Controlling processes via the /proc filesystem
Implemented by the Process Manager component of procnto, the /proc virtual filesystem lets you access and control the processes and threads running in the system.
This interface is intended for gathering information or process control while debugging. You should not use it in production systems to control the behavior of processes and threads.
Using the /proc filesystem to examine a process might affect the performance of the threads in the process when it is interacting with the process manager (e.g., using mmap() or munmap()). It may also affect any thread or threads in other processes with which those threads are interacting.
- as
- The address space that contains the process's entire memory space.
- cmdline
- The arguments passed to the process, separated by null characters.
For example:
# pidin -p 28687 arg pid Arguments 28687 io-sock -m mods-pci.so -d devs-em.so # echo `cat /proc/28687/cmdline` io-sock-mmods-pci.so-ddevs-em.so
- ctl
- A file that you can use for devctl() commands to access processes and their threads.
- exefile
- The path of the executable file used to run the process.
For example:
# echo `cat /proc/28687/exefile` /sbin/io-sock
- mappings
- A detailed view of every page in a process's address space.
- pmap
- A detailed view of the process's mappings.
- vmstat
- A view of the process's virtual memory.
Function | Purpose |
---|---|
open() | Establish a file descriptor to a process |
read() | Read data from the process's address space |
write() | Write data to the process's address space |
stat() | Return struct stat information |
lseek() | Establish a position within the process's address space for further operations |
devctl() | Manipulate a process or thread |
close() | Release a file descriptor |
Ancillary functions (such as readdir(), opendir(), and so on) are supported on the directory /proc itself—this aids in implementing commands such as ls.
- -d
- Controls the umask for cmdline and cctl. The default is 0022.
- -u
- Controls the umask for as, exefile, mappings, pmap and vmstat. The default is 0066.
You can use chmod to drop permissions on the as and ctl files, but you can't then regain the permissions.
Abilitiesin the System Security Guide):
- If your process has a different user ID than the target process, and you have only the POSIX permissions,
then you can:
- get limited access to cmdline; it shows the target process's first argument only (i.e., it tells you what's running but none of its command-line arguments)
- get limited access to ctl; it supports the DCMD_PROC_INFO, DCMD_PROC_MAPDEBUG_BASE, and DCMD_PROC_TIDSTATUS devctl() commands, but the output is sanitized.
- read exefile
- If your process has the same user ID and has POSIX access, then you get unrestricted access to the files.
- Irrespective of the user ID and POSIX permissions:
- If your process has the PROCMGR_AID_XPROCESS_QUERY ability for the user IDs of the target file (effective, real, and saved), you can get read access to all files except for the as file.
- If your process has PROCMGR_AID_XPROCESS_MEM_READ for the user IDs of the target file (effective, real, and saved), you can get read access to the as file.
- If a process has PROCMGR_AID_XPROCESS_DEBUG for the user IDs of the target file (effective, real, and saved), you can get write access to as and ctl.
- The root user (effective user ID 0) gets unrestricted POSIX access but still requires abilities to access files of processes with other user IDs.
Only one process can have a /proc/pid/as or /proc/pid/ctl file open for writing at a time.