Controlling processes via the /proc filesystem

Updated: April 19, 2023

Implemented by the Process Manager component of procnto, the /proc virtual filesystem lets you access and control the processes and threads running in the system.

CAUTION:

This interface is intended for gathering information or process control while debugging. You should not use it in production systems to control the behavior of processes and threads.

Using the /proc filesystem to examine a process might affect the performance of the threads in the process when it is interacting with the process manager (eg. using mmap() or munmap()). It may also affect any thread or threads in other processes with which those threads are interacting.

The /proc filesystem manifests each process currently running on the system as a directory whose name is the numerical process ID (in decimal) of the process. Inside this directory, you'll find the following files:

as
The address space that contains the process's entire memory space.
cmdline
The arguments passed to the process, separated by null characters. For example:
# pidin -p 28687 arg
      pid Arguments
    28687 io-pkt-v6-hc -d abc100 mac=96a414016206
# echo `cat /proc/28687/cmdline`
io-pkt-v6-hc-dabc100mac=96a414016206
  
ctl
A file that you can use for devctl() commands to access processes and their threads.
exefile
The path of the executable file used to run the process. For example:
# echo `cat /proc/28687/exefile`
/sbin/io-pkt-v6-hc
  
mappings
A detailed view of every page in a process's address space.
pmap
A detailed view of the process's mappings.
vmstat
A view of the process's virtual memory.

You can use the following standard functions to access the files in the /proc filesystem:

Function Purpose
open() Establish a file descriptor to a process
read() Read data from the process's address space
write() Write data to the process's address space
stat() Return struct stat information
lseek() Establish a position within the process's address space for further operations
devctl() Manipulate a process or thread
close() Release a file descriptor

Ancillary functions (such as readdir(), opendir(), and so on) are supported on the directory /proc itself—this aids in implementing commands such as ls.

Note: In QNX Neutrino 7.0 or later, you must open the appropriate file (e.g., /proc/pid/ctl), not the /proc/pid directory.

When you start procnto, you can use the following options to specify the umask to use for the /proc/pid/* files.

-d
Controls the umask for cmdline and cctl. The default is 0022.
-u
Controls the umask for as, exefile, mappings, pmap and vmstat. The default is 0066.

You can use chmod to drop permissions on the as and ctl files, but you can't then regain the permissions.

In order to read or write data from or to the process, you must have opened the file descriptor in the appropriate mode. You must also have appropriate privileges to open the particular process. Access is controlled to a limited extent by POSIX permissions but mainly by abilities (see Abilities in the System Security Guide):

Only one process can have a /proc/pid/as or /proc/pid/ctl file open for writing at a time.