The Wayback Machine - https://web.archive.org/web/20181215072140/http://www.man7.org:80/linux/man-pages/man5/proc.5.html
`The VVayback Machine - https://web.archive.org/web/20181 2150721 40/http://www.man7.org:80/linux/man-pages/man5/proc.5.html
`Linux/UNIX system programming training
`man7.org > Linux > man-pages
`man7.org > Linux > man-pages
`Linux/UNIX system programming training
`
` Search online pages
`Search online pages
`
`NAME | DESCRIPTION | NOTES | SEE ALSO | COLOPHON
`NAME I DESCRIPTION I NOTES I SEE ALSO I COLOPHON
`
`PROC(5) Linux Programmer's Manual PROC(5)
`PROC(5)
`Linux Programmer's Manual
`PROC(5)
`
`NAME top
`NAME
`top
` proc - process information pseudo-filesystem
`proc - process information pseudo-filesystem
`
`DESCRIPTION top
`DESCRIPTION
`top
` The proc filesystem is a pseudo-filesystem which provides an
`The proc filesystem is a pseudo-filesystem which provides an
` interface to kernel data structures. It is commonly mounted at
`interface to kernel data structures.
`It is commonly mounted at
` /proc. Typically, it is mounted automatically by the system, but it
`/proc. Typically, it is mounted automatically by the system, but it
` can also be mounted manually using a command such as:
`can also be mounted manually using a command such as:
` mount -t proc proc /proc
`mount -t proc proc /proc
` Most of the files in the proc filesystem are read-only, but some
`Most of the files in the proc filesystem are read-only, but some
` files are writable, allowing kernel variables to be changed.
`files are writable, allowing kernel variables to be changed.
` Mount options
`Mount options
` The proc filesystem supports the following mount options:
`The proc filesystem supports the following mount options:
` hidepid=n (since Linux 3.3)
`hidepid=n (since Linux 3.3)
` This option controls who can access the information in
`This option controls who can access the information in
` /proc/[pid] directories. The argument, n, is one of the fol-
`/proc/[pid] directories. The argument, n, is one of the fol-
` lowing values:
`lowing values:
` 0 Everybody may access all /proc/[pid] directories. This is
`0 Everybody may access all /proc/[pid] directories. This is
` the traditional behavior, and the default if this mount
`the traditional behavior, and the default if this mount
` option is not specified.
`option is not specified.
` 1 Users may not access files and subdirectories inside any
`1 Users may not access files and subdirectories inside any
` /proc/[pid] directories but their own (the /proc/[pid]
`/proc/[pid] directories but their own (the /proc/[pid]
` directories themselves remain visible). Sensitive files
`directories themselves remain visible). Sensitive files
` such as /proc/[pid]/cmdline and /proc/[pid]/status are now
`such as /proc/[pid]/cmdLine and /proc/[pid]/status are now
` protected against other users. This makes it impossible
`protected against other users. This makes it impossible
` to learn whether any user is running a specific program
`to learn whether any user is running a specific program
` (so long as the program doesn't otherwise reveal itself by
`(so long as the program doesn't otherwise reveal itself by
` its behavior).
`its behavior).
` 2 As for mode 1, but in addition the /proc/[pid] directories
`2 As for mode 1, but in addition the /proc/[pid] directories
` belonging to other users become invisible. This means
`belonging to other users become invisible. This means
` that /proc/[pid] entries can no longer be used to discover
`that /proc/[pid] entries can no longer be used to discover
` the PIDs on the system. This doesn't hide the fact that a
`the PIDs on the system. This doesn't hide the fact that a
` process with a specific PID value exists (it can be
`process with a specific PID value exists (it can be
` learned by other means, for example, by "kill -0 $PID"),
`learned by other means, for example, by "kill -0 $PID"),
` but it hides a process's UID and GID, which could other-
`but it hides a process's UID and GID, which could other-
` wise be learned by employing stat(2) on a /proc/[pid]
`wise be learned by employing stat(2) on a /proc/[pid]
` directory. This greatly complicates an attacker's task of
`directory. This greatly complicates an attacker's task of
` gathering information about running processes (e.g., dis-
`gathering information about running processes (e.g., dis-
` covering whether some daemon is running with elevated
`covering whether some daemon is running with elevated
` privileges, whether another user is running some sensitive
`privileges, whether another user is running some sensitive
` program, whether other users are running any program at
`program, whether other users are running any program at
` all, and so on).
`all, and so on).
` gid=gid (since Linux 3.3)
`gid=gid (since Linux 3.3)
` Specifies the ID of a group whose members are authorized to
`Specifies the ID of a group whose members are authorized to
` learn process information otherwise prohibited by hidepid
`learn process information otherwise prohibited by hidepid
` (i.e., users in this group behave as though /proc was mounted
`(i.e., users in this group behave as though /proc was mounted
` with hidepid=0). This group should be used instead of
`with hidepid=0). This group should be used instead of
` approaches such as putting nonroot users into the sudoers(5)
`approaches such as putting nonroot users into the sudoers(5)
` file.
`file.
` Files and directories
`Files and directories
` The following list describes many of the files and directories under
`The following list describes many of the files and directories under
` the /proc hierarchy.
`the /proc hierarchy.
` /proc/[pid]
`/proc/[pid]
` There is a numerical subdirectory for each running process;
`There is a numerical subdirectory for each running process;
` the subdirectory is named by the process ID.
`the subdirectory is named by the process ID.
` Each /proc/[pid] subdirectory contains the pseudo-files and
`Each /proc/[pid] subdirectory contains the pseudo-files and
` directories described below. These files are normally owned
`directories described below. These files are normally owned
` by the effective user and effective group ID of the process.
`by the effective user and effective group ID of the process.
` However, as a security measure, the ownership is made
`However, as a security measure, the ownership is made
` root:root if the process's "dumpable" attribute is set to a
`root:root if the process's "dumpable" attribute is set to a
`
`WIZ, Inc. EXHIBIT - 1112
`WIZ, Inc. v. Orca Security LTD.
`
`01
`
`

`

` value other than 1. This attribute may change for the follow-
`value other than 1. This attribute may change for the follow-
` ing reasons:
`ing reasons:
` * The attribute was explicitly set via the prctl(2)
`* The attribute was explicitly set via the prctl(2)
` PR_SET_DUMPABLE operation.
`PR_SET_DUMPABLE operation.
` * The attribute was reset to the value in the file
`* The attribute was reset to the value in the file
` /proc/sys/fs/suid_dumpable (described below), for the rea-
`/proc/sys/fs/suid dumpabLe (described below), for the rea-
` sons described in prctl(2).
`sons described in prctl(2).
` Resetting the "dumpable" attribute to 1 reverts the ownership
`Resetting the "dumpable" attribute to 1 reverts the ownership
` of the /proc/[pid]/* files to the process's real UID and real
`of the /proc/[pid]/* files to the process's real UID and real
` GID.
`GID.
` /proc/[pid]/attr
`/proc/[pid]/attr
` The files in this directory provide an API for security mod-
`The files in this directory provide an API for security mod-
` ules. The contents of this directory are files that can be
`ules. The contents of this directory are files that can be
` read and written in order to set security-related attributes.
`read and written in order to set security-related attributes.
` This directory was added to support SELinux, but the intention
`This directory was added to support SELinux, but the intention
` was that the API be general enough to support other security
`was that the API be general enough to support other security
` modules. For the purpose of explanation, examples of how
`modules. For the purpose of explanation, examples of how
` SELinux uses these files are provided below.
`SELinux uses these files are provided below.
` This directory is present only if the kernel was configured
`This directory is present only if the kernel was configured
` with CONFIG_SECURITY.
`with CONFIG_SECURITY.
` /proc/[pid]/attr/current (since Linux 2.6.0)
`/proc/[pid]/attr/current (since Linux 2.6.0)
` The contents of this file represent the current security
`The contents of this file represent the current security
` attributes of the process.
`attributes of the process.
` In SELinux, this file is used to get the security context of a
`In SELinux, this file is used to get the security context of a
` process. Prior to Linux 2.6.11, this file could not be used
`process. Prior to Linux 2.6.11, this file could not be used
` to set the security context (a write was always denied), since
`to set the security context (a write was always denied), since
` SELinux limited process security transitions to execve(2) (see
`SELinux limited process security transitions to execve(2) (see
` the description of /proc/[pid]/attr/exec, below). Since Linux
`the description of /proc/[pid]/attr/exec, below). Since Linux
` 2.6.11, SELinux lifted this restriction and began supporting
`2.6.11, SELinux lifted this restriction and began supporting
` "set" operations via writes to this node if authorized by pol-
`"set" operations via writes to this node if authorized by pol-
` icy, although use of this operation is only suitable for
`icy, although use of this operation is only suitable for
` applications that are trusted to maintain any desired separa-
`applications that are trusted to maintain any desired separa-
` tion between the old and new security contexts. Prior to
`tion between the old and new security contexts. Prior to
` Linux 2.6.28, SELinux did not allow threads within a multi-
`Linux 2.6.28, SELinux did not allow threads within a multi-
` threaded process to set their security context via this node
`threaded process to set their security context via this node
` as it would yield an inconsistency among the security contexts
`as it would yield an inconsistency among the security contexts
` of the threads sharing the same memory space. Since Linux
`of the threads sharing the same memory space. Since Linux
` 2.6.28, SELinux lifted this restriction and began supporting
`2.6.28, SELinux lifted this restriction and began supporting
` "set" operations for threads within a multithreaded process if
`"set" operations for threads within a multithreaded process if
` the new security context is bounded by the old security con-
`the new security context is bounded by the old security con-
` text, where the bounded relation is defined in policy and
`text, where the bounded relation is defined in policy and
` guarantees that the new security context has a subset of the
`guarantees that the new security context has a subset of the
` permissions of the old security context. Other security mod-
`permissions of the old security context. Other security mod-
` ules may choose to support "set" operations via writes to this
`ules may choose to support "set" operations via writes to this
` node.
`node.
` /proc/[pid]/attr/exec (since Linux 2.6.0)
`/proc/[pid]/attr/exec (since Linux 2.6.0)
` This file represents the attributes to assign to the process
`This file represents the attributes to assign to the process
` upon a subsequent execve(2).
`upon a subsequent execve(2).
` In SELinux, this is needed to support role/domain transitions,
`In SELinux, this is needed to support role/domain transitions,
` and execve(2) is the preferred point to make such transitions
`and execve(2) is the preferred point to make such transitions
` because it offers better control over the initialization of
`because it offers better control over the initialization of
` the process in the new security label and the inheritance of
`the process in the new security label and the inheritance of
` state. In SELinux, this attribute is reset on execve(2) so
`state. In SELinux, this attribute is reset on execve(2) so
` that the new program reverts to the default behavior for any
`that the new program reverts to the default behavior for any
` execve(2) calls that it may make. In SELinux, a process can
`execve(2) calls that it may make. In SELinux, a process can
` set only its own /proc/[pid]/attr/exec attribute.
`set only its own /proc/[pid_Uattr/exec attribute.
` /proc/[pid]/attr/fscreate (since Linux 2.6.0)
`/proc/[pid]/attr/fscreate (since Linux 2.6.0)
` This file represents the attributes to assign to files created
`This file represents the attributes to assign to files created
` by subsequent calls to open(2), mkdir(2), symlink(2), and
`by subsequent calls to open(2), mkdir(2), symlink(2), and
` mknod(2)
`mknod(2)
` SELinux employs this file to support creation of a file (using
`SELinux employs this file to support creation of a file (using
` the aforementioned system calls) in a secure state, so that
`the aforementioned system calls) in a secure state, so that
` there is no risk of inappropriate access being obtained
`there is no risk of inappropriate access being obtained
` between the time of creation and the time that attributes are
`between the time of creation and the time that attributes are
` set. In SELinux, this attribute is reset on execve(2), so
`set. In SELinux, this attribute is reset on execve(2), so
` that the new program reverts to the default behavior for any
`that the new program reverts to the default behavior for any
` file creation calls it may make, but the attribute will per-
`file creation calls it may make, but the attribute will per-
` sist across multiple file creation calls within a program
`sist across multiple file creation calls within a program
` unless it is explicitly reset. In SELinux, a process can set
`unless it is explicitly reset. In SELinux, a process can set
` only its own /proc/[pid]/attr/fscreate attribute.
`only its own /proc/[pid]/attr/fscreate attribute.
` /proc/[pid]/attr/keycreate (since Linux 2.6.18)
`/proc/[pid]/attr/keycreate (since Linux 2.6.18)
`
`02
`
`

`

` If a process writes a security context into this file, all
`If a process writes a security context into this file, all
` subsequently created keys (add_key(2)) will be labeled with
`subsequently created keys (add_key(2)) will be labeled with
` this context. For further information, see the kernel source
`this context. For further information, see the kernel source
` file Documentation/security/keys/core.rst (or file Documenta-
`file Documentation/security/keys/core.rst (or file Documenta-
` tion/security/keys.txt on Linux between 3.0 and 4.13, or Docu-
`tion/security/keys.txt on Linux between 3.0 and 4.13, or Docu-
` mentation/keys.txt before Linux 3.0).
`mentation/keys.txt before Linux 3.0).
` /proc/[pid]/attr/prev (since Linux 2.6.0)
`/proc/[pid]/attr/prev (since Linux 2.6.0)
` This file contains the security context of the process before
`This file contains the security context of the process before
` the last execve(2); that is, the previous value of
`the last execve(2); that is, the previous value of
` /proc/[pid]/attr/current.
`/proc/[pid_Uattr/current.
` /proc/[pid]/attr/socketcreate (since Linux 2.6.18)
`/proc/[pid]/attr/socketcreate (since Linux 2.6.18)
` If a process writes a security context into this file, all
`If a process writes a security context into this file, all
` subsequently created sockets will be labeled with this con-
`subsequently created sockets will be labeled with this con-
` text.
`text.
` /proc/[pid]/autogroup (since Linux 2.6.38)
`/proc/[pid]/autogroup (since Linux 2.6.38)
` See sched(7).
`See sched(7).
` /proc/[pid]/auxv (since 2.6.0-test7)
`/proc/[pid]/auxv (since 2.6.0-test7)
` This contains the contents of the ELF interpreter information
`This contains the contents of the ELF interpreter information
` passed to the process at exec time. The format is one
`passed to the process at exec time. The format is one
` unsigned long ID plus one unsigned long value for each entry.
`unsigned Long ID plus one unsigned Long value for each entry.
` The last entry contains two zeros. See also getauxval(3).
`The last entry contains two zeros. See also getauxval(3).
` Permission to access this file is governed by a ptrace access
`Permission to access this file is governed by a ptrace access
` mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
`mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
` /proc/[pid]/cgroup (since Linux 2.6.24)
`/proc/[pid]/cgroup (since Linux 2.6.24)
` See cgroups(7).
`See cgroups(7).
` /proc/[pid]/clear_refs (since Linux 2.6.22)
`/proc/[pid]/cLear refs (since Linux 2.6.22)
` This is a write-only file, writable only by owner of the
`This is a write-only file, writable only by owner of the
` process.
`process.
` The following values may be written to the file:
`The following values may be written to the file:
` 1 (since Linux 2.6.22)
`1 (since Linux 2.6.22)
` Reset the PG_Referenced and ACCESSED/YOUNG bits for all
`Reset the PG_Referenced and ACCESSED/YOUNG bits for all
` the pages associated with the process. (Before kernel
`the pages associated with the process. (Before kernel
` 2.6.32, writing any nonzero value to this file had this
`2.6.32, writing any nonzero value to this file had this
` effect.)
`effect.)
` 2 (since Linux 2.6.32)
`2 (since Linux 2.6.32)
` Reset the PG_Referenced and ACCESSED/YOUNG bits for all
`Reset the PG_Referenced and ACCESSED/YOUNG bits for all
` anonymous pages associated with the process.
`anonymous pages associated with the process.
` 3 (since Linux 2.6.32)
`3 (since Linux 2.6.32)
` Reset the PG_Referenced and ACCESSED/YOUNG bits for all
`Reset the PG_Referenced and ACCESSED/YOUNG bits for all
` file-mapped pages associated with the process.
`file-mapped pages associated with the process.
` Clearing the PG_Referenced and ACCESSED/YOUNG bits provides a
`Clearing the PG_Referenced and ACCESSED/YOUNG bits provides a
` method to measure approximately how much memory a process is
`method to measure approximately how much memory a process is
` using. One first inspects the values in the "Referenced"
`using. One first inspects the values in the "Referenced"
` fields for the VMAs shown in /proc/[pid]/smaps to get an idea
`fields for the VMAs shown in /proc/[pid]/smaps to get an idea
` of the memory footprint of the process. One then clears the
`of the memory footprint of the process. One then clears the
` PG_Referenced and ACCESSED/YOUNG bits and, after some measured
`PG_Referenced and ACCESSED/YOUNG bits and, after some measured
` time interval, once again inspects the values in the "Refer-
`time interval, once again inspects the values in the "Refer-
` enced" fields to get an idea of the change in memory footprint
`enced" fields to get an idea of the change in memory footprint
` of the process during the measured interval. If one is inter-
`of the process during the measured interval. If one is inter-
` ested only in inspecting the selected mapping types, then the
`ested only in inspecting the selected mapping types, then the
` value 2 or 3 can be used instead of 1.
`value 2 or 3 can be used instead of 1.
` Further values can be written to affect different properties:
`Further values can be written to affect different properties:
` 4 (since Linux 3.11)
`4 (since Linux 3.11)
` Clear the soft-dirty bit for all the pages associated
`Clear the soft-dirty bit for all the pages associated
` with the process. This is used (in conjunction with
`with the process. This is used (in conjunction with
` /proc/[pid]/pagemap) by the check-point restore system
`/proc/[pid]/pagemap) by the check-point restore system
` to discover which pages of a process have been dirtied
`to discover which pages of a process have been dirtied
` since the file /proc/[pid]/clear_refs was written to.
`since the file /proc/[pid]/cLear_refs was written to.
` 5 (since Linux 4.0)
`5 (since Linux 4.0)
` Reset the peak resident set size ("high water mark") to
`Reset the peak resident set size ("high water mark") to
` the process's current resident set size value.
`the process's current resident set size value.
` Writing any value to /proc/[pid]/clear_refs other than those
`Writing any value to /proc/[pid]/cLear refs other than those
` listed above has no effect.
`listed above has no effect.
` The /proc/[pid]/clear_refs file is present only if the CON-
`The /proc/[pid]/cLear refs file is present only if the CON-
` FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
`FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
`
`03
`
`

`

` /proc/[pid]/cmdline
`/proc/[pidYcmdLine
` This read-only file holds the complete command line for the
`This read-only file holds the complete command line for the
` process, unless the process is a zombie. In the latter case,
`process, unless the process is a zombie. In the latter case,
` there is nothing in this file: that is, a read on this file
`there is nothing in this file: that is, a read on this file
` will return 0 characters. The command-line arguments appear
`will return 0 characters. The command-line arguments appear
` in this file as a set of strings separated by null bytes
`in this file as a set of strings separated by null bytes
` ('\0'), with a further null byte after the last string.
`('\0'), with a further null byte after the last string.
` /proc/[pid]/comm (since Linux 2.6.33)
`/proc/[pidYcomm (since Linux 2.6.33)
` This file exposes the process's comm value—that is, the com-
`This file exposes the process's comm value—that is, the com-
` mand name associated with the process. Different threads in
`mand name associated with the process. Different threads in
` the same process may have different comm values, accessible
`the same process may have different comm values, accessible
` via /proc/[pid]/task/[tid]/comm. A thread may modify its comm
`via /proc/[pid_Wask/[tidYcomm. A thread may modify its comm
` value, or that of any of other thread in the same thread group
`value, or that of any of other thread in the same thread group
` (see the discussion of CLONE_THREAD in clone(2)), by writing
`(see the discussion of CLONE_THREAD in clone(2)), by writing
` to the file /proc/self/task/[tid]/comm. Strings longer than
`to the file /proc/seLf/task/[tidYcomm. Strings longer than
` TASK_COMM_LEN (16) characters are silently truncated.
`TASK_COMM_LEN (16) characters are silently truncated.
` This file provides a superset of the prctl(2) PR_SET_NAME and
`This file provides a superset of the prctl(2) PR_SET_NAME and
` PR_GET_NAME operations, and is employed by
`PR_GET_NAME operations, and is employed by
` pthread_setname_np(3) when used to rename threads other than
`pthread_setname_np(3) when used to rename threads other than
` the caller.
`the caller.
` /proc/[pid]/coredump_filter (since Linux 2.6.23)
`/proc/[pidYcoredump fitter (since Linux 2.6.23)
` See core(5).
`See core(5).
` /proc/[pid]/cpuset (since Linux 2.6.12)
`/proc/[pidYcpuset (since Linux 2.6.12)
` See cpuset(7).
`See cpuset(7).
` /proc/[pid]/cwd
`/proc/[pidYcwd
` This is a symbolic link to the current working directory of
`This is a symbolic link to the current working directory of
` the process. To find out the current working directory of
`the process. To find out the current working directory of
` process 20, for instance, you can do this:
`process 20, for instance, you can do this:
` $ cd /proc/20/cwd; /bin/pwd
`$ cd /proc/20/cwd; /bin/pwd
` Note that the pwd command is often a shell built-in, and might
`Note that the pwd command is often a shell built-in, and might
` not work properly. In bash(1), you may use pwd -P.
`not work properly. In bash(1), you may use pwd -P.
` In a multithreaded process, the contents of this symbolic link
`In a multithreaded process, the contents of this symbolic link
` are not available if the main thread has already terminated
`are not available if the main thread has already terminated
` (typically by calling pthread_exit(3)).
`(typically by calling pthread_exit(3)).
` Permission to dereference or read (readlink(2)) this symbolic
`Permission to dereference or read (readlink(2)) this symbolic
` link is governed by a ptrace access mode
`link is governed by a ptrace access mode
` PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
`PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
` /proc/[pid]/environ
`/proc/[pid_Venviron
` This file contains the initial environment that was set when
`This file contains the initial environment that was set when
` the currently executing program was started via execve(2).
`the currently executing program was started via execve(2).
` The entries are separated by null bytes ('\0'), and there may
`The entries are separated by null bytes ('\0'), and there may
` be a null byte at the end. Thus, to print out the environment
`be a null byte at the end. Thus, to print out the environment
` of process 1, you would do:
`of process 1, you would do:
` $ strings /proc/1/environ
`$ strings /proc/l/environ
` If, after an execve(2), the process modifies its environment
`If, after an execve(2), the process modifies its environment
` (e.g., by calling functions such as putenv(3) or modifying the
`(e.g., by calling functions such as putenv(3) or modifying the
` environ(7) variable directly), this file will not reflect
`environ(7) variable directly), this file will not reflect
` those changes.
`those changes.
` Furthermore, a process may change the memory location that
`Furthermore, a process may change the memory location that
` this file refers via prctl(2) operations such as
`this file refers via prctl(2) operations such as
` PR_SET_MM_ENV_START.
`PR_SET_MM_ENV_START.
` Permission to access this file is governed by a ptrace access
`Permission to access this file is governed by a ptrace access
` mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
`mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
` /proc/[pid]/exe
`/proc/[pid_Vexe
` Under Linux 2.2 and later, this file is a symbolic link con-
`Under Linux 2.2 and later, this file is a symbolic link con-
` taining the actual pathname of the executed command. This
`taining the actual pathname of the executed command. This
` symbolic link can be dereferenced normally; attempting to open
`symbolic link can be dereferenced normally; attempting to open
` it will open the executable. You can even type
`it will open the executable. You can even type
` /proc/[pid]/exe to run another copy of the same executable
`/proc/[pidYexe to run another copy of the same executable
` that is being run by process [pid]. If the pathname has been
`that is being run by process [pid]. If the pathname has been
` unlinked, the symbolic link will contain the string
`unlinked, the symbolic link will contain the string
` '(deleted)' appended to the original pathname. In a multi-
`'(deleted)' appended to the original pathname. In a multi-
` threaded process, the contents of this symbolic link are not
`threaded process, the contents of this symbolic link are not
` available if the main thread has already terminated (typically
`available if the main thread has already terminated (typically
` by calling pthread_exit(3)).
`by calling pthread_exit(3)).
` Permission to dereference or read (readlink(2)) this symbolic
`Permission to dereference or read (readlink(2)) this symbolic
`
`04
`
`

`

` link is governed by a ptrace access mode
`link is governed by a ptrace access mode
` PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
`PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
` Under Linux 2.0 and earlier, /proc/[pid]/exe is a pointer to
`Under Linux 2.0 and earlier, /proc/[pid]/exe is a pointer to
` the binary which was executed, and appears as a symbolic link.
`the binary which was executed, and appears as a symbolic link.
` A readlink(2) call on this file under Linux 2.0 returns a
`A readlink(2) call on this file under Linux 2.0 returns a
` string in the format:
`string in the format:
` [device]:inode
`[device]:inode
` For example, [0301]:1502 would be inode 1502 on device major
`For example, [0301]:1502 would be inode 1502 on device major
` 03 (IDE, MFM, etc. drives) minor 01 (first partition on the
`03 (IDE, MFM, etc. drives) minor 01 (first partition on the
` first drive).
`first drive).
` find(1) with the -inum option can be used to locate the file.
`find(1) with the -inum option can be used to locate the file.
` /proc/[pid]/fd/
`/proc/[pid]/fd/
` This is a subdirectory containing one entry for each file
`This is a subdirectory containing one entry for each file
` which the process has open, named by its file descriptor, and
`which the process has open, named by its file descriptor, and
` which is a symbolic link to the actual file. Thus, 0 is stan-
`which is a symbolic link to the actual file. Thus, 0 is stan-
` dard input, 1 standard output, 2 standard error, and so on.
`dard input, 1 standard output, 2 standard error, and so on.
` For file descriptors for pipes and sockets, the entries will
`For file descriptors for pipes and sockets, the entries will
` be symbolic links whose content is the file type with the
`be symbolic links whose content is the file type with the
` inod