . CLOCKPROCESSCPUTIMEID timers display with a\nvalue of -6 in this field. CLOCKTHREADCPUTIMEID timers display with a value\nof -2 in this field.\n\nThis file is available only when the kernel was configured with CONFIGCHECKPOINTRE‐‐\nSTORE.\n\n/proc/[pid]/timerslackns (since Linux 4.6)\nThis file exposes the process's \"current\" timer slack value, expressed in nanoseconds.\nThe file is writable, allowing the process's timer slack value to be changed. Writing\n0 to this file resets the \"current\" timer slack to the \"default\" timer slack value.\nFor further details, see the discussion of PRSETTIMERSLACK in prctl(2).\n\nInitially, permission to access this file was governed by a ptrace access mode\nPTRACEMODEATTACHFSCREDS check (see ptrace(2)). However, this was subsequently\ndeemed too strict a requirement (and had the side effect that requiring a process to\nhave the CAPSYSPTRACE capability would also allow it to view and change any\nprocess's memory). Therefore, since Linux 4.9, only the (weaker) CAPSYSNICE capa‐\nbility is required to access this file.\n\n/proc/[pid]/uidmap, /proc/[pid]/gidmap (since Linux 3.5)\nSee usernamespaces(7).\n\n/proc/[pid]/wchan (since Linux 2.6.0)\nThe symbolic name corresponding to the location in the kernel where the process is\nsleeping.\n\nPermission to access this file is governed by a ptrace access mode\nPTRACEMODEREADFSCREDS check; see ptrace(2).\n\n/proc/[tid]\nThere is a numerical subdirectory for each running thread that is not a thread group\nleader (i.e., a thread whose thread ID is not the same as its process ID); the subdi‐\nrectory is named by the thread ID. Each one of these subdirectories contains files\nand subdirectories exposing information about the thread with the thread ID tid. The\ncontents of these directories are the same as the corresponding /proc/[pid]/task/[tid]\ndirectories.\n\nThe /proc/[tid] subdirectories are not visible when iterating through /proc with get‐‐\ndents(2) (and thus are not visible when one uses ls(1) to view the contents of /proc).\nHowever, the pathnames of these directories are visible to (i.e., usable as arguments\nin) system calls that operate on pathnames.\n\n/proc/apm\nAdvanced power management version and battery information when CONFIGAPM is defined\nat kernel compilation time.\n\n/proc/buddyinfo\nThis file contains information which is used for diagnosing memory fragmentation is‐\nsues. Each line starts with the identification of the node and the name of the zone\nwhich together identify a memory region. This is then followed by the count of avail‐\nable chunks of a certain order in which these zones are split. The size in bytes of a\ncertain order is given by the formula:\n\n(2^order) * PAGESIZE\n\nThe binary buddy allocator algorithm inside the kernel will split one chunk into two\nchunks of a smaller order (thus with half the size) or combine two contiguous chunks\ninto one larger chunk of a higher order (thus with double the size) to satisfy alloca‐\ntion requests and to counter memory fragmentation. The order matches the column num‐\nber, when starting to count at zero.\n\nFor example on an x86-64 system:\nNode 0, zone DMA 1 1 1 0 2 1 1 0 1 1 3\nNode 0, zone DMA32 65 47 4 81 52 28 13 10 5 1 404\nNode 0, zone Normal 216 55 189 101 84 38 37 27 5 3 587\n\nIn this example, there is one node containing three zones and there are 11 different\nchunk sizes. If the page size is 4 kilobytes, then the first zone called DMA (on x86\nthe first 16 megabyte of memory) has 1 chunk of 4 kilobytes (order 0) available and\nhas 3 chunks of 4 megabytes (order 10) available.\n\nIf the memory is heavily fragmented, the counters for higher order chunks will be zero\nand allocation of large contiguous areas will fail.\n\nFurther information about the zones can be found in /proc/zoneinfo.\n\n/proc/bus\nContains subdirectories for installed busses.\n\n/proc/bus/pccard\nSubdirectory for PCMCIA devices when CONFIGPCMCIA is set at kernel compilation time.\n\n/proc/bus/pccard/drivers\n\n/proc/bus/pci\nContains various bus subdirectories and pseudo-files containing information about PCI\nbusses, installed devices, and device drivers. Some of these files are not ASCII.\n\n/proc/bus/pci/devices\nInformation about PCI devices. They may be accessed through lspci(8) and setpci(8).\n\n/proc/cgroups (since Linux 2.6.24)\nSee cgroups(7).\n\n/proc/cmdline\nArguments passed to the Linux kernel at boot time. Often done via a boot manager such\nas lilo(8) or grub(8).\n\n/proc/config.gz (since Linux 2.6)\nThis file exposes the configuration options that were used to build the currently run‐\nning kernel, in the same format as they would be shown in the .config file that re‐\nsulted when configuring the kernel (using make xconfig, make config, or similar). The\nfile contents are compressed; view or search them using zcat(1) and zgrep(1). As long\nas no changes have been made to the following file, the contents of /proc/config.gz\nare the same as those provided by:\n\ncat /lib/modules/$(uname -r)/build/.config\n\n/proc/config.gz is provided only if the kernel is configured with CONFIGIKCON‐‐\nFIGPROC.\n\n/proc/crypto\nA list of the ciphers provided by the kernel crypto API. For details, see the kernel\nLinux Kernel Crypto API documentation available under the kernel source directory Doc‐\numentation/crypto/ (or Documentation/DocBook before 4.10; the documentation can be\nbuilt using a command such as make htmldocs in the root directory of the kernel source\ntree).\n\n/proc/cpuinfo\nThis is a collection of CPU and system architecture dependent items, for each sup‐\nported architecture a different list. Two common entries are processor which gives\nCPU number and bogomips; a system constant that is calculated during kernel initial‐\nization. SMP machines have information for each CPU. The lscpu(1) command gathers\nits information from this file.\n\n/proc/devices\nText listing of major numbers and device groups. This can be used by MAKEDEV scripts\nfor consistency with the kernel.\n\n/proc/diskstats (since Linux 2.5.69)\nThis file contains disk I/O statistics for each disk device. See the Linux kernel\nsource file Documentation/iostats.txt for further information.\n\n/proc/dma\nThis is a list of the registered ISA DMA (direct memory access) channels in use.\n\n/proc/driver\nEmpty subdirectory.\n\n/proc/execdomains\nList of the execution domains (ABI personalities).\n\n/proc/fb\nFrame buffer information when CONFIGFB is defined during kernel compilation.\n\n/proc/filesystems\nA text listing of the filesystems which are supported by the kernel, namely filesys‐\ntems which were compiled into the kernel or whose kernel modules are currently loaded.\n(See also filesystems(5).) If a filesystem is marked with \"nodev\", this means that it\ndoes not require a block device to be mounted (e.g., virtual filesystem, network\nfilesystem).\n\nIncidentally, this file may be used by mount(8) when no filesystem is specified and it\ndidn't manage to determine the filesystem type. Then filesystems contained in this\nfile are tried (excepted those that are marked with \"nodev\").\n\n/proc/fs\nContains subdirectories that in turn contain files with information about (certain)\nmounted filesystems.\n\n/proc/ide\nThis directory exists on systems with the IDE bus. There are directories for each IDE\nchannel and attached device. Files include:\n\ncache buffer size in KB\ncapacity number of sectors\ndriver driver version\ngeometry physical and logical geometry\nidentify in hexadecimal\nmedia media type\nmodel manufacturer's model number\nsettings drive settings\nsmartthresholds IDE disk management thresholds (in hex)\nsmartvalues IDE disk management values (in hex)\n\nThe hdparm(8) utility provides access to this information in a friendly format.\n\n/proc/interrupts\nThis is used to record the number of interrupts per CPU per IO device. Since Linux\n2.6.24, for the i386 and x86-64 architectures, at least, this also includes interrupts\ninternal to the system (that is, not associated with a device as such), such as NMI\n(nonmaskable interrupt), LOC (local timer interrupt), and for SMP systems, TLB (TLB\nflush interrupt), RES (rescheduling interrupt), CAL (remote function call interrupt),\nand possibly others. Very easy to read formatting, done in ASCII.\n\n/proc/iomem\nI/O memory map in Linux 2.4.\n\n/proc/ioports\nThis is a list of currently registered Input-Output port regions that are in use.\n\n/proc/kallsyms (since Linux 2.5.71)\nThis holds the kernel exported symbol definitions used by the modules(X) tools to dy‐\nnamically link and bind loadable modules. In Linux 2.5.47 and earlier, a similar file\nwith slightly different syntax was named ksyms.\n\n/proc/kcore\nThis file represents the physical memory of the system and is stored in the ELF core\nfile format. With this pseudo-file, and an unstripped kernel (/usr/src/linux/vmlinux)\nbinary, GDB can be used to examine the current state of any kernel data structures.\n\nThe total length of the file is the size of physical memory (RAM) plus 4 KiB.\n\n/proc/keys (since Linux 2.6.10)\nSee keyrings(7).\n\n/proc/key-users (since Linux 2.6.10)\nSee keyrings(7).\n\n/proc/kmsg\nThis file can be used instead of the syslog(2) system call to read kernel messages. A\nprocess must have superuser privileges to read this file, and only one process should\nread this file. This file should not be read if a syslog process is running which\nuses the syslog(2) system call facility to log kernel messages.\n\nInformation in this file is retrieved with the dmesg(1) program.\n\n/proc/kpagecgroup (since Linux 4.3)\nThis file contains a 64-bit inode number of the memory cgroup each page is charged to,\nindexed by page frame number (see the discussion of /proc/[pid]/pagemap).\n\nThe /proc/kpagecgroup file is present only if the CONFIGMEMCG kernel configuration\noption is enabled.\n\n/proc/kpagecount (since Linux 2.6.25)\nThis file contains a 64-bit count of the number of times each physical page frame is\nmapped, indexed by page frame number (see the discussion of /proc/[pid]/pagemap).\n\nThe /proc/kpagecount file is present only if the CONFIGPROCPAGEMONITOR kernel con‐\nfiguration option is enabled.\n\n/proc/kpageflags (since Linux 2.6.25)\nThis file contains 64-bit masks corresponding to each physical page frame; it is in‐\ndexed by page frame number (see the discussion of /proc/[pid]/pagemap). The bits are\nas follows:\n\n0 - KPFLOCKED\n1 - KPFERROR\n2 - KPFREFERENCED\n3 - KPFUPTODATE\n4 - KPFDIRTY\n5 - KPFLRU\n6 - KPFACTIVE\n7 - KPFSLAB\n8 - KPFWRITEBACK\n9 - KPFRECLAIM\n10 - KPFBUDDY\n11 - KPFMMAP (since Linux 2.6.31)\n12 - KPFANON (since Linux 2.6.31)\n13 - KPFSWAPCACHE (since Linux 2.6.31)\n14 - KPFSWAPBACKED (since Linux 2.6.31)\n15 - KPFCOMPOUNDHEAD (since Linux 2.6.31)\n16 - KPFCOMPOUNDTAIL (since Linux 2.6.31)\n17 - KPFHUGE (since Linux 2.6.31)\n18 - KPFUNEVICTABLE (since Linux 2.6.31)\n19 - KPFHWPOISON (since Linux 2.6.31)\n20 - KPFNOPAGE (since Linux 2.6.31)\n21 - KPFKSM (since Linux 2.6.32)\n22 - KPFTHP (since Linux 3.4)\n23 - KPFBALLOON (since Linux 3.18)\n24 - KPFZEROPAGE (since Linux 4.0)\n25 - KPFIDLE (since Linux 4.3)\n\nFor further details on the meanings of these bits, see the kernel source file Documen‐\ntation/admin-guide/mm/pagemap.rst. Before kernel 2.6.29, KPFWRITEBACK, KPFRECLAIM,\nKPFBUDDY, and KPFLOCKED did not report correctly.\n\nThe /proc/kpageflags file is present only if the CONFIGPROCPAGEMONITOR kernel con‐\nfiguration option is enabled.\n\n/proc/ksyms (Linux 1.1.23–2.5.47)\nSee /proc/kallsyms.\n\n/proc/loadavg\nThe first three fields in this file are load average figures giving the number of jobs\nin the run queue (state R) or waiting for disk I/O (state D) averaged over 1, 5, and\n15 minutes. They are the same as the load average numbers given by uptime(1) and\nother programs. The fourth field consists of two numbers separated by a slash (/).\nThe first of these is the number of currently runnable kernel scheduling entities\n(processes, threads). The value after the slash is the number of kernel scheduling\nentities that currently exist on the system. The fifth field is the PID of the\nprocess that was most recently created on the system.\n\n/proc/locks\nThis file shows current file locks (flock(2) and fcntl(2)) and leases (fcntl(2)).\n\nAn example of the content shown in this file is the following:\n\n1: POSIX ADVISORY READ 5433 08:01:7864448 128 128\n2: FLOCK ADVISORY WRITE 2001 08:01:7864554 0 EOF\n3: FLOCK ADVISORY WRITE 1568 00:2f:32388 0 EOF\n4: POSIX ADVISORY WRITE 699 00:16:28457 0 EOF\n5: POSIX ADVISORY WRITE 764 00:16:21448 0 0\n6: POSIX ADVISORY READ 3548 08:01:7867240 1 1\n7: POSIX ADVISORY READ 3548 08:01:7865567 1826 2335\n8: OFDLCK ADVISORY WRITE -1 08:01:8713209 128 191\n\nThe fields shown in each line are as follows:\n\n(1) The ordinal position of the lock in the list.\n\n(2) The lock type. Values that may appear here include:\n\nFLOCK This is a BSD file lock created using flock(2).\n\nOFDLCK This is an open file description (OFD) lock created using fcntl(2).\n\nPOSIX This is a POSIX byte-range lock created using fcntl(2).\n\n(3) Among the strings that can appear here are the following:\n\nADVISORY\nThis is an advisory lock.\n\nMANDATORY\nThis is a mandatory lock.\n\n(4) The type of lock. Values that can appear here are:\n\nREAD This is a POSIX or OFD read lock, or a BSD shared lock.\n\nWRITE This is a POSIX or OFD write lock, or a BSD exclusive lock.\n\n(5) The PID of the process that owns the lock.\n\nBecause OFD locks are not owned by a single process (since multiple processes may\nhave file descriptors that refer to the same open file description), the value -1\nis displayed in this field for OFD locks. (Before kernel 4.14, a bug meant that\nthe PID of the process that initially acquired the lock was displayed instead of\nthe value -1.)\n\n(6) Three colon-separated subfields that identify the major and minor device ID of the\ndevice containing the filesystem where the locked file resides, followed by the\ninode number of the locked file.\n\n(7) The byte offset of the first byte of the lock. For BSD locks, this value is al‐\nways 0.\n\n(8) The byte offset of the last byte of the lock. EOF in this field means that the\nlock extends to the end of the file. For BSD locks, the value shown is always\nEOF.\n\nSince Linux 4.9, the list of locks shown in /proc/locks is filtered to show just the\nlocks for the processes in the PID namespace (see pidnamespaces(7)) for which the\n/proc filesystem was mounted. (In the initial PID namespace, there is no filtering of\nthe records shown in this file.)\n\nThe lslocks(8) command provides a bit more information about each lock.\n\n/proc/malloc (only up to and including Linux 2.2)\nThis file is present only if CONFIGDEBUGMALLOC was defined during compilation.\n\n/proc/meminfo\nThis file reports statistics about memory usage on the system. It is used by free(1)\nto report the amount of free and used memory (both physical and swap) on the system as\nwell as the shared memory and buffers used by the kernel. Each line of the file con‐\nsists of a parameter name, followed by a colon, the value of the parameter, and an op‐\ntion unit of measurement (e.g., \"kB\"). The list below describes the parameter names\nand the format specifier required to read the field value. Except as noted below, all\nof the fields have been present since at least Linux 2.6.0. Some fields are displayed\nonly if the kernel was configured with various options; those dependencies are noted\nin the list.\n\nMemTotal %lu\nTotal usable RAM (i.e., physical RAM minus a few reserved bits and the kernel\nbinary code).\n\nMemFree %lu\nThe sum of LowFree+HighFree.\n\nMemAvailable %lu (since Linux 3.14)\nAn estimate of how much memory is available for starting new applications,\nwithout swapping.\n\nBuffers %lu\nRelatively temporary storage for raw disk blocks that shouldn't get tremen‐\ndously large (20 MB or so).\n\nCached %lu\nIn-memory cache for files read from the disk (the page cache). Doesn't include\nSwapCached.\n\nSwapCached %lu\nMemory that once was swapped out, is swapped back in but still also is in the\nswap file. (If memory pressure is high, these pages don't need to be swapped\nout again because they are already in the swap file. This saves I/O.)\n\nActive %lu\nMemory that has been used more recently and usually not reclaimed unless abso‐\nlutely necessary.\n\nInactive %lu\nMemory which has been less recently used. It is more eligible to be reclaimed\nfor other purposes.\n\nActive(anon) %lu (since Linux 2.6.28)\n[To be documented.]\n\nInactive(anon) %lu (since Linux 2.6.28)\n[To be documented.]\n\nActive(file) %lu (since Linux 2.6.28)\n[To be documented.]\n\nInactive(file) %lu (since Linux 2.6.28)\n[To be documented.]\n\nUnevictable %lu (since Linux 2.6.28)\n(From Linux 2.6.28 to 2.6.30, CONFIGUNEVICTABLELRU was required.) [To be\ndocumented.]\n\nMlocked %lu (since Linux 2.6.28)\n(From Linux 2.6.28 to 2.6.30, CONFIGUNEVICTABLELRU was required.) [To be\ndocumented.]\n\nHighTotal %lu\n(Starting with Linux 2.6.19, CONFIGHIGHMEM is required.) Total amount of\nhighmem. Highmem is all memory above ~860 MB of physical memory. Highmem ar‐\neas are for use by user-space programs, or for the page cache. The kernel must\nuse tricks to access this memory, making it slower to access than lowmem.\n\nHighFree %lu\n(Starting with Linux 2.6.19, CONFIGHIGHMEM is required.) Amount of free high‐\nmem.\n\nLowTotal %lu\n(Starting with Linux 2.6.19, CONFIGHIGHMEM is required.) Total amount of\nlowmem. Lowmem is memory which can be used for everything that highmem can be\nused for, but it is also available for the kernel's use for its own data struc‐\ntures. Among many other things, it is where everything from Slab is allocated.\nBad things happen when you're out of lowmem.\n\nLowFree %lu\n(Starting with Linux 2.6.19, CONFIGHIGHMEM is required.) Amount of free\nlowmem.\n\nMmapCopy %lu (since Linux 2.6.29)\n(CONFIGMMU is required.) [To be documented.]\n\nSwapTotal %lu\nTotal amount of swap space available.\n\nSwapFree %lu\nAmount of swap space that is currently unused.\n\nDirty %lu\nMemory which is waiting to get written back to the disk.\n\nWriteback %lu\nMemory which is actively being written back to the disk.\n\nAnonPages %lu (since Linux 2.6.18)\nNon-file backed pages mapped into user-space page tables.\n\nMapped %lu\nFiles which have been mapped into memory (with mmap(2)), such as libraries.\n\nShmem %lu (since Linux 2.6.32)\nAmount of memory consumed in tmpfs(5) filesystems.\n\nKReclaimable %lu (since Linux 4.20)\nKernel allocations that the kernel will attempt to reclaim under memory pres‐\nsure. Includes SReclaimable (below), and other direct allocations with a\nshrinker.\n\nSlab %lu\nIn-kernel data structures cache. (See slabinfo(5).)\n\nSReclaimable %lu (since Linux 2.6.19)\nPart of Slab, that might be reclaimed, such as caches.\n\nSUnreclaim %lu (since Linux 2.6.19)\nPart of Slab, that cannot be reclaimed on memory pressure.\n\nKernelStack %lu (since Linux 2.6.32)\nAmount of memory allocated to kernel stacks.\n\nPageTables %lu (since Linux 2.6.18)\nAmount of memory dedicated to the lowest level of page tables.\n\nQuicklists %lu (since Linux 2.6.27)\n(CONFIGQUICKLIST is required.) [To be documented.]\n\nNFSUnstable %lu (since Linux 2.6.18)\nNFS pages sent to the server, but not yet committed to stable storage.\n\nBounce %lu (since Linux 2.6.18)\nMemory used for block device \"bounce buffers\".\n\nWritebackTmp %lu (since Linux 2.6.26)\nMemory used by FUSE for temporary writeback buffers.\n\nCommitLimit %lu (since Linux 2.6.10)\nThis is the total amount of memory currently available to be allocated on the\nsystem, expressed in kilobytes. This limit is adhered to only if strict over‐\ncommit accounting is enabled (mode 2 in /proc/sys/vm/overcommitmemory). The\nlimit is calculated according to the formula described under /proc/sys/vm/over‐\ncommitmemory. For further details, see the kernel source file Documenta‐\ntion/vm/overcommit-accounting.rst.\n\nCommittedAS %lu\nThe amount of memory presently allocated on the system. The committed memory\nis a sum of all of the memory which has been allocated by processes, even if it\nhas not been \"used\" by them as of yet. A process which allocates 1 GB of mem‐\nory (using malloc(3) or similar), but touches only 300 MB of that memory will\nshow up as using only 300 MB of memory even if it has the address space allo‐\ncated for the entire 1 GB.\n\nThis 1 GB is memory which has been \"committed\" to by the VM and can be used at\nany time by the allocating application. With strict overcommit enabled on the\nsystem (mode 2 in /proc/sys/vm/overcommitmemory), allocations which would ex‐\nceed the CommitLimit will not be permitted. This is useful if one needs to\nguarantee that processes will not fail due to lack of memory once that memory\nhas been successfully allocated.\n\nVmallocTotal %lu\nTotal size of vmalloc memory area.\n\nVmallocUsed %lu\nAmount of vmalloc area which is used. Since Linux 4.4, this field is no longer\ncalculated, and is hard coded as 0. See /proc/vmallocinfo.\n\nVmallocChunk %lu\nLargest contiguous block of vmalloc area which is free. Since Linux 4.4, this\nfield is no longer calculated and is hard coded as 0. See /proc/vmallocinfo.\n\nHardwareCorrupted %lu (since Linux 2.6.32)\n(CONFIGMEMORYFAILURE is required.) [To be documented.]\n\nLazyFree %lu (since Linux 4.12)\nShows the amount of memory marked by madvise(2) MADVFREE.\n\nAnonHugePages %lu (since Linux 2.6.38)\n(CONFIGTRANSPARENTHUGEPAGE is required.) Non-file backed huge pages mapped\ninto user-space page tables.\n\nShmemHugePages %lu (since Linux 4.8)\n(CONFIGTRANSPARENTHUGEPAGE is required.) Memory used by shared memory\n(shmem) and tmpfs(5) allocated with huge pages.\n\nShmemPmdMapped %lu (since Linux 4.8)\n(CONFIGTRANSPARENTHUGEPAGE is required.) Shared memory mapped into user\nspace with huge pages.\n\nCmaTotal %lu (since Linux 3.1)\nTotal CMA (Contiguous Memory Allocator) pages. (CONFIGCMA is required.)\n\nCmaFree %lu (since Linux 3.1)\nFree CMA (Contiguous Memory Allocator) pages. (CONFIGCMA is required.)\n\nHugePagesTotal %lu\n(CONFIGHUGETLBPAGE is required.) The size of the pool of huge pages.\n\nHugePagesFree %lu\n(CONFIGHUGETLBPAGE is required.) The number of huge pages in the pool that\nare not yet allocated.\n\nHugePagesRsvd %lu (since Linux 2.6.17)\n(CONFIGHUGETLBPAGE is required.) This is the number of huge pages for which\na commitment to allocate from the pool has been made, but no allocation has yet\nbeen made. These reserved huge pages guarantee that an application will be\nable to allocate a huge page from the pool of huge pages at fault time.\n\nHugePagesSurp %lu (since Linux 2.6.24)\n(CONFIGHUGETLBPAGE is required.) This is the number of huge pages in the\npool above the value in /proc/sys/vm/nrhugepages. The maximum number of sur‐\nplus huge pages is controlled by /proc/sys/vm/nrovercommithugepages.\n\nHugepagesize %lu\n(CONFIGHUGETLBPAGE is required.) The size of huge pages.\n\nDirectMap4k %lu (since Linux 2.6.27)\nNumber of bytes of RAM linearly mapped by kernel in 4 kB pages. (x86.)\n\nDirectMap4M %lu (since Linux 2.6.27)\nNumber of bytes of RAM linearly mapped by kernel in 4 MB pages. (x86 with CON‐‐\nFIGX8664 or CONFIGX86PAE enabled.)\n\nDirectMap2M %lu (since Linux 2.6.27)\nNumber of bytes of RAM linearly mapped by kernel in 2 MB pages. (x86 with nei‐\nther CONFIGX8664 nor CONFIGX86PAE enabled.)\n\nDirectMap1G %lu (since Linux 2.6.27)\n(x86 with CONFIGX8664 and CONFIGX86DIRECTGBPAGES enabled.)\n\n/proc/modules\nA text list of the modules that have been loaded by the system. See also lsmod(8).\n\n/proc/mounts\nBefore kernel 2.4.19, this file was a list of all the filesystems currently mounted on\nthe system. With the introduction of per-process mount namespaces in Linux 2.4.19\n(see mountnamespaces(7)), this file became a link to /proc/self/mounts, which lists\nthe mount points of the process's own mount namespace. The format of this file is\ndocumented in fstab(5).\n\n/proc/mtrr\nMemory Type Range Registers. See the Linux kernel source file Documenta‐\ntion/x86/mtrr.txt (or Documentation/mtrr.txt before Linux 2.6.28) for details.\n\n/proc/net\nThis directory contains various files and subdirectories containing information about\nthe networking layer. The files contain ASCII structures and are, therefore, readable\nwith cat(1). However, the standard netstat(8) suite provides much cleaner access to\nthese files.\n\nWith the advent of network namespaces, various information relating to the network\nstack is virtualized (see networknamespaces(7)). Thus, since Linux 2.6.25, /proc/net\nis a symbolic link to the directory /proc/self/net, which contains the same files and\ndirectories as listed below. However, these files and directories now expose informa‐\ntion for the network namespace of which the process is a member.\n\n/proc/net/arp\nThis holds an ASCII readable dump of the kernel ARP table used for address resolu‐\ntions. It will show both dynamically learned and preprogrammed ARP entries. The for‐\nmat is:\n\nIP address HW type Flags HW address Mask Device\n192.168.0.50 0x1 0x2 00:50:BF:25:68:F3 * eth0\n192.168.0.250 0x1 0xc 00:00:00:00:00:00 * eth0\n\nHere \"IP address\" is the IPv4 address of the machine and the \"HW type\" is the hardware\ntype of the address from RFC 826. The flags are the internal flags of the ARP struc‐\nture (as defined in /usr/include/linux/ifarp.h) and the \"HW address\" is the data link\nlayer mapping for that IP address if it is known.\n\n/proc/net/dev\nThe dev pseudo-file contains network device status information. This gives the number\nof received and sent packets, the number of errors and collisions and other basic sta‐\ntistics. These are used by the ifconfig(8) program to report device status. The for‐\nmat is:\n\nInter-| Receive | Transmit\nface |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed\nlo: 2776770 11307 0 0 0 0 0 0 2776770 11307 0 0 0 0 0 0\neth0: 1215645 2751 0 0 0 0 0 0 1782404 4324 0 0 0 427 0 0\nppp0: 1622270 5552 1 0 0 0 0 0 354130 5669 0 0 0 0 0 0\ntap0: 7714 81 0 0 0 0 0 0 7714 81 0 0 0 0 0 0\n\n/proc/net/devmcast\nDefined in /usr/src/linux/net/core/devmcast.c:\n\nindx interfacename dmiu dmig dmiaddress\n2 eth0 1 0 01005e000001\n3 eth1 1 0 01005e000001\n4 eth2 1 0 01005e000001\n\n/proc/net/igmp\nInternet Group Management Protocol. Defined in /usr/src/linux/net/core/igmp.c.\n\n/proc/net/rarp\nThis file uses the same format as the arp file and contains the current reverse map‐\nping database used to provide rarp(8) reverse address lookup services. If RARP is not\nconfigured into the kernel, this file will not be present.\n\n/proc/net/raw\nHolds a dump of the RAW socket table. Much of the information is not of use apart\nfrom debugging. The \"sl\" value is the kernel hash slot for the socket, the \"localad‐\ndress\" is the local address and protocol number pair. \"St\" is the internal status of\nthe socket. The \"txqueue\" and \"rxqueue\" are the outgoing and incoming data queue in\nterms of kernel memory usage. The \"tr\", \"tm->when\", and \"rexmits\" fields are not used\nby RAW. The \"uid\" field holds the effective UID of the creator of the socket.\n\n/proc/net/snmp\nThis file holds the ASCII data needed for the IP, ICMP, TCP, and UDP management infor‐\nmation bases for an SNMP agent.\n\n/proc/net/tcp\nHolds a dump of the TCP socket table. Much of the information is not of use apart\nfrom debugging. The \"sl\" value is the kernel hash slot for the socket, the \"localad‐\ndress\" is the local address and port number pair. The \"remaddress\" is the remote ad‐\ndress and port number pair (if connected). \"St\" is the internal status of the socket.\nThe \"txqueue\" and \"rxqueue\" are the outgoing and incoming data queue in terms of\nkernel memory usage. The \"tr\", \"tm->when\", and \"rexmits\" fields hold internal infor‐\nmation of the kernel socket state and are useful only for debugging. The \"uid\" field\nholds the effective UID of the creator of the socket.\n\n/proc/net/udp\nHolds a dump of the UDP socket table. Much of the information is not of use apart\nfrom debugging. The \"sl\" value is the kernel hash slot for the socket, the \"localad‐\ndress\" is the local address and port number pair. The \"remaddress\" is the remote ad‐\ndress and port number pair (if connected). \"St\" is the internal status of the socket.\nThe \"txqueue\" and \"rxqueue\" are the outgoing and incoming data queue in terms of\nkernel memory usage. The \"tr\", \"tm->when\", and \"rexmits\" fields are not used by UDP.\nThe \"uid\" field holds the effective UID of the creator of the socket. The format is:\n\nsl localaddress remaddress st txqueue rxqueue tr rexmits tm->when uid\n1: 01642C89:0201 0C642C89:03FF 01 00000000:00000001 01:000071BA 00000000 0\n1: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 6F000100 0\n1: 00000000:0201 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0\n\n/proc/net/unix\nLists the UNIX domain sockets present within the system and their status. The format\nis:\n\nNum RefCount Protocol Flags Type St Inode Path\n0: 00000002 00000000 00000000 0001 03 42\n1: 00000001 00000000 00010000 0001 01 1948 /dev/printer\n\nThe fields are as follows:\n\nNum: the kernel table slot number.\n\nRefCount: the number of users of the socket.\n\nProtocol: currently always 0.\n\nFlags: the internal kernel flags holding the status of the socket.\n\nType: the socket type. For SOCKSTREAM sockets, this is 0001; for SOCKDGRAM\nsockets, it is 0002; and for SOCKSEQPACKET sockets, it is 0005.\n\nSt: the internal state of the socket.\n\nInode: the inode number of the socket.\n\nPath: the bound pathname (if any) of the socket. Sockets in the abstract name‐\nspace are included in the list, and are shown with a Path that commences\nwith the character '@'.\n\n/proc/net/netfilter/nfnetlinkqueue\nThis file contains information about netfilter user-space queueing, if used. Each\nline represents a queue. Queues that have not been subscribed to by user space are\nnot shown.\n\n1 4207 0 2 65535 0 0 0 1\n(1) (2) (3)(4) (5) (6) (7) (8)\n\nThe fields in each line are:\n\n(1) The ID of the queue. This matches what is specified in the --queue-num or\n--queue-balance options to the iptables(8) NFQUEUE target. See iptables-exten‐‐\nsions(8) for more information.\n\n(2) The netlink port ID subscribed to the queue.\n\n(3) The number of packets currently queued and waiting to be processed by the appli‐\ncation.\n\n(4) The copy mode of the queue. It is either 1 (metadata only) or 2 (also copy pay‐\nload data to user space).\n\n(5) Copy range; that is, how many bytes of packet payload should be copied to user\nspace at most.\n\n(6) queue dropped. Number of packets that had to be dropped by the kernel because\ntoo many packets are already waiting for user space to send back the mandatory\naccept/drop verdicts.\n\n(7) queue user dropped. Number of packets that were dropped within the netlink sub‐\nsystem. Such drops usually happen when the corresponding socket buffer is full;\nthat is, user space is not able to read messages fast enough.\n\n(8) sequence number. Every queued packet is associated with a (32-bit) monotonically\nincreasing sequence number. This shows the ID of the most recent packet queued.\n\nThe last number exists only for compatibility reasons and is always 1.\n\n/proc/partitions\nContains the major and minor numbers of each partition as well as the number of\n1024-byte blocks and the partition name.\n\n/proc/pci\nThis is a listing of all PCI devices found during kernel initialization and their con‐\nfiguration.\n\nThis file has been deprecated in favor of a new /proc interface for PCI\n(/proc/bus/pci). It became optional in Linux 2.2 (available with CONFIGPCIOLDPROC\nset at kernel compilation). It became once more nonoptionally enabled in Linux 2.4.\nNext, it was deprecated in Linux 2.6 (still available with CONFIGPCILEGACYPROC\nset), and finally removed altogether since Linux 2.6.17.\n\n/proc/profile (since Linux 2.4)\nThis file is present only if the kernel was booted with the profile=1 command-line op‐\ntion. It exposes kernel profiling information in a binary format for use by readpro‐‐\nfile(1). Writing (e.g., an empty string) to this file resets the profiling counters;\non some architectures, writing a binary integer \"profiling multiplier\" of size\nsizeof(int) sets the profiling interrupt frequency.\n\n/proc/scsi\nA directory with the scsi mid-level pseudo-file and various SCSI low-level driver di‐\nrectories, which contain a file for each SCSI host in this system, all of which give\nthe status of some part of the SCSI IO subsystem. These files contain ASCII struc‐\ntures and are, therefore, readable with cat(1).\n\nYou can also write to some of the files to reconfigure the subsystem or switch certain\nfeatures on or off.\n\n/proc/scsi/scsi\nThis is a listing of all SCSI devices known to the kernel. The listing is similar to\nthe one seen during bootup. scsi currently supports only the add-single-device com‐\nmand which allows root to add a hotplugged device to the list of known devices.\n\nThe command\n\necho 'scsi add-single-device 1 0 5 0' > /proc/scsi/scsi\n\nwill cause host scsi1 to scan on SCSI channel 0 for a device on ID 5 LUN 0. If there\nis already a device known on this address or the address is invalid, an error will be\nreturned.\n\n/proc/scsi/[drivername]\n[drivername] can currently be NCR53c7xx, aha152x, aha1542, aha1740, aic7xxx, buslogic,\neatadma, eatapio, fdomain, in2000, pas16, qlogic, scsidebug, seagate, t128,\nu15-24f, ultrastore, or wd7000. These directories show up for all drivers that regis‐\ntered at least one SCSI HBA. Every directory contains one file per registered host.\nEvery host-file is named after the number the host was assigned during initialization.\n\nReading these files will usually show driver and host configuration, statistics, and\nso on.\n\nWriting to these files allows different things on different hosts. For example, with\nthe latency and nolatency commands, root can switch on and off command latency mea‐\nsurement code in the eatadma driver. With the lockup and unlock commands, root can\ncontrol bus lockups simulated by the scsidebug driver.\n\n/proc/self\nThis directory refers to the process accessing the /proc filesystem, and is identical\nto the /proc directory named by the process ID of the same process.\n\n/proc/slabinfo\nInformation about kernel caches. See slabinfo(5) for details.\n\n/proc/stat\nkernel/system statistics. Varies with architecture. Common entries include:\n\ncpu 10132153 290696 3084719 46828483 16683 0 25195 0 175628 0\ncpu0 1393280 32966 572056 13343292 6130 0 17875 0 23933 0\nThe amount of time, measured in units of USERHZ (1/100ths of a second on most\narchitectures, use sysconf(SCCLKTCK) to obtain the right value), that the\nsystem (\"cpu\" line) or the specific CPU (\"cpuN\" line) spent in various states:\n\nuser (1) Time spent in user mode.\n\nnice (2) Time spent in user mode with low priority (nice).\n\nsystem (3) Time spent in system mode.\n\nidle (4) Time spent in the idle task. This value should be USERHZ times the\nsecond entry in the /proc/uptime pseudo-file.\n\niowait (since Linux 2.5.41)\n(5) Time waiting for I/O to complete. This value is not reliable, for\nthe following reasons:\n\n1. The CPU will not wait for I/O to complete; iowait is the time that a\ntask is waiting for I/O to complete. When a CPU goes into idle state\nfor outstanding task I/O, another task will be scheduled on this CPU.\n\n2. On a multi-core CPU, the task waiting for I/O to complete is not run‐\nning on any CPU, so the iowait of each CPU is difficult to calculate.\n\n3. The value in this field may decrease in certain conditions.\n\nirq (since Linux 2.6.0)\n(6) Time servicing interrupts.\n\nsoftirq (since Linux 2.6.0)\n(7) Time servicing softirqs.\n\nsteal (since Linux 2.6.11)\n(8) Stolen time, which is the time spent in other operating systems when\nrunning in a virtualized environment\n\nguest (since Linux 2.6.24)\n(9) Time spent running a virtual CPU for guest operating systems under\nthe control of the Linux kernel.\n\nguestnice (since Linux 2.6.33)\n(10) Time spent running a niced guest (virtual CPU for guest operating\nsystems under the control of the Linux kernel).\n\npage 5741 1808\nThe number of pages the system paged in and the number that were paged out\n(from disk).\n\nswap 1 0\nThe number of swap pages that have been brought in and out.\n\nintr 1462898\nThis line shows counts of interrupts serviced since boot time, for each of the\npossible system interrupts. The first column is the total of all interrupts\nserviced including unnumbered architecture specific interrupts; each subsequent\ncolumn is the total for that particular numbered interrupt. Unnumbered inter‐\nrupts are not shown, only summed into the total.\n\ndiskio: (2,0):(31,30,5764,1,2) (3,0):...\n(major,diskidx):(noinfo, readioops, blksread, writeioops, blkswritten)\n(Linux 2.4 only)\n\nctxt 115315\nThe number of context switches that the system underwent.\n\nbtime 769041601\nboot time, in seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC).\n\nprocesses 86031\nNumber of forks since boot.\n\nprocsrunning 6\nNumber of processes in runnable state. (Linux 2.5.45 onward.)\n\nprocsblocked 2\nNumber of processes blocked waiting for I/O to complete. (Linux 2.5.45 on‐\nward.)\n\nsoftirq 229245889 94 60001584 13619 5175704 2471304 28 51212741 59130143 0 51240672\nThis line shows the number of softirq for all CPUs. The first column is the\ntotal of all softirqs and each subsequent column is the total for particular\nsoftirq. (Linux 2.6.31 onward.)\n\n/proc/swaps\nSwap areas in use. See also swapon(8).\n\n/proc/sys\nThis directory (present since 1.3.57) contains a number of files and subdirectories\ncorresponding to kernel variables. These variables can be read and in some cases mod‐\nified using the /proc filesystem, and the (deprecated) sysctl(2) system call.\n\nString values may be terminated by either '\\0' or '\\n'.\n\nInteger and long values may be written either in decimal or in hexadecimal notation\n(e.g., 0x3FFF). When writing multiple integer or long values, these may be separated\nby any of the following whitespace characters: ' ', '\\t', or '\\n'. Using other sepa‐\nrators leads to the error EINVAL.\n\n/proc/sys/abi (since Linux 2.4.10)\nThis directory may contain files with application binary information. See the Linux\nkernel source file Documentation/sysctl/abi.txt for more information.\n\n/proc/sys/debug\nThis directory may be empty.\n\n/proc/sys/dev\nThis directory contains device-specific information (e.g., dev/cdrom/info). On some\nsystems, it may be empty.\n\n/proc/sys/fs\nThis directory contains the files and subdirectories for kernel variables related to\nfilesystems.\n\n/proc/sys/fs/aio-max-nr and /proc/sys/fs/aio-nr (since Linux 2.6.4)\naio-nr is the running total of the number of events specified by iosetup(2) calls for\nall currently active AIO contexts. If aio-nr reaches aio-max-nr, then iosetup(2)\nwill fail with the error EAGAIN. Raising aio-max-nr does not result in the prealloca‐\ntion or resizing of any kernel data structures.\n\n/proc/sys/fs/binfmtmisc\nDocumentation for files in this directory can be found in the Linux kernel source in\nthe file Documentation/admin-guide/binfmt-misc.rst (or in Documenta‐\ntion/binfmtmisc.txt on older kernels).\n\n/proc/sys/fs/dentry-state (since Linux 2.2)\nThis file contains information about the status of the directory cache (dcache). The\nfile contains six numbers, nrdentry, nrunused, agelimit (age in seconds),\nwantpages (pages requested by system) and two dummy values.\n\n* nrdentry is the number of allocated dentries (dcache entries). This field is un‐\nused in Linux 2.2.\n\n* nrunused is the number of unused dentries.\n\n* agelimit is the age in seconds after which dcache entries can be reclaimed when\nmemory is short.\n\n* wantpages is nonzero when the kernel has called shrinkdcachepages() and the\ndcache isn't pruned yet.\n\n/proc/sys/fs/dir-notify-enable\nThis file can be used to disable or enable the dnotify interface described in fcntl(2)\non a system-wide basis. A value of 0 in this file disables the interface, and a value\nof 1 enables it.\n\n/proc/sys/fs/dquot-max\nThis file shows the maximum number of cached disk quota entries. On some (2.4) sys‐\ntems, it is not present. If the number of free cached disk quota entries is very low\nand you have some awesome number of simultaneous system users, you might want to raise\nthe limit.\n\n/proc/sys/fs/dquot-nr\nThis file shows the number of allocated disk quota entries and the number of free disk\nquota entries.\n\n/proc/sys/fs/epoll (since Linux 2.6.28)\nThis directory contains the file maxuserwatches, which can be used to limit the\namount of kernel memory consumed by the epoll interface. For further details, see\nepoll(7).\n\n/proc/sys/fs/file-max\nThis file defines a system-wide limit on the number of open files for all processes.\nSystem calls that fail when encountering this limit fail with the error ENFILE. (See\nalso setrlimit(2), which can be used by a process to set the per-process limit,\nRLIMITNOFILE, on the number of files it may open.) If you get lots of error messages\nin the kernel log about running out of file handles (open file descriptions) (look for\n\"VFS: file-max limit reached\"), try increasing this value:\n\necho 100000 > /proc/sys/fs/file-max\n\nPrivileged processes (CAPSYSADMIN) can override the file-max limit.\n\n/proc/sys/fs/file-nr\nThis (read-only) file contains three numbers: the number of allocated file handles\n(i.e., the number of open file descriptions; see open(2)); the number of free file\nhandles; and the maximum number of file handles (i.e., the same value as\n/proc/sys/fs/file-max). If the number of allocated file handles is close to the maxi‐\nmum, you should consider increasing the maximum. Before Linux 2.6, the kernel allo‐\ncated file handles dynamically, but it didn't free them again. Instead the free file\nhandles were kept in a list for reallocation; the \"free file handles\" value indicates\nthe size of that list. A large number of free file handles indicates that there was a\npast peak in the usage of open file handles. Since Linux 2.6, the kernel does deallo‐\ncate freed file handles, and the \"free file handles\" value is always zero.\n\n/proc/sys/fs/inode-max (only present until Linux 2.2)\nThis file contains the maximum number of in-memory inodes. This value should be 3–4\ntimes larger than the value in file-max, since stdin, stdout and network sockets also\nneed an inode to handle them. When you regularly run out of inodes, you need to in‐\ncrease this value.\n\nStarting with Linux 2.4, there is no longer a static limit on the number of inodes,\nand this file is removed.\n\n/proc/sys/fs/inode-nr\nThis file contains the first two values from inode-state.\n\n/proc/sys/fs/inode-state\nThis file contains seven numbers: nrinodes, nrfreeinodes, preshrink, and four dummy\nvalues (always zero).\n\nnrinodes is the number of inodes the system has allocated. nrfreeinodes represents\nthe number of free inodes.\n\npreshrink is nonzero when the nrinodes > inode-max and the system needs to prune the\ninode list instead of allocating more; since Linux 2.4, this field is a dummy value\n(always zero).\n\n/proc/sys/fs/inotify (since Linux 2.6.13)\nThis directory contains files maxqueuedevents, maxuserinstances, and\nmaxuserwatches, that can be used to limit the amount of kernel memory consumed by\nthe inotify interface. For further details, see inotify(7).\n\n/proc/sys/fs/lease-break-time\nThis file specifies the grace period that the kernel grants to a process holding a\nfile lease (fcntl(2)) after it has sent a signal to that process notifying it that an‐\nother process is waiting to open the file. If the lease holder does not remove or\ndowngrade the lease within this grace period, the kernel forcibly breaks the lease.\n\n/proc/sys/fs/leases-enable\nThis file can be used to enable or disable file leases (fcntl(2)) on a system-wide ba‐\nsis. If this file contains the value 0, leases are disabled. A nonzero value enables\nleases.\n\n/proc/sys/fs/mount-max (since Linux 4.9)\nThe value in this file specifies the maximum number of mounts that may exist in a\nmount namespace. The default value in this file is 100,000.\n\n/proc/sys/fs/mqueue (since Linux 2.6.6)\nThis directory contains files msgmax, msgsizemax, and queuesmax, controlling the\nresources used by POSIX message queues. See mqoverview(7) for details.\n\n/proc/sys/fs/nropen (since Linux 2.6.25)\nThis file imposes a ceiling on the value to which the RLIMITNOFILE resource limit can\nbe raised (see getrlimit(2)). This ceiling is enforced for both unprivileged and\nprivileged process. The default value in this file is 1048576. (Before Linux 2.6.25,\nthe ceiling for RLIMITNOFILE was hard-coded to the same value.)\n\n/proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid\nThese files allow you to change the value of the fixed UID and GID. The default is\n65534. Some filesystems support only 16-bit UIDs and GIDs, although in Linux UIDs and\nGIDs are 32 bits. When one of these filesystems is mounted with writes enabled, any\nUID or GID that would exceed 65535 is translated to the overflow value before being\nwritten to disk.\n\n/proc/sys/fs/pipe-max-size (since Linux 2.6.35)\nSee pipe(7).\n\n/proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)\nSee pipe(7).\n\n/proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)\nSee pipe(7).\n\n/proc/sys/fs/protectedfifos (since Linux 4.19)\nThe value in this file is/can be set to one of the following:\n\n0 Writing to FIFOs is unrestricted.\n\n1 Don't allow OCREAT open(2) on FIFOs that the caller doesn't own in world-writable\nsticky directories, unless the FIFO is owned by the owner of the directory.\n\n2 As for the value 1, but the restriction also applies to group-writable sticky di‐\nrectories.\n\nThe intent of the above protections is to avoid unintentional writes to an attacker-\ncontrolled FIFO when a program expected to create a regular file.\n\n/proc/sys/fs/protectedhardlinks (since Linux 3.6)\nWhen the value in this file is 0, no restrictions are placed on the creation of hard\nlinks (i.e., this is the historical behavior before Linux 3.6). When the value in\nthis file is 1, a hard link can be created to a target file only if one of the follow‐\ning conditions is true:\n\n* The calling process has the CAPFOWNER capability in its user namespace and the\nfile UID has a mapping in the namespace.\n\n* The filesystem UID of the process creating the link matches the owner (UID) of the\ntarget file (as described in credentials(7), a process's filesystem UID is normally\nthe same as its effective UID).\n\n* All of the following conditions are true:\n\n• the target is a regular file;\n\n• the target file does not have its set-user-ID mode bit enabled;\n\n• the target file does not have both its set-group-ID and group-executable mode\nbits enabled; and\n\n• the caller has permission to read and write the target file (either via the\nfile's permissions mask or because it has suitable capabilities).\n\nThe default value in this file is 0. Setting the value to 1 prevents a longstanding\nclass of security issues caused by hard-link-based time-of-check, time-of-use races,\nmost commonly seen in world-writable directories such as /tmp. The common method of\nexploiting this flaw is to cross privilege boundaries when following a given hard link\n(i.e., a root process follows a hard link created by another user). Additionally, on\nsystems without separated partitions, this stops unauthorized users from \"pinning\"\nvulnerable set-user-ID and set-group-ID files against being upgraded by the adminis‐\ntrator, or linking to special files.\n\n/proc/sys/fs/protectedregular (since Linux 4.19)\nThe value in this file is/can be set to one of the following:\n\n0 Writing to regular files is unrestricted.\n\n1 Don't allow OCREAT open(2) on regular files that the caller doesn't own in world-\nwritable sticky directories, unless the regular file is owned by the owner of the\ndirectory.\n\n2 As for the value 1, but the restriction also applies to group-writable sticky di‐\nrectories.\n\nThe intent of the above protections is similar to protectedfifos, but allows an ap‐\nplication to avoid writes to an attacker-controlled regular file, where the applica‐\ntion expected to create one.\n\n/proc/sys/fs/protectedsymlinks (since Linux 3.6)\nWhen the value in this file is 0, no restrictions are placed on following symbolic\nlinks (i.e., this is the historical behavior before Linux 3.6). When the value in\nthis file is 1, symbolic links are followed only in the following circumstances:\n\n* the filesystem UID of the process following the link matches the owner (UID) of the\nsymbolic link (as described in credentials(7), a process's filesystem UID is nor‐\nmally the same as its effective UID);\n\n* the link is not in a sticky world-writable directory; or\n\n* the symbolic link and its parent directory have the same owner (UID)\n\nA system call that fails to follow a symbolic link because of the above restrictions\nreturns the error EACCES in errno.\n\nThe default value in this file is 0. Setting the value to 1 avoids a longstanding\nclass of security issues based on time-of-check, time-of-use races when accessing sym‐\nbolic links.\n\n/proc/sys/fs/suiddumpable (since Linux 2.6.13)\nThe value in this file is assigned to a process's \"dumpable\" flag in the circumstances\ndescribed in prctl(2). In effect, the value in this file determines whether core dump\nfiles are produced for set-user-ID or otherwise protected/tainted binaries. The\n\"dumpable\" setting also affects the ownership of files in a process's /proc/[pid] di‐\nrectory, as described above.\n\nThree different integer values can be specified:\n\n0 (default)\nThis provides the traditional (pre-Linux 2.6.13) behavior. A core dump will\nnot be produced for a process which has changed credentials (by calling se‐‐\nteuid(2), setgid(2), or similar, or by executing a set-user-ID or set-group-ID\nprogram) or whose binary does not have read permission enabled.\n\n1 (\"debug\")\nAll processes dump core when possible. (Reasons why a process might neverthe‐\nless not dump core are described in core(5).) The core dump is owned by the\nfilesystem user ID of the dumping process and no security is applied. This is\nintended for system debugging situations only: this mode is insecure because it\nallows unprivileged users to examine the memory contents of privileged pro‐\ncesses.\n\n2 (\"suidsafe\")\nAny binary which normally would not be dumped (see \"0\" above) is dumped read‐\nable by root only. This allows the user to remove the core dump file but not\nto read it. For security reasons core dumps in this mode will not overwrite\none another or other files. This mode is appropriate when administrators are\nattempting to debug problems in a normal environment.\n\nAdditionally, since Linux 3.6, /proc/sys/kernel/corepattern must either be an\nabsolute pathname or a pipe command, as detailed in core(5). Warnings will be\nwritten to the kernel log if corepattern does not follow these rules, and no\ncore dump will be produced.\n\nFor details of the effect of a process's \"dumpable\" setting on ptrace access mode\nchecking, see ptrace(2).\n\n/proc/sys/fs/super-max\nThis file controls the maximum number of superblocks, and thus the maximum number of\nmounted filesystems the kernel can have. You need increase only super-max if you need\nto mount more filesystems than the current value in super-max allows you to.\n\n/proc/sys/fs/super-nr\nThis file contains the number of filesystems currently mounted.\n\n/proc/sys/kernel\nThis directory contains files controlling a range of kernel parameters, as described\nbelow.\n\n/proc/sys/kernel/acct\nThis file contains three numbers: highwater, lowwater, and frequency. If BSD-style\nprocess accounting is enabled, these values control its behavior. If free space on\nfilesystem where the log lives goes below lowwater percent, accounting suspends. If\nfree space gets above highwater percent, accounting resumes. frequency determines how\noften the kernel checks the amount of free space (value is in seconds). Default val‐\nues are 4, 2 and 30. That is, suspend accounting if 2% or less space is free; resume\nit if 4% or more space is free; consider information about amount of free space valid\nfor 30 seconds.\n\n/proc/sys/kernel/automsgmni (Linux 2.6.27 to 3.18)\nFrom Linux 2.6.27 to 3.18, this file was used to control recomputing of the value in\n/proc/sys/kernel/msgmni upon the addition or removal of memory or upon IPC namespace\ncreation/removal. Echoing \"1\" into this file enabled msgmni automatic recomputing\n(and triggered a recomputation of msgmni based on the current amount of available mem‐\nory and number of IPC namespaces). Echoing \"0\" disabled automatic recomputing. (Au‐\ntomatic recomputing was also disabled if a value was explicitly assigned to\n/proc/sys/kernel/msgmni.) The default value in automsgmni was 1.\n\nSince Linux 3.19, the content of this file has no effect (because msgmni defaults to\nnear the maximum value possible), and reads from this file always return the value\n\"0\".\n\n/proc/sys/kernel/caplastcap (since Linux 3.2)\nSee capabilities(7).\n\n/proc/sys/kernel/cap-bound (from Linux 2.2 to 2.6.24)\nThis file holds the value of the kernel capability bounding set (expressed as a signed\ndecimal number). This set is ANDed against the capabilities permitted to a process\nduring execve(2). Starting with Linux 2.6.25, the system-wide capability bounding set\ndisappeared, and was replaced by a per-thread bounding set; see capabilities(7).\n\n/proc/sys/kernel/corepattern\nSee core(5).\n\n/proc/sys/kernel/corepipelimit\nSee core(5).\n\n/proc/sys/kernel/coreusespid\nSee core(5).\n\n/proc/sys/kernel/ctrl-alt-del\nThis file controls the handling of Ctrl-Alt-Del from the keyboard. When the value in\nthis file is 0, Ctrl-Alt-Del is trapped and sent to the init(1) program to handle a\ngraceful restart. When the value is greater than zero, Linux's reaction to a Vulcan\nNerve Pinch (tm) will be an immediate reboot, without even syncing its dirty buffers.\nNote: when a program (like dosemu) has the keyboard in \"raw\" mode, the ctrl-alt-del is\nintercepted by the program before it ever reaches the kernel tty layer, and it's up to\nthe program to decide what to do with it.\n\n/proc/sys/kernel/dmesgrestrict (since Linux 2.6.37)\nThe value in this file determines who can see kernel syslog contents. A value of 0 in\nthis file imposes no restrictions. If the value is 1, only privileged users can read\nthe kernel syslog. (See syslog(2) for more details.) Since Linux 3.4, only users\nwith the CAPSYSADMIN capability may change the value in this file.\n\n/proc/sys/kernel/domainname and /proc/sys/kernel/hostname\ncan be used to set the NIS/YP domainname and the hostname of your box in exactly the\nsame way as the commands domainname(1) and hostname(1), that is:\n\n# echo 'darkstar' > /proc/sys/kernel/hostname\n# echo 'mydomain' > /proc/sys/kernel/domainname\n\nhas the same effect as\n\n# hostname 'darkstar'\n# domainname 'mydomain'\n\nNote, however, that the classic darkstar.frop.org has the hostname \"darkstar\" and DNS\n(Internet Domain Name Server) domainname \"frop.org\", not to be confused with the NIS\n(Network Information Service) or YP (Yellow Pages) domainname. These two domain names\nare in general different. For a detailed discussion see the hostname(1) man page.\n\n/proc/sys/kernel/hotplug\nThis file contains the pathname for the hotplug policy agent. The default value in\nthis file is /sbin/hotplug.\n\n/proc/sys/kernel/htab-reclaim (before Linux 2.4.9.2)\n(PowerPC only) If this file is set to a nonzero value, the PowerPC htab (see kernel\nfile Documentation/powerpc/ppchtab.txt) is pruned each time the system hits the idle\nloop.\n\n/proc/sys/kernel/keys/*\nThis directory contains various files that define parameters and limits for the key-\nmanagement facility. These files are described in keyrings(7).\n\n/proc/sys/kernel/kptrrestrict (since Linux 2.6.38)\nThe value in this file determines whether kernel addresses are exposed via /proc files\nand other interfaces. A value of 0 in this file imposes no restrictions. If the\nvalue is 1, kernel pointers printed using the %pK format specifier will be replaced\nwith zeros unless the user has the CAPSYSLOG capability. If the value is 2, kernel\npointers printed using the %pK format specifier will be replaced with zeros regardless\nof the user's capabilities. The initial default value for this file was 1, but the\ndefault was changed to 0 in Linux 2.6.39. Since Linux 3.4, only users with the\nCAPSYSADMIN capability can change the value in this file.\n\n/proc/sys/kernel/l2cr\n(PowerPC only) This file contains a flag that controls the L2 cache of G3 processor\nboards. If 0, the cache is disabled. Enabled if nonzero.\n\n/proc/sys/kernel/modprobe\nThis file contains the pathname for the kernel module loader. The default value is\n/sbin/modprobe. The file is present only if the kernel is built with the CONFIGMOD‐‐\nULES (CONFIGKMOD in Linux 2.6.26 and earlier) option enabled. It is described by the\nLinux kernel source file Documentation/kmod.txt (present only in kernel 2.4 and ear‐\nlier).\n\n/proc/sys/kernel/modulesdisabled (since Linux 2.6.31)\nA toggle value indicating if modules are allowed to be loaded in an otherwise modular\nkernel. This toggle defaults to off (0), but can be set true (1). Once true, modules\ncan be neither loaded nor unloaded, and the toggle cannot be set back to false. The\nfile is present only if the kernel is built with the CONFIGMODULES option enabled.\n\n/proc/sys/kernel/msgmax (since Linux 2.2)\nThis file defines a system-wide limit specifying the maximum number of bytes in a sin‐\ngle message written on a System V message queue.\n\n/proc/sys/kernel/msgmni (since Linux 2.4)\nThis file defines the system-wide limit on the number of message queue identifiers.\nSee also /proc/sys/kernel/automsgmni.\n\n/proc/sys/kernel/msgmnb (since Linux 2.2)\nThis file defines a system-wide parameter used to initialize the msgqbytes setting\nfor subsequently created message queues. The msgqbytes setting specifies the maximum\nnumber of bytes that may be written to the message queue.\n\n/proc/sys/kernel/ngroupsmax (since Linux 2.6.4)\nThis is a read-only file that displays the upper limit on the number of a process's\ngroup memberships.\n\n/proc/sys/kernel/nslastpid (since Linux 3.3)\nSee pidnamespaces(7).\n\n/proc/sys/kernel/ostype and /proc/sys/kernel/osrelease\nThese files give substrings of /proc/version.\n\n/proc/sys/kernel/overflowgid and /proc/sys/kernel/overflowuid\nThese files duplicate the files /proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid.\n\n/proc/sys/kernel/panic\nThis file gives read/write access to the kernel variable panictimeout. If this is\nzero, the kernel will loop on a panic; if nonzero, it indicates that the kernel should\nautoreboot after this number of seconds. When you use the software watchdog device\ndriver, the recommended setting is 60.\n\n/proc/sys/kernel/paniconoops (since Linux 2.5.68)\nThis file controls the kernel's behavior when an oops or BUG is encountered. If this\nfile contains 0, then the system tries to continue operation. If it contains 1, then\nthe system delays a few seconds (to give klogd time to record the oops output) and\nthen panics. If the /proc/sys/kernel/panic file is also nonzero, then the machine\nwill be rebooted.\n\n/proc/sys/kernel/pidmax (since Linux 2.5.34)\nThis file specifies the value at which PIDs wrap around (i.e., the value in this file\nis one greater than the maximum PID). PIDs greater than this value are not allocated;\nthus, the value in this file also acts as a system-wide limit on the total number of\nprocesses and threads. The default value for this file, 32768, results in the same\nrange of PIDs as on earlier kernels. On 32-bit platforms, 32768 is the maximum value\nfor pidmax. On 64-bit systems, pidmax can be set to any value up to 2^22\n(PIDMAXLIMIT, approximately 4 million).\n\n/proc/sys/kernel/powersave-nap (PowerPC only)\nThis file contains a flag. If set, Linux-PPC will use the \"nap\" mode of powersaving,\notherwise the \"doze\" mode will be used.\n\n/proc/sys/kernel/printk\nSee syslog(2).\n\n/proc/sys/kernel/pty (since Linux 2.6.4)\nThis directory contains two files relating to the number of UNIX 98 pseudoterminals\n(see pts(4)) on the system.\n\n/proc/sys/kernel/pty/max\nThis file defines the maximum number of pseudoterminals.\n\n/proc/sys/kernel/pty/nr\nThis read-only file indicates how many pseudoterminals are currently in use.\n\n/proc/sys/kernel/random\nThis directory contains various parameters controlling the operation of the file\n/dev/random. See random(4) for further information.\n\n/proc/sys/kernel/random/uuid (since Linux 2.4)\nEach read from this read-only file returns a randomly generated 128-bit UUID, as a\nstring in the standard UUID format.\n\n/proc/sys/kernel/randomizevaspace (since Linux 2.6.12)\nSelect the address space layout randomization (ASLR) policy for the system (on archi‐\ntectures that support ASLR). Three values are supported for this file:\n\n0 Turn ASLR off. This is the default for architectures that don't support ASLR, and\nwhen the kernel is booted with the norandmaps parameter.\n\n1 Make the addresses of mmap(2) allocations, the stack, and the VDSO page randomized.\nAmong other things, this means that shared libraries will be loaded at randomized\naddresses. The text segment of PIE-linked binaries will also be loaded at a ran‐\ndomized address. This value is the default if the kernel was configured with CON‐‐\nFIGCOMPATBRK.\n\n2 (Since Linux 2.6.25) Also support heap randomization. This value is the default if\nthe kernel was not configured with CONFIGCOMPATBRK.\n\n/proc/sys/kernel/real-root-dev\nThis file is documented in the Linux kernel source file Documentation/admin-guide/ini‐\ntrd.rst (or Documentation/initrd.txt before Linux 4.10).\n\n/proc/sys/kernel/reboot-cmd (Sparc only)\nThis file seems to be a way to give an argument to the SPARC ROM/Flash boot loader.\nMaybe to tell it what to do after rebooting?\n\n/proc/sys/kernel/rtsig-max\n(Only in kernels up to and including 2.6.7; see setrlimit(2)) This file can be used to\ntune the maximum number of POSIX real-time (queued) signals that can be outstanding in\nthe system.\n\n/proc/sys/kernel/rtsig-nr\n(Only in kernels up to and including 2.6.7.) This file shows the number of POSIX\nreal-time signals currently queued.\n\n/proc/[pid]/schedautogroupenabled (since Linux 2.6.38)\nSee sched(7).\n\n/proc/sys/kernel/schedchildrunsfirst (since Linux 2.6.23)\nIf this file contains the value zero, then, after a fork(2), the parent is first\nscheduled on the CPU. If the file contains a nonzero value, then the child is sched‐\nuled first on the CPU. (Of course, on a multiprocessor system, the parent and the\nchild might both immediately be scheduled on a CPU.)\n\n/proc/sys/kernel/schedrrtimeslicems (since Linux 3.9)\nSee schedrrgetinterval(2).\n\n/proc/sys/kernel/schedrtperiodus (since Linux 2.6.25)\nSee sched(7).\n\n/proc/sys/kernel/schedrtruntimeus (since Linux 2.6.25)\nSee sched(7).\n\n/proc/sys/kernel/seccomp (since Linux 4.14)\nThis directory provides additional seccomp information and configuration. See sec‐‐\ncomp(2) for further details.\n\n/proc/sys/kernel/sem (since Linux 2.4)\nThis file contains 4 numbers defining limits for System V IPC semaphores. These\nfields are, in order:\n\nSEMMSL The maximum semaphores per semaphore set.\n\nSEMMNS A system-wide limit on the number of semaphores in all semaphore sets.\n\nSEMOPM The maximum number of operations that may be specified in a semop(2) call.\n\nSEMMNI A system-wide limit on the maximum number of semaphore identifiers.\n\n/proc/sys/kernel/sg-big-buff\nThis file shows the size of the generic SCSI device (sg) buffer. You can't tune it\njust yet, but you could change it at compile time by editing include/scsi/sg.h and\nchanging the value of SGBIGBUFF. However, there shouldn't be any reason to change\nthis value.\n\n/proc/sys/kernel/shmrmidforced (since Linux 3.1)\nIf this file is set to 1, all System V shared memory segments will be marked for de‐\nstruction as soon as the number of attached processes falls to zero; in other words,\nit is no longer possible to create shared memory segments that exist independently of\nany attached process.\n\nThe effect is as though a shmctl(2) IPCRMID is performed on all existing segments as\nwell as all segments created in the future (until this file is reset to 0). Note that\nexisting segments that are attached to no process will be immediately destroyed when\nthis file is set to 1. Setting this option will also destroy segments that were cre‐\nated, but never attached, upon termination of the process that created the segment\nwith shmget(2).\n\nSetting this file to 1 provides a way of ensuring that all System V shared memory seg‐\nments are counted against the resource usage and resource limits (see the description\nof RLIMITAS in getrlimit(2)) of at least one process.\n\nBecause setting this file to 1 produces behavior that is nonstandard and could also\nbreak existing applications, the default value in this file is 0. Set this file to 1\nonly if you have a good understanding of the semantics of the applications using Sys‐\ntem V shared memory on your system.\n\n/proc/sys/kernel/shmall (since Linux 2.2)\nThis file contains the system-wide limit on the total number of pages of System V\nshared memory.\n\n/proc/sys/kernel/shmmax (since Linux 2.2)\nThis file can be used to query and set the run-time limit on the maximum (System V\nIPC) shared memory segment size that can be created. Shared memory segments up to 1\nGB are now supported in the kernel. This value defaults to SHMMAX.\n\n/proc/sys/kernel/shmmni (since Linux 2.4)\nThis file specifies the system-wide maximum number of System V shared memory segments\nthat can be created.\n\n/proc/sys/kernel/sysctlwritesstrict (since Linux 3.16)\nThe value in this file determines how the file offset affects the behavior of updating\nentries in files under /proc/sys. The file has three possible values:\n\n-1 This provides legacy handling, with no printk warnings. Each write(2) must fully\ncontain the value to be written, and multiple writes on the same file descriptor\nwill overwrite the entire value, regardless of the file position.\n\n0 (default) This provides the same behavior as for -1, but printk warnings are writ‐\nten for processes that perform writes when the file offset is not 0.\n\n1 Respect the file offset when writing strings into /proc/sys files. Multiple\nwrites will append to the value buffer. Anything written beyond the maximum\nlength of the value buffer will be ignored. Writes to numeric /proc/sys entries\nmust always be at file offset 0 and the value must be fully contained in the buf‐\nfer provided to write(2).\n\n/proc/sys/kernel/sysrq\nThis file controls the functions allowed to be invoked by the SysRq key. By default,\nthe file contains 1 meaning that every possible SysRq request is allowed (in older\nkernel versions, SysRq was disabled by default, and you were required to specifically\nenable it at run-time, but this is not the case any more). Possible values in this\nfile are:\n\n0 Disable sysrq completely\n\n1 Enable all functions of sysrq\n\n> 1 Bit mask of allowed sysrq functions, as follows:\n2 Enable control of console logging level\n4 Enable control of keyboard (SAK, unraw)\n8 Enable debugging dumps of processes etc.\n16 Enable sync command\n32 Enable remount read-only\n64 Enable signaling of processes (term, kill, oom-kill)\n128 Allow reboot/poweroff\n256 Allow nicing of all real-time tasks\n\nThis file is present only if the CONFIGMAGICSYSRQ kernel configuration option is en‐\nabled. For further details see the Linux kernel source file Documentation/ad‐\nmin-guide/sysrq.rst (or Documentation/sysrq.txt before Linux 4.10).\n\n/proc/sys/kernel/version\nThis file contains a string such as:\n\n#5 Wed Feb 25 21:49:24 MET 1998\n\nThe \"#5\" means that this is the fifth kernel built from this source base and the date\nfollowing it indicates the time the kernel was built.\n\n/proc/sys/kernel/threads-max (since Linux 2.3.11)\nThis file specifies the system-wide limit on the number of threads (tasks) that can be\ncreated on the system.\n\nSince Linux 4.1, the value that can be written to threads-max is bounded. The minimum\nvalue that can be written is 20. The maximum value that can be written is given by\nthe constant FUTEXTIDMASK (0x3fffffff). If a value outside of this range is written\nto threads-max, the error EINVAL occurs.\n\nThe value written is checked against the available RAM pages. If the thread struc‐\ntures would occupy too much (more than 1/8th) of the available RAM pages, threads-max\nis reduced accordingly.\n\n/proc/sys/kernel/yama/ptracescope (since Linux 3.5)\nSee ptrace(2).\n\n/proc/sys/kernel/zero-paged (PowerPC only)\nThis file contains a flag. When enabled (nonzero), Linux-PPC will pre-zero pages in\nthe idle loop, possibly speeding up getfreepages.\n\n/proc/sys/net\nThis directory contains networking stuff. Explanations for some of the files under\nthis directory can be found in tcp(7) and ip(7).\n\n/proc/sys/net/core/bpfjitenable\nSee bpf(2).\n\n/proc/sys/net/core/somaxconn\nThis file defines a ceiling value for the backlog argument of listen(2); see the lis‐‐\nten(2) manual page for details.\n\n/proc/sys/proc\nThis directory may be empty.\n\n/proc/sys/sunrpc\nThis directory supports Sun remote procedure call for network filesystem (NFS). On\nsome systems, it is not present.\n\n/proc/sys/user (since Linux 4.9)\nSee namespaces(7).\n\n/proc/sys/vm\nThis directory contains files for memory management tuning, buffer and cache manage‐\nment.\n\n/proc/sys/vm/adminreservekbytes (since Linux 3.10)\nThis file defines the amount of free memory (in KiB) on the system that should be re‐\nserved for users with the capability CAPSYSADMIN.\n\nThe default value in this file is the minimum of [3% of free pages, 8MiB] expressed as\nKiB. The default is intended to provide enough for the superuser to log in and kill a\nprocess, if necessary, under the default overcommit 'guess' mode (i.e., 0 in\n/proc/sys/vm/overcommitmemory).\n\nSystems running in \"overcommit never\" mode (i.e., 2 in /proc/sys/vm/overcommitmemory)\nshould increase the value in this file to account for the full virtual memory size of\nthe programs used to recover (e.g., login(1) ssh(1), and top(1)) Otherwise, the supe‐\nruser may not be able to log in to recover the system. For example, on x86-64 a suit‐\nable value is 131072 (128MiB reserved).\n\nChanging the value in this file takes effect whenever an application requests memory.\n\n/proc/sys/vm/compactmemory (since Linux 2.6.35)\nWhen 1 is written to this file, all zones are compacted such that free memory is\navailable in contiguous blocks where possible. The effect of this action can be seen\nby examining /proc/buddyinfo.\n\nPresent only if the kernel was configured with CONFIGCOMPACTION.\n\n/proc/sys/vm/dropcaches (since Linux 2.6.16)\nWriting to this file causes the kernel to drop clean caches, dentries, and inodes from\nmemory, causing that memory to become free. This can be useful for memory management\ntesting and performing reproducible filesystem benchmarks. Because writing to this\nfile causes the benefits of caching to be lost, it can degrade overall system perfor‐\nmance.\n\nTo free pagecache, use:\n\necho 1 > /proc/sys/vm/dropcaches\n\nTo free dentries and inodes, use:\n\necho 2 > /proc/sys/vm/dropcaches\n\nTo free pagecache, dentries and inodes, use:\n\necho 3 > /proc/sys/vm/dropcaches\n\nBecause writing to this file is a nondestructive operation and dirty objects are not\nfreeable, the user should run sync(1) first.\n\n/proc/sys/vm/legacyvalayout (since Linux 2.6.9)\nIf nonzero, this disables the new 32-bit memory-mapping layout; the kernel will use\nthe legacy (2.4) layout for all processes.\n\n/proc/sys/vm/memoryfailureearlykill (since Linux 2.6.32)\nControl how to kill processes when an uncorrected memory error (typically a 2-bit er‐\nror in a memory module) that cannot be handled by the kernel is detected in the back‐\nground by hardware. In some cases (like the page still having a valid copy on disk),\nthe kernel will handle the failure transparently without affecting any applications.\nBut if there is no other up-to-date copy of the data, it will kill processes to pre‐\nvent any data corruptions from propagating.\n\nThe file has one of the following values:\n\n1: Kill all processes that have the corrupted-and-not-reloadable page mapped as soon\nas the corruption is detected. Note that this is not supported for a few types of\npages, such as kernel internally allocated data or the swap cache, but works for\nthe majority of user pages.\n\n0: Unmap the corrupted page from all processes and kill a process only if it tries to\naccess the page.\n\nThe kill is performed using a SIGBUS signal with sicode set to BUSMCEERRAO. Pro‐\ncesses can handle this if they want to; see sigaction(2) for more details.\n\nThis feature is active only on architectures/platforms with advanced machine check\nhandling and depends on the hardware capabilities.\n\nApplications can override the memoryfailureearlykill setting individually with the\nprctl(2) PRMCEKILL operation.\n\nPresent only if the kernel was configured with CONFIGMEMORYFAILURE.\n\n/proc/sys/vm/memoryfailurerecovery (since Linux 2.6.32)\nEnable memory failure recovery (when supported by the platform).\n\n1: Attempt recovery.\n\n0: Always panic on a memory failure.\n\nPresent only if the kernel was configured with CONFIGMEMORYFAILURE.\n\n/proc/sys/vm/oomdumptasks (since Linux 2.6.25)\nEnables a system-wide task dump (excluding kernel threads) to be produced when the\nkernel performs an OOM-killing. The dump includes the following information for each\ntask (thread, process): thread ID, real user ID, thread group ID (process ID), virtual\nmemory size, resident set size, the CPU that the task is scheduled on, oomadj score\n(see the description of /proc/[pid]/oomadj), and command name. This is helpful to\ndetermine why the OOM-killer was invoked and to identify the rogue task that caused\nit.\n\nIf this contains the value zero, this information is suppressed. On very large sys‐\ntems with thousands of tasks, it may not be feasible to dump the memory state informa‐\ntion for each one. Such systems should not be forced to incur a performance penalty\nin OOM situations when the information may not be desired.\n\nIf this is set to nonzero, this information is shown whenever the OOM-killer actually\nkills a memory-hogging task.\n\nThe default value is 0.\n\n/proc/sys/vm/oomkillallocatingtask (since Linux 2.6.24)\nThis enables or disables killing the OOM-triggering task in out-of-memory situations.\n\nIf this is set to zero, the OOM-killer will scan through the entire tasklist and se‐\nlect a task based on heuristics to kill. This normally selects a rogue memory-hogging\ntask that frees up a large amount of memory when killed.\n\nIf this is set to nonzero, the OOM-killer simply kills the task that triggered the\nout-of-memory condition. This avoids a possibly expensive tasklist scan.\n\nIf /proc/sys/vm/paniconoom is nonzero, it takes precedence over whatever value is\nused in /proc/sys/vm/oomkillallocatingtask.\n\nThe default value is 0.\n\n/proc/sys/vm/overcommitkbytes (since Linux 3.14)\nThis writable file provides an alternative to /proc/sys/vm/overcommitratio for con‐\ntrolling the CommitLimit when /proc/sys/vm/overcommitmemory has the value 2. It al‐\nlows the amount of memory overcommitting to be specified as an absolute value (in kB),\nrather than as a percentage, as is done with overcommitratio. This allows for finer-\ngrained control of CommitLimit on systems with extremely large memory sizes.\n\nOnly one of overcommitkbytes or overcommitratio can have an effect: if overcom‐\nmitkbytes has a nonzero value, then it is used to calculate CommitLimit, otherwise\novercommitratio is used. Writing a value to either of these files causes the value\nin the other file to be set to zero.\n\n/proc/sys/vm/overcommitmemory\nThis file contains the kernel virtual memory accounting mode. Values are:\n\n0: heuristic overcommit (this is the default)\n1: always overcommit, never check\n2: always check, never overcommit\n\nIn mode 0, calls of mmap(2) with MAPNORESERVE are not checked, and the default check\nis very weak, leading to the risk of getting a process \"OOM-killed\".\n\nIn mode 1, the kernel pretends there is always enough memory, until memory actually\nruns out. One use case for this mode is scientific computing applications that employ\nlarge sparse arrays. In Linux kernel versions before 2.6.0, any nonzero value implies\nmode 1.\n\nIn mode 2 (available since Linux 2.6), the total virtual address space that can be al‐\nlocated (CommitLimit in /proc/meminfo) is calculated as\n\nCommitLimit = (totalRAM - totalhugeTLB) *\novercommitratio / 100 + totalswap\n\nwhere:\n\n* totalRAM is the total amount of RAM on the system;\n\n* totalhugeTLB is the amount of memory set aside for huge pages;\n\n* overcommitratio is the value in /proc/sys/vm/overcommitratio; and\n\n* totalswap is the amount of swap space.\n\nFor example, on a system with 16 GB of physical RAM, 16 GB of swap, no space dedicated\nto huge pages, and an overcommitratio of 50, this formula yields a CommitLimit of 24\nGB.\n\nSince Linux 3.14, if the value in /proc/sys/vm/overcommitkbytes is nonzero, then Com‐\nmitLimit is instead calculated as:\n\nCommitLimit = overcommitkbytes + totalswap\n\nSee also the description of /proc/sys/vm/adminreservekbytes and\n/proc/sys/vm/userreservekbytes.\n\n/proc/sys/vm/overcommitratio (since Linux 2.6.0)\nThis writable file defines a percentage by which memory can be overcommitted. The de‐\nfault value in the file is 50. See the description of /proc/sys/vm/overcommitmemory.\n\n/proc/sys/vm/paniconoom (since Linux 2.6.18)\nThis enables or disables a kernel panic in an out-of-memory situation.\n\nIf this file is set to the value 0, the kernel's OOM-killer will kill some rogue\nprocess. Usually, the OOM-killer is able to kill a rogue process and the system will\nsurvive.\n\nIf this file is set to the value 1, then the kernel normally panics when out-of-memory\nhappens. However, if a process limits allocations to certain nodes using memory poli‐\ncies (mbind(2) MPOLBIND) or cpusets (cpuset(7)) and those nodes reach memory exhaus‐\ntion status, one process may be killed by the OOM-killer. No panic occurs in this\ncase: because other nodes' memory may be free, this means the system as a whole may\nnot have reached an out-of-memory situation yet.\n\nIf this file is set to the value 2, the kernel always panics when an out-of-memory\ncondition occurs.\n\nThe default value is 0. 1 and 2 are for failover of clustering. Select either ac‐\ncording to your policy of failover.\n\n/proc/sys/vm/swappiness\nThe value in this file controls how aggressively the kernel will swap memory pages.\nHigher values increase aggressiveness, lower values decrease aggressiveness. The de‐\nfault value is 60.\n\n/proc/sys/vm/userreservekbytes (since Linux 3.10)\nSpecifies an amount of memory (in KiB) to reserve for user processes. This is in‐\ntended to prevent a user from starting a single memory hogging process, such that they\ncannot recover (kill the hog). The value in this file has an effect only when\n/proc/sys/vm/overcommitmemory is set to 2 (\"overcommit never\" mode). In this case,\nthe system reserves an amount of memory that is the minimum of [3% of current process\nsize, userreservekbytes].\n\nThe default value in this file is the minimum of [3% of free pages, 128MiB] expressed\nas KiB.\n\nIf the value in this file is set to zero, then a user will be allowed to allocate all\nfree memory with a single process (minus the amount reserved by /proc/sys/vm/adminre‐\nservekbytes). Any subsequent attempts to execute a command will result in \"fork:\nCannot allocate memory\".\n\nChanging the value in this file takes effect whenever an application requests memory.\n\n/proc/sys/vm/unprivilegeduserfaultfd (since Linux 5.2)\nThis (writable) file exposes a flag that controls whether unprivileged processes are\nallowed to employ userfaultfd(2). If this file has the value 1, then unprivileged\nprocesses may use userfaultfd(2). If this file has the value 0, then only processes\nthat have the CAPSYSPTRACE capability may employ userfaultfd(2). The default value\nin this file is 1.\n\n/proc/sysrq-trigger (since Linux 2.4.21)\nWriting a character to this file triggers the same SysRq function as typing ALT-\nSysRq- (see the description of /proc/sys/kernel/sysrq). This file is nor‐\nmally writable only by root. For further details see the Linux kernel source file\nDocumentation/admin-guide/sysrq.rst (or Documentation/sysrq.txt before Linux 4.10).\n\n/proc/sysvipc\nSubdirectory containing the pseudo-files msg, sem and shm. These files list the Sys‐\ntem V Interprocess Communication (IPC) objects (respectively: message queues, sema‐\nphores, and shared memory) that currently exist on the system, providing similar in‐\nformation to that available via ipcs(1). These files have headers and are formatted\n(one IPC object per line) for easy understanding. sysvipc(7) provides further back‐\nground on the information shown by these files.\n\n/proc/thread-self (since Linux 3.17)\nThis directory refers to the thread accessing the /proc filesystem, and is identical\nto the /proc/self/task/[tid] directory named by the process thread ID ([tid]) of the\nsame thread.\n\n/proc/timerlist (since Linux 2.6.21)\nThis read-only file exposes a list of all currently pending (high-resolution) timers,\nall clock-event sources, and their parameters in a human-readable form.\n\n/proc/timerstats (from Linux 2.6.21 until Linux 4.10)\nThis is a debugging facility to make timer (ab)use in a Linux system visible to kernel\nand user-space developers. It can be used by kernel and user-space developers to ver‐\nify that their code does not make undue use of timers. The goal is to avoid unneces‐\nsary wakeups, thereby optimizing power consumption.\n\nIf enabled in the kernel (CONFIGTIMERSTATS), but not used, it has almost zero run-\ntime overhead and a relatively small data-structure overhead. Even if collection is\nenabled at run time, overhead is low: all the locking is per-CPU and lookup is hashed.\n\nThe /proc/timerstats file is used both to control sampling facility and to read out\nthe sampled information.\n\nThe timerstats functionality is inactive on bootup. A sampling period can be started\nusing the following command:\n\n# echo 1 > /proc/timerstats\n\nThe following command stops a sampling period:\n\n# echo 0 > /proc/timerstats\n\nThe statistics can be retrieved by:\n\n$ cat /proc/timerstats\n\nWhile sampling is enabled, each readout from /proc/timerstats will see newly updated\nstatistics. Once sampling is disabled, the sampled information is kept until a new\nsample period is started. This allows multiple readouts.\n\nSample output from /proc/timerstats:\n\n$ cat /proc/timerstats\nTimer Stats Version: v0.3\nSample period: 1.764 s\nCollection: active\n255, 0 swapper/3 hrtimerstartrangens (tickschedtimer)\n71, 0 swapper/1 hrtimerstartrangens (tickschedtimer)\n58, 0 swapper/0 hrtimerstartrangens (tickschedtimer)\n4, 1694 gnome-shell moddelayedworkon (delayedworktimerfn)\n17, 7 rcusched rcugpkthread (processtimeout)\n...\n1, 4911 kworker/u16:0 moddelayedworkon (delayedworktimerfn)\n1D, 2522 kworker/0:0 queuedelayedworkon (delayedworktimerfn)\n1029 total events, 583.333 events/sec\n\nThe output columns are:\n\n* a count of the number of events, optionally (since Linux 2.6.23) followed by the\nletter 'D' if this is a deferrable timer;\n\n* the PID of the process that initialized the timer;\n\n* the name of the process that initialized the timer;\n\n* the function where the timer was initialized; and\n\n* (in parentheses) the callback function that is associated with the timer.\n\nDuring the Linux 4.11 development cycle, this file was removed because of security\nconcerns, as it exposes information across namespaces. Furthermore, it is possible to\nobtain the same information via in-kernel tracing facilities such as ftrace.\n\n/proc/tty\nSubdirectory containing the pseudo-files and subdirectories for tty drivers and line\ndisciplines.\n\n/proc/uptime\nThis file contains two numbers (values in seconds): the uptime of the system (includ‐\ning time spent in suspend) and the amount of time spent in the idle process.\n\n/proc/version\nThis string identifies the kernel version that is currently running. It includes the\ncontents of /proc/sys/kernel/ostype, /proc/sys/kernel/osrelease, and /proc/sys/ker‐\nnel/version. For example:\n\nLinux version 1.0.9 (quinlan@phaze) #1 Sat May 14 01:51:54 EDT 1994\n\n/proc/vmstat (since Linux 2.6.0)\nThis file displays various virtual memory statistics. Each line of this file contains\na single name-value pair, delimited by white space. Some lines are present only if\nthe kernel was configured with suitable options. (In some cases, the options required\nfor particular files have changed across kernel versions, so they are not listed here.\nDetails can be found by consulting the kernel source code.) The following fields may\nbe present:\n\nnrfreepages (since Linux 2.6.31)\n\nnrallocbatch (since Linux 3.12)\n\nnrinactiveanon (since Linux 2.6.28)\n\nnractiveanon (since Linux 2.6.28)\n\nnrinactivefile (since Linux 2.6.28)\n\nnractivefile (since Linux 2.6.28)\n\nnrunevictable (since Linux 2.6.28)\n\nnrmlock (since Linux 2.6.28)\n\nnranonpages (since Linux 2.6.18)\n\nnrmapped (since Linux 2.6.0)\n\nnrfilepages (since Linux 2.6.18)\n\nnrdirty (since Linux 2.6.0)\n\nnrwriteback (since Linux 2.6.0)\n\nnrslabreclaimable (since Linux 2.6.19)\n\nnrslabunreclaimable (since Linux 2.6.19)\n\nnrpagetablepages (since Linux 2.6.0)\n\nnrkernelstack (since Linux 2.6.32)\nAmount of memory allocated to kernel stacks.\n\nnrunstable (since Linux 2.6.0)\n\nnrbounce (since Linux 2.6.12)\n\nnrvmscanwrite (since Linux 2.6.19)\n\nnrvmscanimmediatereclaim (since Linux 3.2)\n\nnrwritebacktemp (since Linux 2.6.26)\n\nnrisolatedanon (since Linux 2.6.32)\n\nnrisolatedfile (since Linux 2.6.32)\n\nnrshmem (since Linux 2.6.32)\nPages used by shmem and tmpfs(5).\n\nnrdirtied (since Linux 2.6.37)\n\nnrwritten (since Linux 2.6.37)\n\nnrpagesscanned (since Linux 3.17)\n\nnumahit (since Linux 2.6.18)\n\nnumamiss (since Linux 2.6.18)\n\nnumaforeign (since Linux 2.6.18)\n\nnumainterleave (since Linux 2.6.18)\n\nnumalocal (since Linux 2.6.18)\n\nnumaother (since Linux 2.6.18)\n\nworkingsetrefault (since Linux 3.15)\n\nworkingsetactivate (since Linux 3.15)\n\nworkingsetnodereclaim (since Linux 3.15)\n\nnranontransparenthugepages (since Linux 2.6.38)\n\nnrfreecma (since Linux 3.7)\nNumber of free CMA (Contiguous Memory Allocator) pages.\n\nnrdirtythreshold (since Linux 2.6.37)\n\nnrdirtybackgroundthreshold (since Linux 2.6.37)\n\npgpgin (since Linux 2.6.0)\n\npgpgout (since Linux 2.6.0)\n\npswpin (since Linux 2.6.0)\n\npswpout (since Linux 2.6.0)\n\npgallocdma (since Linux 2.6.5)\n\npgallocdma32 (since Linux 2.6.16)\n\npgallocnormal (since Linux 2.6.5)\n\npgallochigh (since Linux 2.6.5)\n\npgallocmovable (since Linux 2.6.23)\n\npgfree (since Linux 2.6.0)\n\npgactivate (since Linux 2.6.0)\n\npgdeactivate (since Linux 2.6.0)\n\npgfault (since Linux 2.6.0)\n\npgmajfault (since Linux 2.6.0)\n\npgrefilldma (since Linux 2.6.5)\n\npgrefilldma32 (since Linux 2.6.16)\n\npgrefillnormal (since Linux 2.6.5)\n\npgrefillhigh (since Linux 2.6.5)\n\npgrefillmovable (since Linux 2.6.23)\n\npgstealkswapddma (since Linux 3.4)\n\npgstealkswapddma32 (since Linux 3.4)\n\npgstealkswapdnormal (since Linux 3.4)\n\npgstealkswapdhigh (since Linux 3.4)\n\npgstealkswapdmovable (since Linux 3.4)\n\npgstealdirectdma\n\npgstealdirectdma32 (since Linux 3.4)\n\npgstealdirectnormal (since Linux 3.4)\n\npgstealdirecthigh (since Linux 3.4)\n\npgstealdirectmovable (since Linux 2.6.23)\n\npgscankswapddma\n\npgscankswapddma32 (since Linux 2.6.16)\n\npgscankswapdnormal (since Linux 2.6.5)\n\npgscankswapdhigh\n\npgscankswapdmovable (since Linux 2.6.23)\n\npgscandirectdma\n\npgscandirectdma32 (since Linux 2.6.16)\n\npgscandirectnormal\n\npgscandirecthigh\n\npgscandirectmovable (since Linux 2.6.23)\n\npgscandirectthrottle (since Linux 3.6)\n\nzonereclaimfailed (since linux 2.6.31)\n\npginodesteal (since linux 2.6.0)\n\nslabsscanned (since linux 2.6.5)\n\nkswapdinodesteal (since linux 2.6.0)\n\nkswapdlowwmarkhitquickly (since 2.6.33)\n\nkswapdhighwmarkhitquickly (since 2.6.33)\n\npageoutrun (since Linux 2.6.0)\n\nallocstall (since Linux 2.6.0)\n\npgrotated (since Linux 2.6.0)\n\ndroppagecache (since Linux 3.15)\n\ndropslab (since Linux 3.15)\n\nnumapteupdates (since Linux 3.8)\n\nnumahugepteupdates (since Linux 3.13)\n\nnumahintfaults (since Linux 3.8)\n\nnumahintfaultslocal (since Linux 3.8)\n\nnumapagesmigrated (since Linux 3.8)\n\npgmigratesuccess (since Linux 3.8)\n\npgmigratefail (since Linux 3.8)\n\ncompactmigratescanned (since Linux 3.8)\n\ncompactfreescanned (since Linux 3.8)\n\ncompactisolated (since Linux 3.8)\n\ncompactstall (since Linux 2.6.35)\nSee the kernel source file Documentation/admin-guide/mm/transhuge.rst.\n\ncompactfail (since Linux 2.6.35)\nSee the kernel source file Documentation/admin-guide/mm/transhuge.rst.\n\ncompactsuccess (since Linux 2.6.35)\nSee the kernel source file Documentation/admin-guide/mm/transhuge.rst.\n\nhtlbbuddyallocsuccess (since Linux 2.6.26)\n\nhtlbbuddyallocfail (since Linux 2.6.26)\n\nunevictablepgsculled (since Linux 2.6.28)\n\nunevictablepgsscanned (since Linux 2.6.28)\n\nunevictablepgsrescued (since Linux 2.6.28)\n\nunevictablepgsmlocked (since Linux 2.6.28)\n\nunevictablepgsmunlocked (since Linux 2.6.28)\n\nunevictablepgscleared (since Linux 2.6.28)\n\nunevictablepgsstranded (since Linux 2.6.28)\n\nthpfaultalloc (since Linux 2.6.39)\nSee the kernel source file Documentation/admin-guide/mm/transhuge.rst.\n\nthpfaultfallback (since Linux 2.6.39)\nSee the kernel source file Documentation/admin-guide/mm/transhuge.rst.\n\nthpcollapsealloc (since Linux 2.6.39)\nSee the kernel source file Documentation/admin-guide/mm/transhuge.rst.\n\nthpcollapseallocfailed (since Linux 2.6.39)\nSee the kernel source file Documentation/admin-guide/mm/transhuge.rst.\n\nthpsplit (since Linux 2.6.39)\nSee the kernel source file Documentation/admin-guide/mm/transhuge.rst.\n\nthpzeropagealloc (since Linux 3.8)\nSee the kernel source file Documentation/admin-guide/mm/transhuge.rst.\n\nthpzeropageallocfailed (since Linux 3.8)\nSee the kernel source file Documentation/admin-guide/mm/transhuge.rst.\n\nballooninflate (since Linux 3.18)\n\nballoondeflate (since Linux 3.18)\n\nballoonmigrate (since Linux 3.18)\n\nnrtlbremoteflush (since Linux 3.12)\n\nnrtlbremoteflushreceived (since Linux 3.12)\n\nnrtlblocalflushall (since Linux 3.12)\n\nnrtlblocalflushone (since Linux 3.12)\n\nvmacachefindcalls (since Linux 3.16)\n\nvmacachefindhits (since Linux 3.16)\n\nvmacachefullflushes (since Linux 3.19)\n\n/proc/zoneinfo (since Linux 2.6.13)\nThis file displays information about memory zones. This is useful for analyzing vir‐\ntual memory behavior.\n" } ] }, "NOTES": { "content": "Many files contain strings (e.g., the environment and command line) that are in the internal\nformat, with subfields terminated by null bytes ('\\0'). When inspecting such files, you may\nfind that the results are more readable if you use a command of the following form to display\nthem:\n\n$ cat file | tr '\\000' '\\n'\n\nThis manual page is incomplete, possibly inaccurate, and is the kind of thing that needs to\nbe updated very often.\n", "subsections": [] }, "SEE ALSO": { "content": "cat(1), dmesg(1), find(1), free(1), htop(1), init(1), ps(1), pstree(1), tr(1), uptime(1), ch‐‐\nroot(2), mmap(2), readlink(2), syslog(2), slabinfo(5), sysfs(5), hier(7), namespaces(7),\ntime(7), arp(8), hdparm(8), ifconfig(8), lsmod(8), lspci(8), mount(8), netstat(8),\nprocinfo(8), route(8), sysctl(8)\n\nThe Linux kernel source files: Documentation/filesystems/proc.txt, Documenta‐\ntion/sysctl/fs.txt, Documentation/sysctl/kernel.txt, Documentation/sysctl/net.txt, and Docu‐\nmentation/sysctl/vm.txt.\n", "subsections": [] }, "COLOPHON": { "content": "This page is part of release 5.10 of the Linux man-pages project. A description of the\nproject, information about reporting bugs, and the latest version of this page, can be found\nat https://www.kernel.org/doc/man-pages/.\n\n\n\nLinux 2020-12-21 PROC(5)", "subsections": [] } }, "summary": "proc - process information pseudo-filesystem", "flags": [], "examples": [], "see_also": [ { "name": "cat", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/cat/1/json" }, { "name": "dmesg", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/dmesg/1/json" }, { "name": "find", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/find/1/json" }, { "name": "free", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/free/1/json" }, { "name": "htop", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/htop/1/json" }, { "name": "init", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/init/1/json" }, { "name": "ps", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/ps/1/json" }, { "name": "pstree", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/pstree/1/json" }, { "name": "tr", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/tr/1/json" }, { "name": "uptime", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/uptime/1/json" }, { "name": "root", "section": "2", "url": "https://www.chedong.com/phpMan.php/man/root/2/json" }, { "name": "mmap", "section": "2", "url": "https://www.chedong.com/phpMan.php/man/mmap/2/json" }, { "name": "readlink", "section": "2", "url": "https://www.chedong.com/phpMan.php/man/readlink/2/json" }, { "name": "syslog", "section": "2", "url": "https://www.chedong.com/phpMan.php/man/syslog/2/json" }, { "name": "slabinfo", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/slabinfo/5/json" }, { "name": "sysfs", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/sysfs/5/json" }, { "name": "hier", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/hier/7/json" }, { "name": "namespaces", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/namespaces/7/json" }, { "name": "time", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/time/7/json" }, { "name": "arp", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/arp/8/json" }, { "name": "hdparm", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/hdparm/8/json" }, { "name": "ifconfig", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/ifconfig/8/json" }, { "name": "lsmod", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/lsmod/8/json" }, { "name": "lspci", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/lspci/8/json" }, { "name": "mount", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/mount/8/json" }, { "name": "netstat", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/netstat/8/json" }, { "name": "procinfo", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/procinfo/8/json" }, { "name": "route", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/route/8/json" }, { "name": "sysctl", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/sysctl/8/json" } ] }