I’ve been wanting to better understand what are some of the capabilities of procfs (/proc), so I thought of a little challenge for me:

  • for each day, for 30 days, I’ll be posting a new article about a single file under /proc that should be useful for someone either introspecting a system (or wanting to mutate some kernel param).

Given that so many tools touch the /proc mountpoint to gather information, and that it’s such a great place to learn more about where you can look for the reasons why a given process or the entire system is malfunctioning, I bet this it going to be great for many of the readers.

If you’d like to go along with me in such journey, join the mailing list!

Differently from the many other articles around the web covering /proc, the focus of this series is more on the details and internals of each call.

For instance, the plan is not only to cover questions like:

What is /proc/<pid>/fd?

But to include answers to questions like:

When I call ls /proc/<pid>/fd, what happens under the hood?

I still don’t have a full list of which files I’ll be touching (and in what order), so, please, let me know if you’d like me to cover a specific one!

This article will be updated whenever a new post comes out, so feel free to keep track of this one.

Have a good one!

The articles so far

  1. What is /proc? - as the first article in the series, this one focuses on the fundamentals around procfs, the underlying implementation that responds to calls to /proc, as well as vfs.

  2. How is /proc able to list process IDs? - given that directories are files, the first file I wanted to look for was the root directory of /proc. In this article, I go through how listing directories work in Linux and at which point procfs takes care of searching for PIDs and returning them as directory entries for the user.

  3. Why top and free inside containers don’t show the correct container memory? - this one covers some of the underlying aspects of how containers limits resources (tip: cgroups!) and why is the retrieval of memory information uncontained. If you’re into k8s and Docker, check this one out!

  4. Process limits under the hood - go through the internals of implementing a ulimit utility in C, inspecting how the Kernel limits the number of open files for a given process and then finally seeing how /proc/pid/limits works. Expect some tracing and a bunch of Kernel methods exposed!

  5. Using /proc to get a process’ current stack trace - go through the process of creating a simple TCP server that blocks, and then using /proc to identify the stack trace of the method that led the kernel to block at a given syscall. In this post we also look at how that C stack compares to one generated by the Go runtime.

  6. How Linux creates sockets and counts them - a deep dive into how the Linux kernel creates a Socket under the hood, and how it keeps track of the number of sockets that it has allocated.

  7. How Linux allows TCP introspection - an in-depth look at how the underlying data structures that power TCP server sockets get ready for receiving incoming connections, where to look for information regarding those sockets.

Would you like to keep up with the articles?

Click here to signup for the newsletter!