procfs man page on Kali

Man page or keyword search:  
man Server   9211 pages
apropos Keyword Search (all sections)
Output format
Kali logo
[printable version]

PROC(5)			   Linux Programmer's Manual		       PROC(5)

NAME
       proc - process information pseudo-filesystem

DESCRIPTION
       The  proc filesystem is a pseudo-filesystem which provides an interface
       to kernel data structures.  It is commonly  mounted  at	/proc.	 Typi‐
       cally,  it  is  mounted automatically by the system, but it can also be
       mounted manually using a command such as:

	   mount -t proc proc /proc

       Most of the files in the proc filesystem are read-only, but some	 files
       are writable, allowing kernel variables to be changed.

   Mount options
       The proc filesystem supports the following mount options:

       hidepid=n (since Linux 3.3)
	      This   option   controls	who  can  access  the  information  in
	      /proc/[pid] directories.	The argument, n, is one of the follow‐
	      ing values:

	      0	  Everybody  may  access all /proc/[pid] directories.  This is
		  the traditional behavior, and	 the  default  if  this	 mount
		  option is not specified.

	      1	  Users	 may  not  access  files and subdirectories inside any
		  /proc/[pid]  directories  but	 their	own  (the  /proc/[pid]
		  directories  themselves  remain  visible).   Sensitive files
		  such as /proc/[pid]/cmdline and /proc/[pid]/status  are  now
		  protected  against other users.  This makes it impossible to
		  learn whether any user is running  a	specific  program  (so
		  long	as  the program doesn't otherwise reveal itself by its
		  behavior).

	      2	  As for mode 1, but in addition the  /proc/[pid]  directories
		  belonging  to other users become invisible.  This means that
		  /proc/[pid] entries can no longer be used  to	 discover  the
		  PIDs	on  the	 system.   This	 doesn't  hide the fact that a
		  process with a specific PID value exists (it can be  learned
		  by  other  means,  for  example,  by "kill -0 $PID"), but it
		  hides a process's UID and  GID,  which  could	 otherwise  be
		  learned  by  employing  stat(2)  on a /proc/[pid] directory.
		  This greatly complicates an  attacker's  task	 of  gathering
		  information	about  running	processes  (e.g.,  discovering
		  whether some daemon is  running  with	 elevated  privileges,
		  whether  another  user  is  running  some sensitive program,
		  whether other users are running any program at all,  and  so
		  on).

       gid=gid (since Linux 3.3)
	      Specifies	 the  ID  of  a	 group whose members are authorized to
	      learn process information otherwise prohibited by hidepid (i.e.,
	      users  in	 this  group  behave  as though /proc was mounted with
	      hidepid=0).  This group should be	 used  instead	of  approaches
	      such as putting nonroot users into the sudoers(5) file.

   Files and directories
       The  following  list  describes many of the files and directories under
       the /proc hierarchy.

       /proc/[pid]
	      There is a numerical subdirectory for each running process;  the
	      subdirectory is named by the process ID.

	      Each  /proc/[pid]	 subdirectory  contains	 the  pseudo-files and
	      directories described below.  These files are normally owned  by
	      the  effective user and effective group ID of the process.  How‐
	      ever, as a security measure, the ownership is made root:root  if
	      the  process's "dumpable" attribute is set to a value other than
	      1.  This attribute may change for the following reasons:

	      *	 The  attribute	 was   explicitly   set	  via	the   prctl(2)
		 PR_SET_DUMPABLE operation.

	      *	 The   attribute   was	 reset	 to  the  value	 in  the  file
		 /proc/sys/fs/suid_dumpable (described below), for the reasons
		 described in prctl(2).

	      Resetting the "dumpable" attribute to 1 reverts the ownership of
	      the /proc/[pid]/* files to the process's real UID and real GID.

       /proc/[pid]/attr
	      The files in this directory provide an API for security modules.
	      The  contents  of	 this directory are files that can be read and
	      written in  order	 to  set  security-related  attributes.	  This
	      directory	 was  added  to support SELinux, but the intention was
	      that the API be general enough to support	 other	security  mod‐
	      ules.   For  the purpose of explanation, examples of how SELinux
	      uses these files are provided below.

	      This directory is present only if the kernel was configured with
	      CONFIG_SECURITY.

       /proc/[pid]/attr/current (since Linux 2.6.0)
	      The  contents  of	 this  file  represent	the  current  security
	      attributes of the process.

	      In SELinux, this file is used to get the security context	 of  a
	      process.	 Prior to Linux 2.6.11, this file could not be used to
	      set the security context (a  write  was  always  denied),	 since
	      SELinux  limited	process security transitions to execve(2) (see
	      the description of /proc/[pid]/attr/exec, below).	  Since	 Linux
	      2.6.11,  SELinux	lifted	this  restriction and began supporting
	      "set" operations via writes to this node if authorized  by  pol‐
	      icy,  although use of this operation is only suitable for appli‐
	      cations that are trusted	to  maintain  any  desired  separation
	      between  the  old	 and  new  security  contexts.	Prior to Linux
	      2.6.28, SELinux did not allow threads  within  a	multi-threaded
	      process  to set their security context via this node as it would
	      yield an	inconsistency  among  the  security  contexts  of  the
	      threads  sharing	the  same  memory  space.  Since Linux 2.6.28,
	      SELinux lifted this restriction and began supporting "set" oper‐
	      ations  for  threads  within  a multithreaded process if the new
	      security context is bounded by the old security  context,	 where
	      the  bounded  relation  is defined in policy and guarantees that
	      the new security context has a subset of the permissions of  the
	      old security context.  Other security modules may choose to sup‐
	      port "set" operations via writes to this node.

       /proc/[pid]/attr/exec (since Linux 2.6.0)
	      This file represents the attributes to  assign  to  the  process
	      upon a subsequent execve(2).

	      In  SELinux,  this is needed to support role/domain transitions,
	      and execve(2) is the preferred point to  make  such  transitions
	      because  it offers better control over the initialization of the
	      process in the new security label and the inheritance of	state.
	      In SELinux, this attribute is reset on execve(2) so that the new
	      program reverts to the default behavior for any execve(2)	 calls
	      that  it	may  make.  In SELinux, a process can set only its own
	      /proc/[pid]/attr/exec attribute.

       /proc/[pid]/attr/fscreate (since Linux 2.6.0)
	      This file represents the attributes to assign to	files  created
	      by  subsequent  calls  to	 open(2),  mkdir(2),  symlink(2),  and
	      mknod(2)

	      SELinux employs this file to support creation of a  file	(using
	      the  aforementioned  system  calls)  in  a secure state, so that
	      there is no risk of inappropriate access being obtained  between
	      the  time	 of creation and the time that attributes are set.  In
	      SELinux, this attribute is reset on execve(2), so that  the  new
	      program  reverts	to  the default behavior for any file creation
	      calls it may make, but the attribute will persist across	multi‐
	      ple file creation calls within a program unless it is explicitly
	      reset.   In  SELinux,  a	process	  can	set   only   its   own
	      /proc/[pid]/attr/fscreate attribute.

       /proc/[pid]/attr/keycreate (since Linux 2.6.18)
	      If  a process writes a security context into this file, all sub‐
	      sequently created keys (add_key(2)) will be  labeled  with  this
	      context.	 For  further  information, see the kernel source file
	      Documentation/security/keys/core.rst   (or    file    Documenta‐
	      tion/security/keys.txt  on  Linux between 3.0 and 4.13, or Docu‐
	      mentation/keys.txt before Linux 3.0).

       /proc/[pid]/attr/prev (since Linux 2.6.0)
	      This file contains the security context of  the  process	before
	      the   last   execve(2);	that   is,   the   previous  value  of
	      /proc/[pid]/attr/current.

       /proc/[pid]/attr/socketcreate (since Linux 2.6.18)
	      If a process writes a security context into this file, all  sub‐
	      sequently created sockets will be labeled with this context.

       /proc/[pid]/autogroup (since Linux 2.6.38)
	      See sched(7).

       /proc/[pid]/auxv (since 2.6.0-test7)
	      This  contains  the  contents of the ELF interpreter information
	      passed to the process at exec time.  The format is one  unsigned
	      long  ID	plus one unsigned long value for each entry.  The last
	      entry contains two zeros.	 See also getauxval(3).

	      Permission to access this file is governed by  a	ptrace	access
	      mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

       /proc/[pid]/cgroup (since Linux 2.6.24)
	      See cgroups(7).

       /proc/[pid]/clear_refs (since Linux 2.6.22)

	      This  is	a  write-only  file,  writable	only  by  owner of the
	      process.

	      The following values may be written to the file:

	      1 (since Linux 2.6.22)
		     Reset the PG_Referenced and ACCESSED/YOUNG bits  for  all
		     the  pages	 associated  with the process.	(Before kernel
		     2.6.32, writing any nonzero value to this file  had  this
		     effect.)

	      2 (since Linux 2.6.32)
		     Reset  the	 PG_Referenced and ACCESSED/YOUNG bits for all
		     anonymous pages associated with the process.

	      3 (since Linux 2.6.32)
		     Reset the PG_Referenced and ACCESSED/YOUNG bits  for  all
		     file-mapped pages associated with the process.

	      Clearing	the  PG_Referenced  and ACCESSED/YOUNG bits provides a
	      method to measure approximately how much	memory	a  process  is
	      using.  One first inspects the values in the "Referenced" fields
	      for the VMAs shown in /proc/[pid]/smaps to get an	 idea  of  the
	      memory  footprint of the process.	 One then clears the PG_Refer‐
	      enced and ACCESSED/YOUNG bits  and,  after  some	measured  time
	      interval,	 once  again  inspects	the values in the "Referenced"
	      fields to get an idea of the change in memory footprint  of  the
	      process during the measured interval.  If one is interested only
	      in inspecting the selected mapping types, then the value 2 or  3
	      can be used instead of 1.

	      Further values can be written to affect different properties:

	      4 (since Linux 3.11)
		     Clear  the	 soft-dirty  bit  for all the pages associated
		     with the process.	This  is  used	(in  conjunction  with
		     /proc/[pid]/pagemap) by the check-point restore system to
		     discover which pages of a process have been dirtied since
		     the file /proc/[pid]/clear_refs was written to.

	      5 (since Linux 4.0)
		     Reset  the	 peak resident set size ("high water mark") to
		     the process's current resident set size value.

	      Writing any value to  /proc/[pid]/clear_refs  other  than	 those
	      listed above has no effect.

	      The  /proc/[pid]/clear_refs  file	 is  present  only if the CON‐
	      FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.

       /proc/[pid]/cmdline
	      This read-only file holds the  complete  command	line  for  the
	      process,	unless	the  process is a zombie.  In the latter case,
	      there is nothing in this file: that is, a read on this file will
	      return  0 characters.  The command-line arguments appear in this
	      file as a set of strings separated by null bytes ('\0'), with  a
	      further null byte after the last string.

       /proc/[pid]/comm (since Linux 2.6.33)
	      This  file exposes the process's comm value—that is, the command
	      name associated with the process.	 Different threads in the same
	      process	may   have   different	comm  values,  accessible  via
	      /proc/[pid]/task/[tid]/comm.   A	thread	may  modify  its  comm
	      value,  or  that of any of other thread in the same thread group
	      (see the discussion of CLONE_THREAD in clone(2)), by writing  to
	      the   file   /proc/self/task/[tid]/comm.	 Strings  longer  than
	      TASK_COMM_LEN (16) characters are silently truncated.

	      This file provides a superset of the  prctl(2)  PR_SET_NAME  and
	      PR_GET_NAME operations, and is employed by pthread_setname_np(3)
	      when used to rename threads other than the caller.

       /proc/[pid]/coredump_filter (since Linux 2.6.23)
	      See core(5).

       /proc/[pid]/cpuset (since Linux 2.6.12)
	      See cpuset(7).

       /proc/[pid]/cwd
	      This is a symbolic link to the current working directory of  the
	      process.	 To  find out the current working directory of process
	      20, for instance, you can do this:

		  $ cd /proc/20/cwd; /bin/pwd

	      Note that the pwd command is often a shell built-in,  and	 might
	      not work properly.  In bash(1), you may use pwd -P.

	      In  a  multithreaded process, the contents of this symbolic link
	      are not available if the	main  thread  has  already  terminated
	      (typically by calling pthread_exit(3)).

	      Permission  to  dereference  or read (readlink(2)) this symbolic
	      link    is    governed	by    a	    ptrace     access	  mode
	      PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

       /proc/[pid]/environ
	      This file contains the initial environment that was set when the
	      currently executing program  was	started	 via  execve(2).   The
	      entries  are  separated by null bytes ('\0'), and there may be a
	      null byte at the end.  Thus, to print  out  the  environment  of
	      process 1, you would do:

		  $ strings /proc/1/environ

	      If,  after  an  execve(2),  the process modifies its environment
	      (e.g., by calling functions such as putenv(3) or	modifying  the
	      environ(7)  variable directly), this file will not reflect those
	      changes.

	      Furthermore, a process may change the memory location that  this
	      file refers via prctl(2) operations such as PR_SET_MM_ENV_START.

	      Permission  to  access  this file is governed by a ptrace access
	      mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

       /proc/[pid]/exe
	      Under Linux 2.2 and later, this file is a symbolic link contain‐
	      ing  the actual pathname of the executed command.	 This symbolic
	      link can be dereferenced normally; attempting to	open  it  will
	      open  the	 executable.  You can even type /proc/[pid]/exe to run
	      another copy of the same executable that is being run by process
	      [pid].   If  the	pathname  has been unlinked, the symbolic link
	      will contain the string '(deleted)'  appended  to	 the  original
	      pathname.	 In a multithreaded process, the contents of this sym‐
	      bolic link are not available if the main thread has already ter‐
	      minated (typically by calling pthread_exit(3)).

	      Permission  to  dereference  or read (readlink(2)) this symbolic
	      link    is    governed	by    a	    ptrace     access	  mode
	      PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

	      Under Linux 2.0 and earlier, /proc/[pid]/exe is a pointer to the
	      binary which was executed, and appears as a  symbolic  link.   A
	      readlink(2)  call	 on this file under Linux 2.0 returns a string
	      in the format:

		  [device]:inode

	      For example, [0301]:1502 would be inode 1502 on device major  03
	      (IDE,  MFM,  etc. drives) minor 01 (first partition on the first
	      drive).

	      find(1) with the -inum option can be used to locate the file.

       /proc/[pid]/fd/
	      This is a subdirectory containing one entry for each file	 which
	      the process has open, named by its file descriptor, and which is
	      a symbolic link to the actual file.  Thus, 0 is standard	input,
	      1 standard output, 2 standard error, and so on.

	      For  file descriptors for pipes and sockets, the entries will be
	      symbolic links whose content is the file type with the inode.  A
	      readlink(2) call on this file returns a string in the format:

		  type:[inode]

	      For  example, socket:[2248868] will be a socket and its inode is
	      2248868.	For sockets, that inode	 can  be  used	to  find  more
	      information in one of the files under /proc/net/.

	      For  file	 descriptors  that  have no corresponding inode (e.g.,
	      file   descriptors   produced   by   bpf(2),    epoll_create(2),
	      eventfd(2),  inotify_init(2),  perf_event_open(2),  signalfd(2),
	      timerfd_create(2), and userfaultfd(2)), the entry will be a sym‐
	      bolic link with contents of the form

		  anon_inode:<file-type>

	      In  many	cases  (but  not  all), the file-type is surrounded by
	      square brackets.

	      For example, an epoll file descriptor will have a symbolic  link
	      whose content is the string anon_inode:[eventpoll].

	      In  a  multithreaded process, the contents of this directory are
	      not available if the main thread has already  terminated	(typi‐
	      cally by calling pthread_exit(3)).

	      Programs	that  take  a filename as a command-line argument, but
	      don't take input from standard input if no argument is supplied,
	      and  programs that write to a file named as a command-line argu‐
	      ment, but don't send their output to standard output if no argu‐
	      ment is supplied, can nevertheless be made to use standard input
	      or standard output by using /proc/[pid]/fd files as command-line
	      arguments.   For example, assuming that -i is the flag designat‐
	      ing an input file and -o is the flag designating an output file:

		  $ foobar -i /proc/self/fd/0 -o /proc/self/fd/1 ...

	      and you have a working filter.

	      /proc/self/fd/N is approximately the same as /dev/fd/N  in  some
	      UNIX and UNIX-like systems.  Most Linux MAKEDEV scripts symboli‐
	      cally link /dev/fd to /proc/self/fd, in fact.

	      Most systems provide symbolic links /dev/stdin, /dev/stdout, and
	      /dev/stderr, which respectively link to the files 0, 1, and 2 in
	      /proc/self/fd.  Thus the example command above could be  written
	      as:

		  $ foobar -i /dev/stdin -o /dev/stdout ...

	      Permission  to  dereference  or  read (readlink(2)) the symbolic
	      links in this directory is governed  by  a  ptrace  access  mode
	      PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

	      Note  that  for  file descriptors referring to inodes (pipes and
	      sockets, see above), those inodes still have permission bits and
	      ownership	 information distinct from those of the /proc/[pid]/fd
	      entry, and that the owner may differ from the user and group IDs
	      of the process.  An unprivileged process may lack permissions to
	      open them, as in this example:

		  $ echo test | sudo -u nobody cat
		  test
		  $ echo test | sudo -u nobody cat /proc/self/fd/0
		  cat: /proc/self/fd/0: Permission denied

	      File descriptor 0 refers to the pipe created by  the  shell  and
	      owned by that shell's user, which is not nobody, so cat does not
	      have permission to create a new file  descriptor	to  read  from
	      that inode, even though it can still read from its existing file
	      descriptor 0.

       /proc/[pid]/fdinfo/ (since Linux 2.6.22)
	      This is a subdirectory containing one entry for each file	 which
	      the  process  has open, named by its file descriptor.  The files
	      in this directory are readable only by the owner of the process.
	      The  contents  of	 each  file  can be read to obtain information
	      about the corresponding file descriptor.	The content depends on
	      the  type of file referred to by the corresponding file descrip‐
	      tor.

	      For regular files and directories, we see something like:

		  $ cat /proc/12015/fdinfo/4
		  pos:	  1000
		  flags:  01002002
		  mnt_id: 21

	      The fields are as follows:

	      pos    This is a decimal number showing the file offset.

	      flags  This is an octal number that  displays  the  file	access
		     mode  and file status flags (see open(2)).	 If the close-
		     on-exec file descriptor flag is set, then flags will also
		     include the value O_CLOEXEC.

		     Before  Linux  3.1,  this field incorrectly displayed the
		     setting of O_CLOEXEC at the time  the  file  was  opened,
		     rather  than  the	current	 setting  of the close-on-exec
		     flag.

	      mnt_id This field, present since Linux 3.15, is the  ID  of  the
		     mount point containing this file.	See the description of
		     /proc/[pid]/mountinfo.

	      For eventfd file descriptors (see	 eventfd(2)),  we  see	(since
	      Linux 3.8) the following fields:

		  pos: 0
		  flags:    02
		  mnt_id:   10
		  eventfd-count:	       40

	      eventfd-count  is	 the  current value of the eventfd counter, in
	      hexadecimal.

	      For epoll file descriptors (see epoll(7)), we see	 (since	 Linux
	      3.8) the following fields:

		  pos: 0
		  flags:    02
		  mnt_id:   10
		  tfd:	      9 events:	      19 data: 74253d2500000009
		  tfd:	      7 events:	      19 data: 74253d2500000007

	      Each  of	the  lines  beginning  tfd  describes  one of the file
	      descriptors being monitored via the epoll file  descriptor  (see
	      epoll_ctl(2)  for some details).	The tfd field is the number of
	      the file descriptor.  The events field is a hexadecimal mask  of
	      the  events  being monitored for this file descriptor.  The data
	      field is the data value associated with this file descriptor.

	      For signalfd file descriptors (see signalfd(2)), we  see	(since
	      Linux 3.8) the following fields:

		  pos: 0
		  flags:    02
		  mnt_id:   10
		  sigmask:  0000000000000006

	      sigmask is the hexadecimal mask of signals that are accepted via
	      this signalfd file descriptor.  (In this example, bits 2	and  3
	      are  set,	 corresponding	to the signals SIGINT and SIGQUIT; see
	      signal(7).)

	      For inotify file descriptors (see	 inotify(7)),  we  see	(since
	      Linux 3.8) the following fields:

		  pos: 0
		  flags:    00
		  mnt_id:   11
		  inotify wd:2 ino:7ef82a sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:2af87e00220ffd73
		  inotify wd:1 ino:192627 sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:27261900802dfd73

	      Each  of the lines beginning with "inotify" displays information
	      about one file or directory that is being monitored.  The fields
	      in this line are as follows:

	      wd     A watch descriptor number (in decimal).

	      ino    The inode number of the target file (in hexadecimal).

	      sdev   The  ID  of  the device where the target file resides (in
		     hexadecimal).

	      mask   The mask of events being monitored for  the  target  file
		     (in hexadecimal).

	      If  the  kernel was built with exportfs support, the path to the
	      target file is exposed as a file handle, via  three  hexadecimal
	      fields: fhandle-bytes, fhandle-type, and f_handle.

	      For  fanotify  file descriptors (see fanotify(7)), we see (since
	      Linux 3.8) the following fields:

		  pos: 0
		  flags:    02
		  mnt_id:   11
		  fanotify flags:0 event-flags:88002
		  fanotify ino:19264f sdev:800001 mflags:0 mask:1 ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:4f261900a82dfd73

	      The fourth line displays information defined when	 the  fanotify
	      group was created via fanotify_init(2):

	      flags  The  flags	 argument given to fanotify_init(2) (expressed
		     in hexadecimal).

	      event-flags
		     The  event_f_flags	 argument  given  to  fanotify_init(2)
		     (expressed in hexadecimal).

	      Each  additional	line  shown  in	 the file contains information
	      about one of the marks in the fanotify  group.   Most  of	 these
	      fields are as for inotify, except:

	      mflags The flags associated with the mark (expressed in hexadec‐
		     imal).

	      mask   The events mask for this mark (expressed in hexadecimal).

	      ignored_mask
		     The mask  of  events  that	 are  ignored  for  this  mark
		     (expressed in hexadecimal).

	      For details on these fields, see fanotify_mark(2).

       /proc/[pid]/gid_map (since Linux 3.5)
	      See user_namespaces(7).

       /proc/[pid]/io (since kernel 2.6.20)
	      This file contains I/O statistics for the process, for example:

		  # cat /proc/3828/io
		  rchar: 323934931
		  wchar: 323929600
		  syscr: 632687
		  syscw: 632675
		  read_bytes: 0
		  write_bytes: 323932160
		  cancelled_write_bytes: 0

	      The fields are as follows:

	      rchar: characters read
		     The number of bytes which this task has caused to be read
		     from storage.  This is simply the sum of bytes which this
		     process  passed  to read(2) and similar system calls.  It
		     includes things such as terminal I/O and is unaffected by
		     whether or not actual physical disk I/O was required (the
		     read might have been satisfied from pagecache).

	      wchar: characters written
		     The number of bytes which this task has caused, or	 shall
		     cause  to be written to disk.  Similar caveats apply here
		     as with rchar.

	      syscr: read syscalls
		     Attempt to count the number of read  I/O  operations—that
		     is, system calls such as read(2) and pread(2).

	      syscw: write syscalls
		     Attempt  to count the number of write I/O operations—that
		     is, system calls such as write(2) and pwrite(2).

	      read_bytes: bytes read
		     Attempt to count the number of bytes which	 this  process
		     really  did  cause	 to be fetched from the storage layer.
		     This is accurate for block-backed filesystems.

	      write_bytes: bytes written
		     Attempt to count the number of bytes which	 this  process
		     caused to be sent to the storage layer.

	      cancelled_write_bytes:
		     The big inaccuracy here is truncate.  If a process writes
		     1MB to a file and then deletes the file, it will in  fact
		     perform  no writeout.  But it will have been accounted as
		     having caused 1MB of write.  In other words:  this	 field
		     represents	 the number of bytes which this process caused
		     to not happen, by truncating pagecache.  A task can cause
		     "negative"	 I/O  too.   If this task truncates some dirty
		     pagecache, some I/O which another task has been accounted
		     for (in its write_bytes) will not be happening.

	      Note:  In	 the  current implementation, things are a bit racy on
	      32-bit systems: if process A reads  process  B's	/proc/[pid]/io
	      while  process  B	 is  updating  one  of	these 64-bit counters,
	      process A could see an intermediate result.

	      Permission to access this file is governed by  a	ptrace	access
	      mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

       /proc/[pid]/limits (since Linux 2.6.24)
	      This file displays the soft limit, hard limit, and units of mea‐
	      surement for each of the process's resource  limits  (see	 getr‐
	      limit(2)).   Up to and including Linux 2.6.35, this file is pro‐
	      tected to allow reading only by the real	UID  of	 the  process.
	      Since  Linux  2.6.36,  this file is readable by all users on the
	      system.

       /proc/[pid]/map_files/ (since kernel 3.3)
	      This subdirectory	 contains  entries  corresponding  to  memory-
	      mapped  files (see mmap(2)).  Entries are named by memory region
	      start and end address pair (expressed as	hexadecimal  numbers),
	      and  are symbolic links to the mapped files themselves.  Here is
	      an example, with the output wrapped and reformatted to fit on an
	      80-column display:

		  # ls -l /proc/self/map_files/
		  lr--------. 1 root root 64 Apr 16 21:31
			      3252e00000-3252e20000 -> /usr/lib64/ld-2.15.so
		  ...

	      Although	these entries are present for memory regions that were
	      mapped with the MAP_FILE flag, the way anonymous	shared	memory
	      (regions created with the MAP_ANON | MAP_SHARED flags) is imple‐
	      mented in Linux means that such  regions	also  appear  on  this
	      directory.   Here	 is  an	 example  where the target file is the
	      deleted /dev/zero one:

		  lrw-------. 1 root root 64 Apr 16 21:33
			      7fc075d2f000-7fc075e6f000 -> /dev/zero (deleted)

	      This directory appears  only  if	the  CONFIG_CHECKPOINT_RESTORE
	      kernel	configuration	 option	   is	 enabled.    Privilege
	      (CAP_SYS_ADMIN) is required to view the contents of this	direc‐
	      tory.

       /proc/[pid]/maps
	      A	 file containing the currently mapped memory regions and their
	      access permissions.  See mmap(2) for  some  further  information
	      about memory mappings.

	      Permission  to  access  this file is governed by a ptrace access
	      mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

	      The format of the file is:

    address	      perms offset  dev	  inode	      pathname
    00400000-00452000 r-xp 00000000 08:02 173521      /usr/bin/dbus-daemon
    00651000-00652000 r--p 00051000 08:02 173521      /usr/bin/dbus-daemon
    00652000-00655000 rw-p 00052000 08:02 173521      /usr/bin/dbus-daemon
    00e03000-00e24000 rw-p 00000000 00:00 0	      [heap]
    00e24000-011f7000 rw-p 00000000 00:00 0	      [heap]
    ...
    35b1800000-35b1820000 r-xp 00000000 08:02 135522  /usr/lib64/ld-2.15.so
    35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522  /usr/lib64/ld-2.15.so
    35b1a20000-35b1a21000 rw-p 00020000 08:02 135522  /usr/lib64/ld-2.15.so
    35b1a21000-35b1a22000 rw-p 00000000 00:00 0
    35b1c00000-35b1dac000 r-xp 00000000 08:02 135870  /usr/lib64/libc-2.15.so
    35b1dac000-35b1fac000 ---p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
    35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
    35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870  /usr/lib64/libc-2.15.so
    ...
    f2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0    [stack:986]
    ...
    7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0   [stack]
    7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0   [vdso]

	      The address field is the address space in the process  that  the
	      mapping occupies.	 The perms field is a set of permissions:

		  r = read
		  w = write
		  x = execute
		  s = shared
		  p = private (copy on write)

	      The  offset  field  is the offset into the file/whatever; dev is
	      the device (major:minor); inode is the inode on that device.   0
	      indicates that no inode is associated with the memory region, as
	      would be the case with BSS (uninitialized data).

	      The pathname field will usually be the file that is backing  the
	      mapping.	For ELF files, you can easily coordinate with the off‐
	      set field by looking at the Offset  field	 in  the  ELF  program
	      headers (readelf -l).

	      There are additional helpful pseudo-paths:

		   [stack]
			  The  initial	process's  (also  known	 as  the  main
			  thread's) stack.

		   [stack:<tid>] (since Linux 3.4)
			  A thread's stack (where the <tid> is a  thread  ID).
			  It corresponds to the /proc/[pid]/task/[tid]/ path.

		   [vdso] The  virtual	dynamically linked shared object.  See
			  vdso(7).

		   [heap] The process's heap.

	      If the pathname field is blank, this is an anonymous mapping  as
	      obtained	via  mmap(2).  There is no easy way to coordinate this
	      back to a process's source, short of running it through  gdb(1),
	      strace(1), or similar.

	      Under Linux 2.0, there is no field giving pathname.

       /proc/[pid]/mem
	      This  file can be used to access the pages of a process's memory
	      through open(2), read(2), and lseek(2).

	      Permission to access this file is governed by  a	ptrace	access
	      mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).

       /proc/[pid]/mountinfo (since Linux 2.6.26)
	      This  file  contains  information	 about	mount  points  in  the
	      process's mount namespace (see  mount_namespaces(7)).   It  sup‐
	      plies  various  information  (e.g.,  propagation	state, root of
	      mount for bind mounts, identifier for each mount and its parent)
	      that  is	missing	 from the (older) /proc/[pid]/mounts file, and
	      fixes various other problems with that file  (e.g.,  nonextensi‐
	      bility,  failure	to distinguish per-mount versus per-superblock
	      options).

	      The file contains lines of the form:

36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
(1)(2)(3)   (4)	  (5)	   (6)	    (7)	  (8) (9)   (10)	 (11)

	      The numbers in  parentheses  are	labels	for  the  descriptions
	      below:

	      (1)  mount  ID:  a  unique ID for the mount (may be reused after
		   umount(2)).

	      (2)  parent ID: the ID of the parent mount (or of self  for  the
		   root of this mount namespace's mount tree).

		   If  the  parent mount point lies outside the process's root
		   directory (see chroot(2)), the ID shown here won't  have  a
		   corresponding  record in mountinfo whose mount ID (field 1)
		   matches this parent mount ID (because mount points that lie
		   outside  the	 process's  root  directory  are  not shown in
		   mountinfo).	As a special case of this point, the process's
		   root mount point may have a parent mount (for the initramfs
		   filesystem) that lies outside the process's root directory,
		   and	an  entry  for	that  mount  point  will not appear in
		   mountinfo.

	      (3)  major:minor: the value of st_dev for files on this filesys‐
		   tem (see stat(2)).

	      (4)  root: the pathname of the directory in the filesystem which
		   forms the root of this mount.

	      (5)  mount point: the pathname of the mount  point  relative  to
		   the process's root directory.

	      (6)  mount options: per-mount options.

	      (7)  optional   fields:	zero   or  more	 fields	 of  the  form
		   "tag[:value]"; see below.

	      (8)  separator: the end of the optional fields is	 marked	 by  a
		   single hyphen.

	      (9)  filesystem	type:	the   filesystem   type	 in  the  form
		   "type[.subtype]".

	      (10) mount source: filesystem-specific information or "none".

	      (11) super options: per-superblock options.

	      Currently, the possible  optional	 fields	 are  shared,  master,
	      propagate_from,  and  unbindable.	 See mount_namespaces(7) for a
	      description of these fields.  Parsers should ignore all unrecog‐
	      nized optional fields.

	      For  more	 information  on  mount	 propagation  see:  Documenta‐
	      tion/filesystems/sharedsubtree.txt in the	 Linux	kernel	source
	      tree.

       /proc/[pid]/mounts (since Linux 2.4.19)
	      This  file  lists	 all  the filesystems currently mounted in the
	      process's mount namespace (see mount_namespaces(7)).  The format
	      of this file is documented in fstab(5).

	      Since  kernel version 2.6.15, this file is pollable: after open‐
	      ing the file for	reading,  a  change  in	 this  file  (i.e.,  a
	      filesystem  mount	 or unmount) causes select(2) to mark the file
	      descriptor as having an exceptional condition, and  poll(2)  and
	      epoll_wait(2)  mark  the	file as having a priority event (POLL‐
	      PRI).  (Before Linux 2.6.30, a change in this file was indicated
	      by  the  file descriptor being marked as readable for select(2),
	      and being marked as having an error condition  for  poll(2)  and
	      epoll_wait(2).)

       /proc/[pid]/mountstats (since Linux 2.6.17)
	      This  file exports information (statistics, configuration infor‐
	      mation) about the mount points in the process's mount  namespace
	      (see mount_namespaces(7)).  Lines in this file have the form:

		  device /dev/sda7 mounted on /home with fstype ext3 [statistics]
		  (	  1	 )	      ( 2 )		(3 ) (4)

	      The fields in each line are:

	      (1)  The	name  of the mounted device (or "nodevice" if there is
		   no corresponding device).

	      (2)  The mount point within the filesystem tree.

	      (3)  The filesystem type.

	      (4)  Optional statistics and  configuration  information.	  Cur‐
		   rently  (as	at  Linux 2.6.26), only NFS filesystems export
		   information via this field.

	      This file is readable only by the owner of the process.

       /proc/[pid]/net (since Linux 2.6.25)
	      See the description of /proc/net.

       /proc/[pid]/ns/ (since Linux 3.0)
	      This is a subdirectory containing one entry for  each  namespace
	      that  supports being manipulated by setns(2).  For more informa‐
	      tion, see namespaces(7).

       /proc/[pid]/numa_maps (since Linux 2.6.14)
	      See numa(7).

       /proc/[pid]/oom_adj (since Linux 2.6.11)
	      This file can be used to adjust the score used to	 select	 which
	      process  should  be  killed in an out-of-memory (OOM) situation.
	      The kernel uses this value for  a	 bit-shift  operation  of  the
	      process's	 oom_score value: valid values are in the range -16 to
	      +15, plus the special  value  -17,  which	 disables  OOM-killing
	      altogether  for  this  process.	A positive score increases the
	      likelihood of this process being killed  by  the	OOM-killer;  a
	      negative score decreases the likelihood.

	      The default value for this file is 0; a new process inherits its
	      parent's	oom_adj	 setting.   A  process	must   be   privileged
	      (CAP_SYS_RESOURCE) to update this file.

	      Since  Linux  2.6.36, use of this file is deprecated in favor of
	      /proc/[pid]/oom_score_adj.

       /proc/[pid]/oom_score (since Linux 2.6.11)
	      This file displays the current score that the  kernel  gives  to
	      this process for the purpose of selecting a process for the OOM-
	      killer.  A higher score means that the process is more likely to
	      be  selected by the OOM-killer.  The basis for this score is the
	      amount of memory used by the  process,  with  increases  (+)  or
	      decreases (-) for factors including:

	      * whether the process is privileged (-).

	      Before kernel 2.6.36 the following factors were also used in the
	      calculation of oom_score:

	      * whether the process creates a lot of  children	using  fork(2)
		(+);

	      * whether	 the process has been running a long time, or has used
		a lot of CPU time (-);

	      * whether the process has a low nice value (i.e., > 0) (+); and

	      * whether the process is making direct hardware access (-).

	      The oom_score also reflects  the	adjustment  specified  by  the
	      oom_score_adj or oom_adj setting for the process.

       /proc/[pid]/oom_score_adj (since Linux 2.6.36)
	      This  file  can  be used to adjust the badness heuristic used to
	      select which process gets killed in out-of-memory conditions.

	      The badness heuristic assigns a value  to	 each  candidate  task
	      ranging  from  0 (never kill) to 1000 (always kill) to determine
	      which process is targeted.  The units are roughly	 a  proportion
	      along  that  range  of  allowed  memory the process may allocate
	      from, based on an estimation of its current memory and swap use.
	      For  example, if a task is using all allowed memory, its badness
	      score will be 1000.  If it is using half of its allowed  memory,
	      its score will be 500.

	      There  is	 an  additional	 factor included in the badness score:
	      root processes are given 3% extra memory over other tasks.

	      The amount of "allowed" memory depends on the context  in	 which
	      the  OOM-killer was called.  If it is due to the memory assigned
	      to the allocating task's cpuset  being  exhausted,  the  allowed
	      memory  represents  the set of mems assigned to that cpuset (see
	      cpuset(7)).  If  it  is  due  to	a  mempolicy's	node(s)	 being
	      exhausted,  the  allowed	memory represents the set of mempolicy
	      nodes.  If it is due to a memory limit  (or  swap	 limit)	 being
	      reached,	the allowed memory is that configured limit.  Finally,
	      if it is due to the entire  system  being	 out  of  memory,  the
	      allowed memory represents all allocatable resources.

	      The  value of oom_score_adj is added to the badness score before
	      it is used to determine which task to kill.   Acceptable	values
	      range	from	 -1000	   (OOM_SCORE_ADJ_MIN)	   to	 +1000
	      (OOM_SCORE_ADJ_MAX).  This allows	 user  space  to  control  the
	      preference  for  OOM-killing,  ranging  from always preferring a
	      certain task or completely disabling it from OOM	killing.   The
	      lowest  possible	value,	-1000, is equivalent to disabling OOM-
	      killing entirely for that task, since it will  always  report  a
	      badness score of 0.

	      Consequently,  it	 is  very  simple for user space to define the
	      amount  of  memory  to  consider	for  each  task.   Setting  an
	      oom_score_adj  value of +500, for example, is roughly equivalent
	      to allowing the remainder of  tasks  sharing  the	 same  system,
	      cpuset,  mempolicy,  or  memory  controller  resources to use at
	      least 50% more memory.  A value of  -500,	 on  the  other	 hand,
	      would  be	 roughly  equivalent  to discounting 50% of the task's
	      allowed memory from being	 considered  as	 scoring  against  the
	      task.

	      For    backward	 compatibility	  with	  previous    kernels,
	      /proc/[pid]/oom_adj can still be used to tune the badness score.
	      Its value is scaled linearly with oom_score_adj.

	      Writing to /proc/[pid]/oom_score_adj or /proc/[pid]/oom_adj will
	      change the other with its scaled value.

       /proc/[pid]/pagemap (since Linux 2.6.25)
	      This file shows the mapping of each  of  the  process's  virtual
	      pages  into  physical page frames or swap area.  It contains one
	      64-bit value for each virtual page, with the bits	 set  as  fol‐
	      lows:

		   63	  If set, the page is present in RAM.

		   62	  If set, the page is in swap space

		   61 (since Linux 3.5)
			  The page is a file-mapped page or a shared anonymous
			  page.

		   60–57 (since Linux 3.11)
			  Zero

		   56 (since Linux 4.2)
			  The page is exclusively mapped.

		   55 (since Linux 3.11)
			  PTE is soft-dirty (see the kernel source file	 Docu‐
			  mentation/vm/soft-dirty.txt).

		   54–0	  If  the  page is present in RAM (bit 63), then these
			  bits provide the page frame  number,	which  can  be
			  used to index /proc/kpageflags and /proc/kpagecount.
			  If the page is present in swap (bit 62),  then  bits
			  4–0  give  the  swap	type, and bits 54–5 encode the
			  swap offset.

	      Before Linux 3.11, bits 60–55 were used to encode the base-2 log
	      of the page size.

	      To  employ /proc/[pid]/pagemap efficiently, use /proc/[pid]/maps
	      to determine which areas of memory are actually mapped and  seek
	      to skip over unmapped regions.

	      The  /proc/[pid]/pagemap	file  is  present  only	 if  the  CON‐
	      FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.

	      Permission to access this file is governed by  a	ptrace	access
	      mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

       /proc/[pid]/personality (since Linux 2.6.28)
	      This  read-only  file exposes the process's execution domain, as
	      set by personality(2).  The value is  displayed  in  hexadecimal
	      notation.

	      Permission  to  access  this file is governed by a ptrace access
	      mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).

       /proc/[pid]/root
	      UNIX and Linux support the idea of a  per-process	 root  of  the
	      filesystem,  set	by  the chroot(2) system call.	This file is a
	      symbolic link that points to the process's root  directory,  and
	      behaves in the same way as exe, and fd/*.

	      Note  however  that this file is not merely a symbolic link.  It
	      provides the same view of the filesystem	(including  namespaces
	      and  the	set  of per-process mounts) as the process itself.  An
	      example illustrates this point.  In one  terminal,  we  start  a
	      shell  in	 new  user  and mount namespaces, and in that shell we
	      create some new mount points:

		  $ PS1='sh1# ' unshare -Urnm
		  sh1# mount -t tmpfs tmpfs /etc  # Mount empty tmpfs at /etc
		  sh1# mount --bind /usr /dev	  # Mount /usr at /dev
		  sh1# echo $$
		  27123

	      In a second terminal window, in the initial mount namespace,  we
	      look  at the contents of the corresponding mounts in the initial
	      and new namespaces:

		  $ PS1='sh2# ' sudo sh
		  sh2# ls /etc | wc -l			# In initial NS
		  309
		  sh2# ls /proc/27123/root/etc | wc -l	# /etc in other NS
		  0					# The empty tmpfs dir
		  sh2# ls /dev | wc -l			# In initial NS
		  205
		  sh2# ls /proc/27123/root/dev | wc -l	# /dev in other NS
		  11					# Actually bind
							# mounted to /usr
		  sh2# ls /usr | wc -l			# /usr in initial NS
		  11

	      In a multithreaded process, the contents of the /proc/[pid]/root
	      symbolic	link  are not available if the main thread has already
	      terminated (typically by calling pthread_exit(3)).

	      Permission to dereference or read	 (readlink(2))	this  symbolic
	      link     is     governed	   by	 a    ptrace	access	  mode
	      PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

       /proc/[pid]/seccomp (Linux 2.6.12 to 2.6.22)
	      This file can be used to read and change	the  process's	secure
	      computing	 (seccomp)  mode  setting.  It contains the value 0 if
	      the process is not in seccomp mode, and 1 if the process	is  in
	      strict  seccomp  mode  (see seccomp(2)).	Writing 1 to this file
	      places the process irreversibly in strict seccomp	 mode.	 (Fur‐
	      ther attempts to write to the file fail with the EPERM error.)

	      In  Linux	 2.6.23,  this	file  went away, to be replaced by the
	      prctl(2) PR_GET_SECCOMP and PR_SET_SECCOMP operations (and later
	      by seccomp(2) and the Seccomp field in /proc/[pid]/status).

       /proc/[pid]/setgroups (since Linux 3.19)
	      See user_namespaces(7).

       /proc/[pid]/smaps (since Linux 2.6.14)
	      This  file  shows	 memory	 consumption for each of the process's
	      mappings.	 (The pmap(1) command displays similar information, in
	      a	 form that may be easier for parsing.)	For each mapping there
	      is a series of lines such as the following:

		  00400000-0048a000 r-xp 00000000 fd:03 960637	     /bin/bash
		  Size:		       552 kB
		  Rss:		       460 kB
		  Pss:		       100 kB
		  Shared_Clean:	       452 kB
		  Shared_Dirty:		 0 kB
		  Private_Clean:	 8 kB
		  Private_Dirty:	 0 kB
		  Referenced:	       460 kB
		  Anonymous:		 0 kB
		  AnonHugePages:	 0 kB
		  ShmemHugePages:	 0 kB
		  ShmemPmdMapped:	 0 kB
		  Swap:			 0 kB
		  KernelPageSize:	 4 kB
		  MMUPageSize:		 4 kB
		  KernelPageSize:	 4 kB
		  MMUPageSize:		 4 kB
		  Locked:		 0 kB
		  ProtectionKey:	 0
		  VmFlags: rd ex mr mw me dw

	      The first of these lines shows the same information as  is  dis‐
	      played for the mapping in /proc/[pid]/maps.  The following lines
	      show the size of the mapping, the amount of the mapping that  is
	      currently	 resident  in  RAM ("Rss"), the process's proportional
	      share of this mapping ("Pss"), the number	 of  clean  and	 dirty
	      shared  pages  in the mapping, and the number of clean and dirty
	      private pages in the mapping.  "Referenced" indicates the amount
	      of  memory  currently marked as referenced or accessed.  "Anony‐
	      mous" shows the amount of memory that does  not  belong  to  any
	      file.   "Swap"  shows how much would-be-anonymous memory is also
	      used, but out on swap.

	      The "KernelPageSize" line (available since Linux 2.6.29) is  the
	      page  size  used	by the kernel to back the virtual memory area.
	      This matches the size used by the MMU in the majority of	cases.
	      However,	one  counter-example occurs on PPC64 kernels whereby a
	      kernel using 64kB as a base page size may still  use  4kB	 pages
	      for  the	MMU  on	 older	processors.   To  distinguish  the two
	      attributes, the "MMUPageSize" line (also available  since	 Linux
	      2.6.29) reports the page size used by the MMU.

	      The  "Locked"  indicates whether the mapping is locked in memory
	      or not.

	      The "ProtectionKey" line (available  since  Linux	 4.9,  on  x86
	      only)  contains the memory protection key (see pkeys(7)) associ‐
	      ated with the virtual memory area.  This entry is	 present  only
	      if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
	      TION_KEYS configuration option.

	      The "VmFlags" line (available since Linux	 3.8)  represents  the
	      kernel  flags  associated	 with the virtual memory area, encoded
	      using the following two-letter codes:

		  rd  - readable
		  wr  - writable
		  ex  - executable
		  sh  - shared
		  mr  - may read
		  mw  - may write
		  me  - may execute
		  ms  - may share
		  gd  - stack segment grows down
		  pf  - pure PFN range
		  dw  - disabled write to the mapped file
		  lo  - pages are locked in memory
		  io  - memory mapped I/O area
		  sr  - sequential read advise provided
		  rr  - random read advise provided
		  dc  - do not copy area on fork
		  de  - do not expand area on remapping
		  ac  - area is accountable
		  nr  - swap space is not reserved for the area
		  ht  - area uses huge tlb pages
		  nl  - non-linear mapping
		  ar  - architecture specific flag
		  dd  - do not include area into core dump
		  sd  - soft-dirty flag
		  mm  - mixed map area
		  hg  - huge page advise flag
		  nh  - no-huge page advise flag
		  mg  - mergeable advise flag

	      "ProtectionKey" field contains the memory	 protection  key  (see
	      pkeys(5)) associated with the virtual memory area.  Present only
	      if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
	      TION_KEYS configuration option. (since Linux 4.6)

	      The   /proc/[pid]/smaps	file  is  present  only	 if  the  CON‐
	      FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.

       /proc/[pid]/stack (since Linux 2.6.29)
	      This file provides a symbolic trace of  the  function  calls  in
	      this  process's kernel stack.  This file is provided only if the
	      kernel  was  built  with	the  CONFIG_STACKTRACE	 configuration
	      option.

	      Permission  to  access  this file is governed by a ptrace access
	      mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).

       /proc/[pid]/stat
	      Status information about the process.  This is  used  by	ps(1).
	      It is defined in the kernel source file fs/proc/array.c.

	      The  fields,  in order, with their proper scanf(3) format speci‐
	      fiers, are listed below.	Whether or not certain of these fields
	      display  valid  information  is governed by a ptrace access mode
	      PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT check  (refer  to
	      ptrace(2)).  If the check denies access, then the field value is
	      displayed as 0.  The affected  fields  are  indicated  with  the
	      marking [PT].

	      (1) pid  %d
			The process ID.

	      (2) comm	%s
			The  filename of the executable, in parentheses.  This
			is visible whether or not the  executable  is  swapped
			out.

	      (3) state	 %c
			One  of	 the  following characters, indicating process
			state:

			R  Running

			S  Sleeping in an interruptible wait

			D  Waiting in uninterruptible disk sleep

			Z  Zombie

			T  Stopped (on a  signal)  or  (before	Linux  2.6.33)
			   trace stopped

			t  Tracing stop (Linux 2.6.33 onward)

			W  Paging (only before Linux 2.6.0)

			X  Dead (from Linux 2.6.0 onward)

			x  Dead (Linux 2.6.33 to 3.13 only)

			K  Wakekill (Linux 2.6.33 to 3.13 only)

			W  Waking (Linux 2.6.33 to 3.13 only)

			P  Parked (Linux 3.9 to 3.13 only)

	      (4) ppid	%d
			The PID of the parent of this process.

	      (5) pgrp	%d
			The process group ID of the process.

	      (6) session  %d
			The session ID of the process.

	      (7) tty_nr  %d
			The  controlling  terminal of the process.  (The minor
			device number is contained in the combination of  bits
			31  to	20  and	 7 to 0; the major device number is in
			bits 15 to 8.)

	      (8) tpgid	 %d
			The ID of the foreground process group of the control‐
			ling terminal of the process.

	      (9) flags	 %u
			The  kernel  flags word of the process.	 For bit mean‐
			ings, see the PF_* defines in the Linux kernel	source
			file  include/linux/sched.h.   Details	depend	on the
			kernel version.

			The format for this field was %lu before Linux 2.6.

	      (10) minflt  %lu
			The number of minor faults the process has made	 which
			have not required loading a memory page from disk.

	      (11) cminflt  %lu
			The  number of minor faults that the process's waited-
			for children have made.

	      (12) majflt  %lu
			The number of major faults the process has made	 which
			have required loading a memory page from disk.

	      (13) cmajflt  %lu
			The  number of major faults that the process's waited-
			for children have made.

	      (14) utime  %lu
			Amount of time that this process has been scheduled in
			user   mode,   measured	 in  clock  ticks  (divide  by
			sysconf(_SC_CLK_TCK)).	 This  includes	 guest	 time,
			guest_time  (time  spent  running  a  virtual CPU, see
			below), so that applications that are not aware of the
			guest time field do not lose that time from their cal‐
			culations.

	      (15) stime  %lu
			Amount of time that this process has been scheduled in
			kernel	mode,  measured	 in  clock  ticks  (divide  by
			sysconf(_SC_CLK_TCK)).

	      (16) cutime  %ld
			Amount of time that this process's waited-for children
			have  been  scheduled  in user mode, measured in clock
			ticks (divide  by  sysconf(_SC_CLK_TCK)).   (See  also
			times(2).)   This  includes  guest  time,  cguest_time
			(time spent running a virtual CPU, see below).

	      (17) cstime  %ld
			Amount of time that this process's waited-for children
			have  been scheduled in kernel mode, measured in clock
			ticks (divide by sysconf(_SC_CLK_TCK)).

	      (18) priority  %ld
			(Explanation for Linux 2.6) For	 processes  running  a
			real-time   scheduling	 policy	  (policy  below;  see
			sched_setscheduler(2)), this is the negated scheduling
			priority, minus one; that is, a number in the range -2
			to -100, corresponding to real-time  priorities	 1  to
			99.   For  processes  running  under  a	 non-real-time
			scheduling policy, this is the raw nice value (setpri‐
			ority(2))  as  represented  in the kernel.  The kernel
			stores nice values as numbers in the range 0 (high) to
			39 (low), corresponding to the user-visible nice range
			of -20 to 19.

			Before Linux 2.6, this was a scaled value based on the
			scheduler weighting given to this process.

	      (19) nice	 %ld
			The  nice  value  (see setpriority(2)), a value in the
			range 19 (low priority) to -20 (high priority).

	      (20) num_threads	%ld
			Number of threads in this process (since  Linux	 2.6).
			Before kernel 2.6, this field was hard coded to 0 as a
			placeholder for an earlier removed field.

	      (21) itrealvalue	%ld
			The time in jiffies before the next SIGALRM is sent to
			the  process  due  to an interval timer.  Since kernel
			2.6.17, this field is no  longer  maintained,  and  is
			hard coded as 0.

	      (22) starttime  %llu
			The  time  the	process started after system boot.  In
			kernels before Linux 2.6, this value was expressed  in
			jiffies.   Since  Linux 2.6, the value is expressed in
			clock ticks (divide by sysconf(_SC_CLK_TCK)).

			The format for this field was %lu before Linux 2.6.

	      (23) vsize  %lu
			Virtual memory size in bytes.

	      (24) rss	%ld
			Resident Set Size: number of pages the process has  in
			real  memory.	This  is  just	the  pages which count
			toward text, data, or  stack  space.   This  does  not
			include pages which have not been demand-loaded in, or
			which are swapped out.

	      (25) rsslim  %lu
			Current soft limit in bytes on the rss of the process;
			see the description of RLIMIT_RSS in getrlimit(2).

	      (26) startcode  %lu  [PT]
			The address above which program text can run.

	      (27) endcode  %lu	 [PT]
			The address below which program text can run.

	      (28) startstack  %lu  [PT]
			The address of the start (i.e., bottom) of the stack.

	      (29) kstkesp  %lu	 [PT]
			The  current value of ESP (stack pointer), as found in
			the kernel stack page for the process.

	      (30) kstkeip  %lu	 [PT]
			The current EIP (instruction pointer).

	      (31) signal  %lu
			The bitmap of pending signals, displayed as a  decimal
			number.	  Obsolete, because it does not provide infor‐
			mation on real-time  signals;  use  /proc/[pid]/status
			instead.

	      (32) blocked  %lu
			The  bitmap of blocked signals, displayed as a decimal
			number.	 Obsolete, because it does not provide	infor‐
			mation	on  real-time  signals; use /proc/[pid]/status
			instead.

	      (33) sigignore  %lu
			The bitmap of ignored signals, displayed as a  decimal
			number.	  Obsolete, because it does not provide infor‐
			mation on real-time  signals;  use  /proc/[pid]/status
			instead.

	      (34) sigcatch  %lu
			The  bitmap  of caught signals, displayed as a decimal
			number.	 Obsolete, because it does not provide	infor‐
			mation	on  real-time  signals; use /proc/[pid]/status
			instead.

	      (35) wchan  %lu  [PT]
			This is the "channel" in which the process is waiting.
			It  is	the  address of a location in the kernel where
			the process is sleeping.  The  corresponding  symbolic
			name can be found in /proc/[pid]/wchan.

	      (36) nswap  %lu
			Number of pages swapped (not maintained).

	      (37) cnswap  %lu
			Cumulative nswap for child processes (not maintained).

	      (38) exit_signal	%d  (since Linux 2.1.22)
			Signal to be sent to parent when we die.

	      (39) processor  %d  (since Linux 2.2.8)
			CPU number last executed on.

	      (40) rt_priority	%u  (since Linux 2.5.19)
			Real-time scheduling priority, a number in the range 1
			to 99 for processes scheduled under a  real-time  pol‐
			icy,   or   0,	 for   non-real-time   processes  (see
			sched_setscheduler(2)).

	      (41) policy  %u  (since Linux 2.5.19)
			Scheduling policy (see sched_setscheduler(2)).	Decode
			using the SCHED_* constants in linux/sched.h.

			The format for this field was %lu before Linux 2.6.22.

	      (42) delayacct_blkio_ticks  %llu	(since Linux 2.6.18)
			Aggregated  block  I/O delays, measured in clock ticks
			(centiseconds).

	      (43) guest_time  %lu  (since Linux 2.6.24)
			Guest time of the process (time spent running  a  vir‐
			tual  CPU  for	a guest operating system), measured in
			clock ticks (divide by sysconf(_SC_CLK_TCK)).

	      (44) cguest_time	%ld  (since Linux 2.6.24)
			Guest time of  the  process's  children,  measured  in
			clock ticks (divide by sysconf(_SC_CLK_TCK)).

	      (45) start_data  %lu  (since Linux 3.3)  [PT]
			Address above which program initialized and uninitial‐
			ized (BSS) data are placed.

	      (46) end_data  %lu  (since Linux 3.3)  [PT]
			Address below which program initialized and uninitial‐
			ized (BSS) data are placed.

	      (47) start_brk  %lu  (since Linux 3.3)  [PT]
			Address	 above which program heap can be expanded with
			brk(2).

	      (48) arg_start  %lu  (since Linux 3.5)  [PT]
			Address above  which  program  command-line  arguments
			(argv) are placed.

	      (49) arg_end  %lu	 (since Linux 3.5)  [PT]
			Address	 below	program	 command-line arguments (argv)
			are placed.

	      (50) env_start  %lu  (since Linux 3.5)  [PT]
			Address above which program environment is placed.

	      (51) env_end  %lu	 (since Linux 3.5)  [PT]
			Address below which program environment is placed.

	      (52) exit_code  %d  (since Linux 3.5)  [PT]
			The thread's exit status in the form reported by wait‐
			pid(2).

       /proc/[pid]/statm
	      Provides information about memory usage, measured in pages.  The
	      columns are:

		  size	     (1) total program size
			     (same as VmSize in /proc/[pid]/status)
		  resident   (2) resident set size
			     (same as VmRSS in /proc/[pid]/status)
		  shared     (3) number of resident shared pages (i.e., backed by a file)
			     (same as RssFile+RssShmem in /proc/[pid]/status)
		  text	     (4) text (code)
		  lib	     (5) library (unused since Linux 2.6; always 0)
		  data	     (6) data + stack
		  dt	     (7) dirty pages (unused since Linux 2.6; always 0)

       /proc/[pid]/status
	      Provides	much  of  the  information  in	/proc/[pid]/stat   and
	      /proc/[pid]/statm in a format that's easier for humans to parse.
	      Here's an example:

		  $ cat /proc/$$/status
		  Name:	  bash
		  Umask:  0022
		  State:  S (sleeping)
		  Tgid:	  17248
		  Ngid:	  0
		  Pid:	  17248
		  PPid:	  17200
		  TracerPid:	  0
		  Uid:	  1000	  1000	  1000	  1000
		  Gid:	  100	  100	  100	  100
		  FDSize: 256
		  Groups: 16 33 100
		  NStgid: 17248
		  NSpid:  17248
		  NSpgid: 17248
		  NSsid:  17200
		  VmPeak:     131168 kB
		  VmSize:     131168 kB
		  VmLck:	   0 kB
		  VmPin:	   0 kB
		  VmHWM:       13484 kB
		  VmRSS:       13484 kB
		  RssAnon:     10264 kB
		  RssFile:	3220 kB
		  RssShmem:	   0 kB
		  VmData:      10332 kB
		  VmStk:	 136 kB
		  VmExe:	 992 kB
		  VmLib:	2104 kB
		  VmPTE:	  76 kB
		  VmPMD:	  12 kB
		  VmSwap:	   0 kB
		  HugetlbPages:		 0 kB	     # 4.4
		  Threads:	  1
		  SigQ:	  0/3067
		  SigPnd: 0000000000000000
		  ShdPnd: 0000000000000000
		  SigBlk: 0000000000010000
		  SigIgn: 0000000000384004
		  SigCgt: 000000004b813efb
		  CapInh: 0000000000000000
		  CapPrm: 0000000000000000
		  CapEff: 0000000000000000
		  CapBnd: ffffffffffffffff
		  CapAmb:   0000000000000000
		  NoNewPrivs:	  0
		  Seccomp:	  0
		  Cpus_allowed:	  00000001
		  Cpus_allowed_list:	  0
		  Mems_allowed:	  1
		  Mems_allowed_list:	  0
		  voluntary_ctxt_switches:	  150
		  nonvoluntary_ctxt_switches:	  545

	      The fields are as follows:

	      * Name: Command run by this process.

	      * Umask: Process umask, expressed in octal with a leading	 zero;
		see umask(2).  (Since Linux 4.7.)

	      * State: Current state of the process.  One of "R (running)", "S
		(sleeping)", "D (disk  sleep)",	 "T  (stopped)",  "T  (tracing
		stop)", "Z (zombie)", or "X (dead)".

	      * Tgid: Thread group ID (i.e., Process ID).

	      * Ngid: NUMA group ID (0 if none; since Linux 3.13).

	      * Pid: Thread ID (see gettid(2)).

	      * PPid: PID of parent process.

	      * TracerPid: PID of process tracing this process (0 if not being
		traced).

	      * Uid, Gid: Real, effective,  saved  set,	 and  filesystem  UIDs
		(GIDs).

	      * FDSize: Number of file descriptor slots currently allocated.

	      * Groups: Supplementary group list.

	      * NStgid : Thread group ID (i.e., PID) in each of the PID names‐
		paces of which [pid] is a member.  The	leftmost  entry	 shows
		the  value  with  respect  to the PID namespace of the reading
		process, followed by the value in  successively	 nested	 inner
		namespaces.  (Since Linux 4.1.)

	      * NSpid:	Thread ID in each of the PID namespaces of which [pid]
		is a member.  The fields are ordered as	 for  NStgid.	(Since
		Linux 4.1.)

	      * NSpgid:	 Process  group	 ID  in	 each of the PID namespaces of
		which [pid] is a member.  The fields are ordered as  for  NSt‐
		gid.  (Since Linux 4.1.)

	      * NSsid: descendant namespace session ID hierarchy Session ID in
		each of the PID namespaces of which [pid] is  a	 member.   The
		fields are ordered as for NStgid.  (Since Linux 4.1.)

	      * VmPeak: Peak virtual memory size.

	      * VmSize: Virtual memory size.

	      * VmLck: Locked memory size (see mlock(3)).

	      * VmPin:	Pinned memory size (since Linux 3.2).  These are pages
		that can't be moved because something needs to directly access
		physical memory.

	      * VmHWM: Peak resident set size ("high water mark").

	      * VmRSS: Resident set size.  Note that the value here is the sum
		of RssAnon, RssFile, and RssShmem.

	      * RssAnon: Size of  resident  anonymous  memory.	 (since	 Linux
		4.5).

	      * RssFile: Size of resident file mappings.  (since Linux 4.5).

	      * RssShmem:  Size	 of  resident shared memory (includes System V
		shared memory, mappings from tmpfs(5),	and  shared  anonymous
		mappings).  (since Linux 4.5).

	      * VmData, VmStk, VmExe: Size of data, stack, and text segments.

	      * VmLib: Shared library code size.

	      * VmPTE: Page table entries size (since Linux 2.6.10).

	      * VmPMD: Size of second-level page tables (since Linux 4.0).

	      * VmSwap:	 Swapped-out  virtual memory size by anonymous private
		pages; shmem swap usage is not included (since Linux 2.6.34).

	      * HugetlbPages: Size of hugetlb memory portions.	 (since	 Linux
		4.4).

	      * Threads: Number of threads in process containing this thread.

	      * SigQ:  This  field  contains  two slash-separated numbers that
		relate to queued signals for the real user ID of this process.
		The  first  of these is the number of currently queued signals
		for this real user ID, and the second is the resource limit on
		the  number  of	 queued	 signals  for  this  process  (see the
		description of RLIMIT_SIGPENDING in getrlimit(2)).

	      * SigPnd, ShdPnd: Number of signals pending for thread  and  for
		process as a whole (see pthreads(7) and signal(7)).

	      * SigBlk,	  SigIgn,   SigCgt:  Masks  indicating	signals	 being
		blocked, ignored, and caught (see signal(7)).

	      * CapInh, CapPrm,	 CapEff:  Masks	 of  capabilities  enabled  in
		inheritable,  permitted,  and  effective  sets	(see capabili‐
		ties(7)).

	      * CapBnd: Capability Bounding set (since Linux 2.6.26, see capa‐
		bilities(7)).

	      * CapAmb: Ambient capability set (since Linux 4.3, see capabili‐
		ties(7)).

	      * NoNewPrivs: Value of the no_new_privs bit (since  Linux	 4.10,
		see prctl(2)).

	      * Seccomp:  Seccomp  mode	 of  the process (since Linux 3.8, see
		seccomp(2)).  0	 means	SECCOMP_MODE_DISABLED;	1  means  SEC‐
		COMP_MODE_STRICT;  2 means SECCOMP_MODE_FILTER.	 This field is
		provided only if the kernel was built with the	CONFIG_SECCOMP
		kernel configuration option enabled.

	      * Cpus_allowed:  Mask  of	 CPUs  on  which  this process may run
		(since Linux 2.6.24, see cpuset(7)).

	      * Cpus_allowed_list: Same as  previous,  but  in	"list  format"
		(since Linux 2.6.26, see cpuset(7)).

	      * Mems_allowed:  Mask  of	 memory	 nodes allowed to this process
		(since Linux 2.6.24, see cpuset(7)).

	      * Mems_allowed_list: Same as  previous,  but  in	"list  format"
		(since Linux 2.6.26, see cpuset(7)).

	      * voluntary_ctxt_switches, nonvoluntary_ctxt_switches: Number of
		voluntary  and	involuntary  context  switches	(since	 Linux
		2.6.23).

       /proc/[pid]/syscall (since Linux 2.6.27)
	      This  file exposes the system call number and argument registers
	      for the system call currently being  executed  by	 the  process,
	      followed	by the values of the stack pointer and program counter
	      registers.   The	values	of  all	 six  argument	registers  are
	      exposed, although most system calls use fewer registers.

	      If  the  process	is blocked, but not in a system call, then the
	      file displays -1 in place of the system call number, followed by
	      just  the	 values	 of the stack pointer and program counter.  If
	      process is not blocked, then the file contains just  the	string
	      "running".

	      This file is present only if the kernel was configured with CON‐
	      FIG_HAVE_ARCH_TRACEHOOK.

	      Permission to access this file is governed by  a	ptrace	access
	      mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).

       /proc/[pid]/task (since Linux 2.6.0-test6)
	      This  is	a  directory  that  contains one subdirectory for each
	      thread in the process.  The name of  each	 subdirectory  is  the
	      numerical	 thread	 ID  ([tid])  of  the  thread (see gettid(2)).
	      Within each of these subdirectories, there is  a	set  of	 files
	      with the same names and contents as under the /proc/[pid] direc‐
	      tories.  For attributes that are shared by all threads, the con‐
	      tents  for each of the files under the task/[tid] subdirectories
	      will be the same as in the  corresponding	 file  in  the	parent
	      /proc/[pid]  directory (e.g., in a multithreaded process, all of
	      the task/[tid]/cwd  files	 will  have  the  same	value  as  the
	      /proc/[pid]/cwd  file  in the parent directory, since all of the
	      threads in a process share a working directory).	For attributes
	      that are distinct for each thread, the corresponding files under
	      task/[tid] may have different values (e.g.,  various  fields  in
	      each  of	the  task/[tid]/status files may be different for each
	      thread), or they might not exist in /proc/[pid] at  all.	 In  a
	      multithreaded  process,  the  contents  of  the /proc/[pid]/task
	      directory are not available if the main thread has already  ter‐
	      minated (typically by calling pthread_exit(3)).

       /proc/[pid]/task/[tid]/children (since Linux 3.5)
	      A	 space-separated list of child tasks of this task.  Each child
	      task is represented by its TID.

	      This option is intended for use by the checkpoint-restore (CRIU)
	      system,  and reliably provides a list of children only if all of
	      the child processes are stopped or frozen.   It  does  not  work
	      properly	if  children of the target task exit while the file is
	      being read!  Exiting children may cause non-exiting children  to
	      be  omitted  from the list.  This makes this interface even more
	      unreliable than classic PID-based approaches  if	the  inspected
	      task and its children aren't frozen, and most code should proba‐
	      bly not use this interface.

	      Until Linux 4.2, the presence of this file was governed  by  the
	      CONFIG_CHECKPOINT_RESTORE	 kernel	 configuration	option.	 Since
	      Linux 4.2, it is governed by the CONFIG_PROC_CHILDREN option.

       /proc/[pid]/timers (since Linux 3.10)
	      A list of the POSIX timers for  this  process.   Each  timer  is
	      listed with a line that starts with the string "ID:".  For exam‐
	      ple:

		  ID: 1
		  signal: 60/00007fff86e452a8
		  notify: signal/pid.2634
		  ClockID: 0
		  ID: 0
		  signal: 60/00007fff86e452a8
		  notify: signal/pid.2634
		  ClockID: 1

	      The lines shown for each timer have the following meanings:

	      ID     The ID for this timer.  This is not the same as the timer
		     ID	 returned  by  timer_create(2); rather, it is the same
		     kernel-internal ID that is available via  the  si_timerid
		     field of the siginfo_t structure (see sigaction(2)).

	      signal This is the signal number that this timer uses to deliver
		     notifications  followed  by  a  slash,   and   then   the
		     sigev_value  value supplied to the signal handler.	 Valid
		     only for timers that notify via a signal.

	      notify The part before the slash specifies  the  mechanism  that
		     this  timer  uses to deliver notifications, and is one of
		     "thread", "signal", or "none".  Immediately following the
		     slash   is	 either	 the  string  "tid"  for  timers  with
		     SIGEV_THREAD_ID notification, or "pid"  for  timers  that
		     notify by other mechanisms.  Following the "." is the PID
		     of the process (or the kernel thread ID  of  the  thread)
		     that  will	 be  delivered	a signal if the timer delivers
		     notifications via a signal.

	      ClockID
		     This field identifies the clock that the timer  uses  for
		     measuring	time.	For most clocks, this is a number that
		     matches one of the user-space CLOCK_*  constants  exposed
		     via  <time.h>.   CLOCK_PROCESS_CPUTIME_ID	timers display
		     with    a	  value	   of	 -6	in     this	field.
		     CLOCK_THREAD_CPUTIME_ID timers display with a value of -2
		     in this field.

	      This file is available only when the kernel was configured  with
	      CONFIG_CHECKPOINT_RESTORE.

       /proc/[pid]/timerslack_ns (since Linux 4.6)
	      This  file  exposes  the	process's "current" timer slack value,
	      expressed in nanoseconds.	 The file is  writable,	 allowing  the
	      process's	 timer	slack  value to be changed.  Writing 0 to this
	      file resets the "current" timer slack  to	 the  "default"	 timer
	      slack  value.   For  further  details,  see  the	discussion  of
	      PR_SET_TIMERSLACK in prctl(2).

	      Initially, permission to access this  file  was  governed	 by  a
	      ptrace   access	mode   PTRACE_MODE_ATTACH_FSCREDS  check  (see
	      ptrace(2)).  However, this was subsequently deemed too strict  a
	      requirement (and had the side effect that requiring a process to
	      have the CAP_SYS_PTRACE capability would also allow it  to  view
	      and  change  any process's memory).  Therefore, since Linux 4.9,
	      only the (weaker) CAP_SYS_NICE capability is required to	access
	      this file.

       /proc/[pid]/uid_map, /proc/[pid]/gid_map (since Linux 3.5)
	      See user_namespaces(7).

       /proc/[pid]/wchan (since Linux 2.6.0)
	      The  symbolic  name  corresponding to the location in the kernel
	      where the process is sleeping.

	      Permission to access this file is governed by  a	ptrace	access
	      mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).

       /proc/apm
	      Advanced	power  management version and battery information when
	      CONFIG_APM is defined at kernel compilation time.

       /proc/buddyinfo
	      This file contains information which is used for diagnosing mem‐
	      ory fragmentation issues.	 Each line starts with the identifica‐
	      tion of the node and the name of the zone which  together	 iden‐
	      tify  a  memory  region  This  is	 then followed by the count of
	      available chunks of a certain order in  which  these  zones  are
	      split.   The  size  in  bytes of a certain order is given by the
	      formula:

		  (2^order) * PAGE_SIZE

	      The binary buddy allocator  algorithm  inside  the  kernel  will
	      split  one  chunk	 into two chunks of a smaller order (thus with
	      half the size) or combine two contiguous chunks into one	larger
	      chunk  of	 a higher order (thus with double the size) to satisfy
	      allocation requests and to counter  memory  fragmentation.   The
	      order matches the column number, when starting to count at zero.

	      For example on an x86-64 system:

  Node 0, zone	   DMA	   1	1    1	  0    2    1	 1    0	   1	1    3
  Node 0, zone	 DMA32	  65   47    4	 81   52   28	13   10	   5	1  404
  Node 0, zone	Normal	 216   55  189	101   84   38	37   27	   5	3  587

	      In  this	example,  there is one node containing three zones and
	      there are 11 different chunk sizes.  If the page size is 4 kilo‐
	      bytes,  then  the	 first	zone  called  DMA (on x86 the first 16
	      megabyte of memory) has 1 chunk of 4 kilobytes (order 0)	avail‐
	      able and has 3 chunks of 4 megabytes (order 10) available.

	      If  the  memory  is  heavily fragmented, the counters for higher
	      order chunks will be zero and  allocation	 of  large  contiguous
	      areas will fail.

	      Further  information about the zones can be found in /proc/zone‐
	      info.

       /proc/bus
	      Contains subdirectories for installed busses.

       /proc/bus/pccard
	      Subdirectory for PCMCIA devices when  CONFIG_PCMCIA  is  set  at
	      kernel compilation time.

       /proc/bus/pccard/drivers

       /proc/bus/pci
	      Contains	various bus subdirectories and pseudo-files containing
	      information about PCI  busses,  installed	 devices,  and	device
	      drivers.	Some of these files are not ASCII.

       /proc/bus/pci/devices
	      Information  about  PCI  devices.	  They may be accessed through
	      lspci(8) and setpci(8).

       /proc/cgroups (since Linux 2.6.24)
	      See cgroups(7).

       /proc/cmdline
	      Arguments passed to the Linux kernel at boot time.   Often  done
	      via a boot manager such as lilo(8) or grub(8).

       /proc/config.gz (since Linux 2.6)
	      This  file  exposes  the configuration options that were used to
	      build the currently running kernel, in the same format  as  they
	      would  be shown in the .config file that resulted when configur‐
	      ing the kernel (using make xconfig, make	config,	 or  similar).
	      The  file	 contents  are	compressed;  view or search them using
	      zcat(1) and zgrep(1).  As long as no changes have been  made  to
	      the following file, the contents of /proc/config.gz are the same
	      as those provided by:

		  cat /lib/modules/$(uname -r)/build/.config

	      /proc/config.gz is provided only if  the	kernel	is  configured
	      with CONFIG_IKCONFIG_PROC.

       /proc/crypto
	      A	 list  of  the ciphers provided by the kernel crypto API.  For
	      details, see the kernel Linux Kernel  Crypto  API	 documentation
	      available	  under	  the	kernel	 source	 directory  Documenta‐
	      tion/crypto/ (or Documentation/DocBook before 4.10; the documen‐
	      tation can be built using a command such as make htmldocs in the
	      root directory of the kernel source tree).

       /proc/cpuinfo
	      This is a collection of CPU and  system  architecture  dependent
	      items,  for  each	 supported architecture a different list.  Two
	      common  entries  are  processor  which  gives  CPU  number   and
	      bogomips;	 a  system  constant  that is calculated during kernel
	      initialization.  SMP machines have  information  for  each  CPU.
	      The lscpu(1) command gathers its information from this file.

       /proc/devices
	      Text  listing  of	 major numbers and device groups.  This can be
	      used by MAKEDEV scripts for consistency with the kernel.

       /proc/diskstats (since Linux 2.5.69)
	      This file contains disk I/O statistics  for  each	 disk  device.
	      See  the	Linux kernel source file Documentation/iostats.txt for
	      further information.

       /proc/dma
	      This is a list of the registered ISA DMA (direct memory  access)
	      channels in use.

       /proc/driver
	      Empty subdirectory.

       /proc/execdomains
	      List of the execution domains (ABI personalities).

       /proc/fb
	      Frame buffer information when CONFIG_FB is defined during kernel
	      compilation.

       /proc/filesystems
	      A text listing of the filesystems which  are  supported  by  the
	      kernel,  namely  filesystems which were compiled into the kernel
	      or  whose	 kernel	 modules  are  currently  loaded.   (See  also
	      filesystems(5).)	 If  a filesystem is marked with "nodev", this
	      means that it does not require a	block  device  to  be  mounted
	      (e.g., virtual filesystem, network filesystem).

	      Incidentally, this file may be used by mount(8) when no filesys‐
	      tem is specified and it didn't manage to determine the  filesys‐
	      tem  type.   Then	 filesystems  contained in this file are tried
	      (excepted those that are marked with "nodev").

       /proc/fs
	      Contains subdirectories that in turn contain files with informa‐
	      tion about (certain) mounted filesystems.

       /proc/ide
	      This  directory  exists  on systems with the IDE bus.  There are
	      directories for each IDE channel	and  attached  device.	 Files
	      include:

		  cache		     buffer size in KB
		  capacity	     number of sectors
		  driver	     driver version
		  geometry	     physical and logical geometry
		  identify	     in hexadecimal
		  media		     media type
		  model		     manufacturer's model number
		  settings	     drive settings
		  smart_thresholds   in hexadecimal
		  smart_values	     in hexadecimal

	      The  hdparm(8)  utility provides access to this information in a
	      friendly format.

       /proc/interrupts
	      This is used to record the number of interrupts per CPU  per  IO
	      device.	Since  Linux 2.6.24, for the i386 and x86-64 architec‐
	      tures, at least, this also includes interrupts internal  to  the
	      system  (that is, not associated with a device as such), such as
	      NMI (nonmaskable interrupt), LOC (local  timer  interrupt),  and
	      for  SMP	systems,  TLB (TLB flush interrupt), RES (rescheduling
	      interrupt), CAL (remote function call interrupt),	 and  possibly
	      others.  Very easy to read formatting, done in ASCII.

       /proc/iomem
	      I/O memory map in Linux 2.4.

       /proc/ioports
	      This is a list of currently registered Input-Output port regions
	      that are in use.

       /proc/kallsyms (since Linux 2.5.71)
	      This holds the kernel exported symbol definitions	 used  by  the
	      modules(X)  tools to dynamically link and bind loadable modules.
	      In Linux 2.5.47 and earlier, a similar file with	slightly  dif‐
	      ferent syntax was named ksyms.

       /proc/kcore
	      This  file  represents  the physical memory of the system and is
	      stored in the ELF core file format.  With this pseudo-file,  and
	      an unstripped kernel (/usr/src/linux/vmlinux) binary, GDB can be
	      used to examine the current state of any kernel data structures.

	      The total length of the file is  the  size  of  physical	memory
	      (RAM) plus 4 KiB.

       /proc/keys (since Linux 2.6.10)
	      See keyrings(7).

       /proc/key-users (since Linux 2.6.10)
	      See keyrings(7).

       /proc/kmsg
	      This  file  can  be used instead of the syslog(2) system call to
	      read kernel messages.  A process must have superuser  privileges
	      to  read	this file, and only one process should read this file.
	      This file should not be read if  a  syslog  process  is  running
	      which uses the syslog(2) system call facility to log kernel mes‐
	      sages.

	      Information in this file is retrieved with the dmesg(1) program.

       /proc/kpagecgroup (since Linux 4.3)
	      This file contains a 64-bit inode number of  the	memory	cgroup
	      each  page  is charged to, indexed by page frame number (see the
	      discussion of /proc/[pid]/pagemap).

	      The /proc/kpagecgroup file is present only if  the  CONFIG_MEMCG
	      kernel configuration option is enabled.

       /proc/kpagecount (since Linux 2.6.25)
	      This  file  contains  a 64-bit count of the number of times each
	      physical page frame is mapped, indexed by page frame number (see
	      the discussion of /proc/[pid]/pagemap).

	      The   /proc/kpagecount   file   is  present  only	 if  the  CON‐
	      FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.

       /proc/kpageflags (since Linux 2.6.25)
	      This file contains 64-bit masks corresponding to	each  physical
	      page  frame; it is indexed by page frame number (see the discus‐
	      sion of /proc/[pid]/pagemap).  The bits are as follows:

		   0 - KPF_LOCKED
		   1 - KPF_ERROR
		   2 - KPF_REFERENCED
		   3 - KPF_UPTODATE
		   4 - KPF_DIRTY
		   5 - KPF_LRU
		   6 - KPF_ACTIVE
		   7 - KPF_SLAB
		   8 - KPF_WRITEBACK
		   9 - KPF_RECLAIM
		  10 - KPF_BUDDY
		  11 - KPF_MMAP		  (since Linux 2.6.31)
		  12 - KPF_ANON		  (since Linux 2.6.31)
		  13 - KPF_SWAPCACHE	  (since Linux 2.6.31)
		  14 - KPF_SWAPBACKED	  (since Linux 2.6.31)
		  15 - KPF_COMPOUND_HEAD  (since Linux 2.6.31)
		  16 - KPF_COMPOUND_TAIL  (since Linux 2.6.31)
		  17 - KPF_HUGE		  (since Linux 2.6.31)
		  18 - KPF_UNEVICTABLE	  (since Linux 2.6.31)
		  19 - KPF_HWPOISON	  (since Linux 2.6.31)
		  20 - KPF_NOPAGE	  (since Linux 2.6.31)
		  21 - KPF_KSM		  (since Linux 2.6.32)
		  22 - KPF_THP		  (since Linux 3.4)
		  23 - KPF_BALLOON	  (since Linux 3.18)
		  24 - KPF_ZERO_PAGE	  (since Linux 4.0)
		  25 - KPF_IDLE		  (since Linux 4.3)

	      For further details on the meanings of these bits, see the  ker‐
	      nel  source  file	 Documentation/vm/pagemap.txt.	 Before kernel
	      2.6.29, KPF_WRITEBACK, KPF_RECLAIM,  KPF_BUDDY,  and  KPF_LOCKED
	      did not report correctly.

	      The   /proc/kpageflags   file   is  present  only	 if  the  CON‐
	      FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.

       /proc/ksyms (Linux 1.1.23–2.5.47)
	      See /proc/kallsyms.

       /proc/loadavg
	      The first three fields in this file  are	load  average  figures
	      giving  the number of jobs in the run queue (state R) or waiting
	      for disk I/O (state D) averaged over 1, 5, and 15 minutes.  They
	      are  the same as the load average numbers given by uptime(1) and
	      other programs.  The fourth field consists of two numbers	 sepa‐
	      rated  by a slash (/).  The first of these is the number of cur‐
	      rently runnable kernel scheduling entities (processes, threads).
	      The  value  after	 the  slash is the number of kernel scheduling
	      entities that currently exist on the system.  The fifth field is
	      the  PID	of  the	 process that was most recently created on the
	      system.

       /proc/locks
	      This file shows current file locks (flock(2) and	fcntl(2))  and
	      leases (fcntl(2)).

	      An example of the content shown in this file is the following:

		  1: POSIX  ADVISORY  READ  5433 08:01:7864448 128 128
		  2: FLOCK  ADVISORY  WRITE 2001 08:01:7864554 0 EOF
		  3: FLOCK  ADVISORY  WRITE 1568 00:2f:32388 0 EOF
		  4: POSIX  ADVISORY  WRITE 699 00:16:28457 0 EOF
		  5: POSIX  ADVISORY  WRITE 764 00:16:21448 0 0
		  6: POSIX  ADVISORY  READ  3548 08:01:7867240 1 1
		  7: POSIX  ADVISORY  READ  3548 08:01:7865567 1826 2335
		  8: OFDLCK ADVISORY  WRITE -1 08:01:8713209 128 191

	      The fields shown in each line are as follows:

	      (1) The ordinal position of the lock in the list.

	      (2) The lock type.  Values that may appear here include:

		  FLOCK	 This is a BSD file lock created using flock(2).

		  OFDLCK This  is  an open file description (OFD) lock created
			 using fcntl(2).

		  POSIX	 This  is  a  POSIX  byte-range	 lock  created	 using
			 fcntl(2).

	      (3) Among the strings that can appear here are the following:

		  ADVISORY
			 This is an advisory lock.

		  MANDATORY
			 This is a mandatory lock.

	      (4) The type of lock.  Values that can appear here are:

		  READ	 This  is  a  POSIX  or OFD read lock, or a BSD shared
			 lock.

		  WRITE	 This is a POSIX or OFD write lock, or a BSD exclusive
			 lock.

	      (5) The PID of the process that owns the lock.

		  Because  OFD	locks are not owned by a single process (since
		  multiple processes may have file descriptors that  refer  to
		  the  same  open file description), the value -1 is displayed
		  in this field for OFD locks.	(Before	 kernel	 4.14,	a  bug
		  meant	 that  the  PID of the process that initially acquired
		  the lock was displayed instead of the value -1.)

	      (6) Three colon-separated subfields that identify the major  and
		  minor	 device	 ID  of	 the  device containing the filesystem
		  where the locked file resides, followed by the inode	number
		  of the locked file.

	      (7) The  byte  offset  of	 the  first byte of the lock.  For BSD
		  locks, this value is always 0.

	      (8) The byte offset of the last byte of the lock.	 EOF  in  this
		  field	 means	that  the lock extends to the end of the file.
		  For BSD locks, the value shown is always EOF.

	      Since Linux 4.9, the list of locks shown in /proc/locks is  fil‐
	      tered to show just the locks for the processes in the PID names‐
	      pace (see pid_namespaces(7)) for which the /proc filesystem  was
	      mounted.	 (In  the initial PID namespace, there is no filtering
	      of the records shown in this file.)

	      The lslocks(8) command provides a	 bit  more  information	 about
	      each lock.

       /proc/malloc (only up to and including Linux 2.2)
	      This  file  is  present  only if CONFIG_DEBUG_MALLOC was defined
	      during compilation.

       /proc/meminfo
	      This file reports statistics about memory usage on  the  system.
	      It is used by free(1) to report the amount of free and used mem‐
	      ory (both physical and swap) on the system as well as the shared
	      memory  and  buffers  used by the kernel.	 Each line of the file
	      consists of a parameter name, followed by a colon, the value  of
	      the  parameter,  and an option unit of measurement (e.g., "kB").
	      The list below describes the  parameter  names  and  the	format
	      specifier	 required  to  read  the field value.  Except as noted
	      below, all of the fields have been present since at least	 Linux
	      2.6.0.  Some fields are displayed only if the kernel was config‐
	      ured with various options; those dependencies are noted  in  the
	      list.

	      MemTotal %lu
		     Total usable RAM (i.e., physical RAM minus a few reserved
		     bits and the kernel binary code).

	      MemFree %lu
		     The sum of LowFree+HighFree.

	      MemAvailable %lu (since Linux 3.14)
		     An estimate of how much memory is available for  starting
		     new applications, without swapping.

	      Buffers %lu
		     Relatively	 temporary  storage  for  raw disk blocks that
		     shouldn't get tremendously large (20MB or so).

	      Cached %lu
		     In-memory cache for files read from the  disk  (the  page
		     cache).  Doesn't include SwapCached.

	      SwapCached %lu
		     Memory  that once was swapped out, is swapped back in but
		     still also is in the swap file.  (If memory  pressure  is
		     high,  these  pages  don't	 need  to be swapped out again
		     because they are already in the swap  file.   This	 saves
		     I/O.)

	      Active %lu
		     Memory  that  has been used more recently and usually not
		     reclaimed unless absolutely necessary.

	      Inactive %lu
		     Memory which has been less recently  used.	  It  is  more
		     eligible to be reclaimed for other purposes.

	      Active(anon) %lu (since Linux 2.6.28)
		     [To be documented.]

	      Inactive(anon) %lu (since Linux 2.6.28)
		     [To be documented.]

	      Active(file) %lu (since Linux 2.6.28)
		     [To be documented.]

	      Inactive(file) %lu (since Linux 2.6.28)
		     [To be documented.]

	      Unevictable %lu (since Linux 2.6.28)
		     (From  Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU was
		     required.)	 [To be documented.]

	      Mlocked %lu (since Linux 2.6.28)
		     (From Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU  was
		     required.)	 [To be documented.]

	      HighTotal %lu
		     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
		     Total amount of highmem.  Highmem	is  all	 memory	 above
		     ~860MB  of physical memory.  Highmem areas are for use by
		     user-space programs, or for the page cache.   The	kernel
		     must  use	tricks to access this memory, making it slower
		     to access than lowmem.

	      HighFree %lu
		     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
		     Amount of free highmem.

	      LowTotal %lu
		     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
		     Total amount of lowmem.  Lowmem is memory	which  can  be
		     used  for everything that highmem can be used for, but it
		     is also available for the kernel's use for its  own  data
		     structures.   Among many other things, it is where every‐
		     thing from Slab is allocated.   Bad  things  happen  when
		     you're out of lowmem.

	      LowFree %lu
		     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
		     Amount of free lowmem.

	      MmapCopy %lu (since Linux 2.6.29)
		     (CONFIG_MMU is required.)	[To be documented.]

	      SwapTotal %lu
		     Total amount of swap space available.

	      SwapFree %lu
		     Amount of swap space that is currently unused.

	      Dirty %lu
		     Memory which is waiting to get written back to the disk.

	      Writeback %lu
		     Memory which is actively being written back to the disk.

	      AnonPages %lu (since Linux 2.6.18)
		     Non-file backed pages mapped into user-space page tables.

	      Mapped %lu
		     Files which have been mapped into memory (with  mmap(2)),
		     such as libraries.

	      Shmem %lu (since Linux 2.6.32)
		     Amount of memory consumed in tmpfs(5) filesystems.

	      Slab %lu
		     In-kernel data structures cache.  (See slabinfo(5).)

	      SReclaimable %lu (since Linux 2.6.19)
		     Part of Slab, that might be reclaimed, such as caches.

	      SUnreclaim %lu (since Linux 2.6.19)
		     Part  of  Slab,  that cannot be reclaimed on memory pres‐
		     sure.

	      KernelStack %lu (since Linux 2.6.32)
		     Amount of memory allocated to kernel stacks.

	      PageTables %lu (since Linux 2.6.18)
		     Amount of memory dedicated to the lowest  level  of  page
		     tables.

	      Quicklists %lu (since Linux 2.6.27)
		     (CONFIG_QUICKLIST is required.)  [To be documented.]

	      NFS_Unstable %lu (since Linux 2.6.18)
		     NFS  pages	 sent  to the server, but not yet committed to
		     stable storage.

	      Bounce %lu (since Linux 2.6.18)
		     Memory used for block device "bounce buffers".

	      WritebackTmp %lu (since Linux 2.6.26)
		     Memory used by FUSE for temporary writeback buffers.

	      CommitLimit %lu (since Linux 2.6.10)
		     This is the total amount of memory currently available to
		     be allocated on the system, expressed in kilobytes.  This
		     limit is adhered to only if strict overcommit  accounting
		     is	 enabled  (mode	 2 in /proc/sys/vm/overcommit_memory).
		     The  limit	 is  calculated	 according  to	 the   formula
		     described under /proc/sys/vm/overcommit_memory.  For fur‐
		     ther details,  see	 the  kernel  source  file  Documenta‐
		     tion/vm/overcommit-accounting.

	      Committed_AS %lu
		     The  amount  of memory presently allocated on the system.
		     The committed memory is a sum of all of the memory	 which
		     has  been allocated by processes, even if it has not been
		     "used" by them as of yet.	A process which allocates  1GB
		     of	 memory (using malloc(3) or similar), but touches only
		     300MB of that memory will show up as using only 300MB  of
		     memory even if it has the address space allocated for the
		     entire 1GB.

		     This 1GB is memory which has been "committed" to  by  the
		     VM and can be used at any time by the allocating applica‐
		     tion.  With strict overcommit enabled on the system (mode
		     2	in  /proc/sys/vm/overcommit_memory), allocations which
		     would exceed the CommitLimit will not be permitted.  This
		     is	 useful	 if one needs to guarantee that processes will
		     not fail due to lack of memory once that memory has  been
		     successfully allocated.

	      VmallocTotal %lu
		     Total size of vmalloc memory area.

	      VmallocUsed %lu
		     Amount of vmalloc area which is used.

	      VmallocChunk %lu
		     Largest contiguous block of vmalloc area which is free.

	      HardwareCorrupted %lu (since Linux 2.6.32)
		     (CONFIG_MEMORY_FAILURE is required.)  [To be documented.]

	      AnonHugePages %lu (since Linux 2.6.38)
		     (CONFIG_TRANSPARENT_HUGEPAGE   is	 required.)   Non-file
		     backed huge pages mapped into user-space page tables.

	      ShmemHugePages %lu (since Linux 4.8)
		     (CONFIG_TRANSPARENT_HUGEPAGE is required.)	  Memory  used
		     by shared memory (shmem) and tmpfs(5) allocated with huge
		     pages

	      ShmemPmdMapped %lu (since Linux 4.8)
		     (CONFIG_TRANSPARENT_HUGEPAGE is required.)	 Shared memory
		     mapped into user space with huge pages.

	      CmaTotal %lu (since Linux 3.1)
		     Total  CMA	 (Contiguous  Memory  Allocator) pages.	 (CON‐
		     FIG_CMA is required.)

	      CmaFree %lu (since Linux 3.1)
		     Free CMA  (Contiguous  Memory  Allocator)	pages.	 (CON‐
		     FIG_CMA is required.)

	      HugePages_Total %lu
		     (CONFIG_HUGETLB_PAGE  is required.)  The size of the pool
		     of huge pages.

	      HugePages_Free %lu
		     (CONFIG_HUGETLB_PAGE is required.)	 The  number  of  huge
		     pages in the pool that are not yet allocated.

	      HugePages_Rsvd %lu (since Linux 2.6.17)
		     (CONFIG_HUGETLB_PAGE is required.)	 This is the number of
		     huge pages for which a commitment to  allocate  from  the
		     pool  has been made, but no allocation has yet been made.
		     These reserved huge pages guarantee that  an  application
		     will  be  able  to	 allocate a huge page from the pool of
		     huge pages at fault time.

	      HugePages_Surp %lu (since Linux 2.6.24)
		     (CONFIG_HUGETLB_PAGE is required.)	 This is the number of
		     huge   pages   in	 the   pool   above   the   value   in
		     /proc/sys/vm/nr_hugepages.	 The maximum number of surplus
		     huge  pages  is  controlled  by  /proc/sys/vm/nr_overcom‐
		     mit_hugepages.

	      Hugepagesize %lu
		     (CONFIG_HUGETLB_PAGE is  required.)   The	size  of  huge
		     pages.

	      DirectMap4k %lu (since Linux 2.6.27)
		     Number  of	 bytes of RAM linearly mapped by kernel in 4kB
		     pages.  (x86.)

	      DirectMap4M %lu (since Linux 2.6.27)
		     Number of bytes of RAM linearly mapped by kernel  in  4MB
		     pages.    (x86   with   CONFIG_X86_64  or	CONFIG_X86_PAE
		     enabled.)

	      DirectMap2M %lu (since Linux 2.6.27)
		     Number of bytes of RAM linearly mapped by kernel  in  2MB
		     pages.    (x86   with   neither  CONFIG_X86_64  nor  CON‐
		     FIG_X86_PAE enabled.)

	      DirectMap1G %lu (since Linux 2.6.27)
		     (x86  with	 CONFIG_X86_64	and  CONFIG_X86_DIRECT_GBPAGES
		     enabled.)

       /proc/modules
	      A	 text list of the modules that have been loaded by the system.
	      See also lsmod(8).

       /proc/mounts
	      Before kernel 2.4.19, this file was a list of all	 the  filesys‐
	      tems  currently mounted on the system.  With the introduction of
	      per-process mount namespaces in Linux 2.4.19  (see  mount_names‐
	      paces(7)),  this	file became a link to /proc/self/mounts, which
	      lists the mount points of the  process's	own  mount  namespace.
	      The format of this file is documented in fstab(5).

       /proc/mtrr
	      Memory  Type  Range Registers.  See the Linux kernel source file
	      Documentation/x86/mtrr.txt  (or  Documentation/mtrr.txt	before
	      Linux 2.6.28) for details.

       /proc/net
	      This  directory  contains	 various files and subdirectories con‐
	      taining information about the networking layer.  The files  con‐
	      tain  ASCII structures and are, therefore, readable with cat(1).
	      However, the standard netstat(8)	suite  provides	 much  cleaner
	      access to these files.

	      With  the	 advent	 of  network  namespaces,  various information
	      relating	to  the	 network  stack	 is  virtualized  (see	names‐
	      paces(7)).   Thus,  since	 Linux 2.6.25, /proc/net is a symbolic
	      link to the directory /proc/self/net, which  contains  the  same
	      files and directories as listed below.  However, these files and
	      directories now expose information for the network namespace  of
	      which the process is a member.

       /proc/net/arp
	      This  holds  an ASCII readable dump of the kernel ARP table used
	      for address resolutions.	It will show both dynamically  learned
	      and preprogrammed ARP entries.  The format is:

       IP address     HW type	Flags	  HW address	      Mask   Device
       192.168.0.50   0x1	0x2	  00:50:BF:25:68:F3   *	     eth0
       192.168.0.250  0x1	0xc	  00:00:00:00:00:00   *	     eth0

	      Here "IP address" is the IPv4 address of the machine and the "HW
	      type" is the hardware type of the	 address  from	RFC 826.   The
	      flags are the internal flags of the ARP structure (as defined in
	      /usr/include/linux/if_arp.h) and the "HW address"	 is  the  data
	      link layer mapping for that IP address if it is known.

       /proc/net/dev
	      The  dev pseudo-file contains network device status information.
	      This gives the number of received and sent packets,  the	number
	      of  errors and collisions and other basic statistics.  These are
	      used by the ifconfig(8) program to report	 device	 status.   The
	      format is:

 Inter-|   Receive						  |  Transmit
  face |bytes	 packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
     lo: 2776770   11307    0	 0    0	    0	       0	 0  2776770   11307    0    0	 0     0       0	  0
   eth0: 1215645    2751    0	 0    0	    0	       0	 0  1782404    4324    0    0	 0   427       0	  0
   ppp0: 1622270    5552    1	 0    0	    0	       0	 0   354130    5669    0    0	 0     0       0	  0
   tap0:    7714      81    0	 0    0	    0	       0	 0     7714	 81    0    0	 0     0       0	  0

       /proc/net/dev_mcast
	      Defined in /usr/src/linux/net/core/dev_mcast.c:

		  indx interface_name  dmi_u dmi_g dmi_address
		  2    eth0	       1     0	   01005e000001
		  3    eth1	       1     0	   01005e000001
		  4    eth2	       1     0	   01005e000001

       /proc/net/igmp
	      Internet	   Group     Management	   Protocol.	 Defined    in
	      /usr/src/linux/net/core/igmp.c.

       /proc/net/rarp
	      This file uses the same format as the arp file and contains  the
	      current reverse mapping database used to provide rarp(8) reverse
	      address lookup services.	If RARP is  not	 configured  into  the
	      kernel, this file will not be present.

       /proc/net/raw
	      Holds  a	dump of the RAW socket table.  Much of the information
	      is not of use apart from debugging.  The "sl" value is the  ker‐
	      nel  hash	 slot for the socket, the "local_address" is the local
	      address and protocol number pair.	 "St" is the  internal	status
	      of  the  socket.	The "tx_queue" and "rx_queue" are the outgoing
	      and incoming data queue in terms of kernel  memory  usage.   The
	      "tr", "tm->when", and "rexmits" fields are not used by RAW.  The
	      "uid" field holds the  effective	UID  of	 the  creator  of  the
	      socket.

       /proc/net/snmp
	      This file holds the ASCII data needed for the IP, ICMP, TCP, and
	      UDP management information bases for an SNMP agent.

       /proc/net/tcp
	      Holds a dump of the TCP socket table.  Much of  the  information
	      is  not of use apart from debugging.  The "sl" value is the ker‐
	      nel hash slot for the socket, the "local_address" is  the	 local
	      address  and  port number pair.  The "rem_address" is the remote
	      address and port number pair (if connected).  "St" is the inter‐
	      nal status of the socket.	 The "tx_queue" and "rx_queue" are the
	      outgoing and incoming data  queue	 in  terms  of	kernel	memory
	      usage.  The "tr", "tm->when", and "rexmits" fields hold internal
	      information of the kernel socket state and are useful  only  for
	      debugging.   The "uid" field holds the effective UID of the cre‐
	      ator of the socket.

       /proc/net/udp
	      Holds a dump of the UDP socket table.  Much of  the  information
	      is  not of use apart from debugging.  The "sl" value is the ker‐
	      nel hash slot for the socket, the "local_address" is  the	 local
	      address  and  port number pair.  The "rem_address" is the remote
	      address and port number pair (if connected).  "St" is the inter‐
	      nal status of the socket.	 The "tx_queue" and "rx_queue" are the
	      outgoing and incoming data  queue	 in  terms  of	kernel	memory
	      usage.   The "tr", "tm->when", and "rexmits" fields are not used
	      by UDP.  The "uid" field holds the effective UID of the  creator
	      of the socket.  The format is:

 sl  local_address rem_address	 st tx_queue rx_queue tr rexmits  tm->when uid
  1: 01642C89:0201 0C642C89:03FF 01 00000000:00000001 01:000071BA 00000000 0
  1: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 6F000100 0
  1: 00000000:0201 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0

       /proc/net/unix
	      Lists  the  UNIX	domain	sockets	 present within the system and
	      their status.  The format is:

 Num RefCount Protocol Flags	Type St Path
  0: 00000002 00000000 00000000 0001 03
  1: 00000001 00000000 00010000 0001 01 /dev/printer

	      The fields are as follows:

	      Num:	the kernel table slot number.

	      RefCount: the number of users of the socket.

	      Protocol: currently always 0.

	      Flags:	the internal kernel flags holding the  status  of  the
			socket.

	      Type:	the  socket  type.   For  SOCK_STREAM sockets, this is
			0001; for SOCK_DGRAM sockets,  it  is  0002;  and  for
			SOCK_SEQPACKET sockets, it is 0005.

	      St:	the internal state of the socket.

	      Path:	the bound path (if any) of the socket.	Sockets in the
			abstract namespace are included in the list,  and  are
			shown  with  a	Path that commences with the character
			'@'.

       /proc/net/netfilter/nfnetlink_queue
	      This file contains information about netfilter user-space queue‐
	      ing,  if	used.  Each line represents a queue.  Queues that have
	      not been subscribed to by user space are not shown.

		     1	 4207	  0  2 65535	 0     0	0  1
		    (1)	  (2)	 (3)(4)	 (5)	(6)   (7)      (8)

	      The fields in each line are:

	      (1)  The ID of the queue.	 This matches what is specified in the
		   --queue-num	or  --queue-balance options to the iptables(8)
		   NFQUEUE target.  See iptables-extensions(8) for more infor‐
		   mation.

	      (2)  The netlink port ID subscribed to the queue.

	      (3)  The	number	of  packets currently queued and waiting to be
		   processed by the application.

	      (4)  The copy mode of the queue.	It is either 1 (metadata only)
		   or 2 (also copy payload data to user space).

	      (5)  Copy	 range;	 that  is,  how	 many  bytes of packet payload
		   should be copied to user space at most.

	      (6)  queue dropped.  Number of packets that had to be dropped by
		   the kernel because too many packets are already waiting for
		   user space to send back the mandatory accept/drop verdicts.

	      (7)  queue user dropped.	Number of packets  that	 were  dropped
		   within  the	netlink	 subsystem.  Such drops usually happen
		   when the corresponding socket buffer is full; that is, user
		   space is not able to read messages fast enough.

	      (8)  sequence  number.  Every queued packet is associated with a
		   (32-bit) monotonically-increasing  sequence	number.	  This
		   shows the ID of the most recent packet queued.

	      The  last	 number	 exists	 only for compatibility reasons and is
	      always 1.

       /proc/partitions
	      Contains the major and minor numbers of each partition  as  well
	      as the number of 1024-byte blocks and the partition name.

       /proc/pci
	      This  is	a  listing of all PCI devices found during kernel ini‐
	      tialization and their configuration.

	      This file has been deprecated in favor of a new /proc  interface
	      for  PCI	(/proc/bus/pci).   It  became  optional	 in  Linux 2.2
	      (available with CONFIG_PCI_OLD_PROC set at kernel	 compilation).
	      It  became  once more nonoptionally enabled in Linux 2.4.	 Next,
	      it was deprecated	 in  Linux  2.6	 (still	 available  with  CON‐
	      FIG_PCI_LEGACY_PROC  set),  and finally removed altogether since
	      Linux 2.6.17.

       /proc/profile (since Linux 2.4)
	      This file is present only if the kernel was booted with the pro‐
	      file=1  command-line option.  It exposes kernel profiling infor‐
	      mation in a binary format for use	 by  readprofile(1).   Writing
	      (e.g.,  an empty string) to this file resets the profiling coun‐
	      ters; on some architectures, writing a binary integer "profiling
	      multiplier"  of  size  sizeof(int)  sets the profiling interrupt
	      frequency.

       /proc/scsi
	      A directory with the scsi mid-level pseudo-file and various SCSI
	      low-level driver directories, which contain a file for each SCSI
	      host in this system, all of which give the status of  some  part
	      of  the SCSI IO subsystem.  These files contain ASCII structures
	      and are, therefore, readable with cat(1).

	      You can also write to some of the files to reconfigure the  sub‐
	      system or switch certain features on or off.

       /proc/scsi/scsi
	      This  is a listing of all SCSI devices known to the kernel.  The
	      listing is similar to the one seen  during  bootup.   scsi  cur‐
	      rently  supports only the add-single-device command which allows
	      root to add a hotplugged device to the list of known devices.

	      The command

		  echo 'scsi add-single-device 1 0 5 0' > /proc/scsi/scsi

	      will cause host scsi1 to scan on SCSI channel 0 for a device  on
	      ID  5 LUN 0.  If there is already a device known on this address
	      or the address is invalid, an error will be returned.

       /proc/scsi/[drivername]
	      [drivername]  can	 currently  be	NCR53c7xx,  aha152x,  aha1542,
	      aha1740, aic7xxx, buslogic, eata_dma, eata_pio, fdomain, in2000,
	      pas16, qlogic, scsi_debug, seagate, t128,	 u15-24f,  ultrastore,
	      or  wd7000.  These directories show up for all drivers that reg‐
	      istered at least one SCSI HBA.   Every  directory	 contains  one
	      file  per	 registered  host.  Every host-file is named after the
	      number the host was assigned during initialization.

	      Reading these files will usually show driver and host configura‐
	      tion, statistics, and so on.

	      Writing  to  these  files	 allows	 different things on different
	      hosts.  For example, with the latency  and  nolatency  commands,
	      root  can	 switch on and off command latency measurement code in
	      the eata_dma driver.  With the lockup and unlock commands,  root
	      can control bus lockups simulated by the scsi_debug driver.

       /proc/self
	      This  directory  refers  to  the	process	 accessing  the	 /proc
	      filesystem, and is identical to the /proc directory named by the
	      process ID of the same process.

       /proc/slabinfo
	      Information about kernel caches.	See slabinfo(5) for details.

       /proc/stat
	      kernel/system  statistics.   Varies  with	 architecture.	Common
	      entries include:

	      cpu 10132153 290696 3084719 46828483 16683 0 25195 0 175628 0
	      cpu0 1393280 32966 572056 13343292 6130 0 17875 0 23933 0
		     The  amount  of  time,  measured  in  units  of   USER_HZ
		     (1/100ths	 of   a	 second	 on  most  architectures,  use
		     sysconf(_SC_CLK_TCK) to obtain the right value), that the
		     system  ("cpu"  line)  or	the specific CPU ("cpuN" line)
		     spent in various states:

		     user   (1) Time spent in user mode.

		     nice   (2) Time spent in  user  mode  with	 low  priority
			    (nice).

		     system (3) Time spent in system mode.

		     idle   (4)	 Time  spent  in  the  idle  task.  This value
			    should be USER_HZ times the second	entry  in  the
			    /proc/uptime pseudo-file.

		     iowait (since Linux 2.5.41)
			    (5)	 Time waiting for I/O to complete.  This value
			    is not reliable, for the following reasons:

			    1. The CPU will not	 wait  for  I/O	 to  complete;
			       iowait  is  the time that a task is waiting for
			       I/O to complete.	 When a	 CPU  goes  into  idle
			       state  for  outstanding	task I/O, another task
			       will be scheduled on this CPU.

			    2. On a multi-core CPU, the task waiting  for  I/O
			       to  complete  is not running on any CPU, so the
			       iowait of each CPU is difficult to calculate.

			    3. The value in this field may decrease in certain
			       conditions.

		     irq (since Linux 2.6.0-test4)
			    (6) Time servicing interrupts.

		     softirq (since Linux 2.6.0-test4)
			    (7) Time servicing softirqs.

		     steal (since Linux 2.6.11)
			    (8)	 Stolen time, which is the time spent in other
			    operating systems when running  in	a  virtualized
			    environment

		     guest (since Linux 2.6.24)
			    (9)	 Time  spent  running  a virtual CPU for guest
			    operating systems under the control of  the	 Linux
			    kernel.

		     guest_nice (since Linux 2.6.33)
			    (10) Time spent running a niced guest (virtual CPU
			    for guest operating systems under the  control  of
			    the Linux kernel).

	      page 5741 1808
		     The  number  of  pages the system paged in and the number
		     that were paged out (from disk).

	      swap 1 0
		     The number of swap pages that have been  brought  in  and
		     out.

	      intr 1462898
		     This  line shows counts of interrupts serviced since boot
		     time, for each of the possible  system  interrupts.   The
		     first  column  is	the  total  of all interrupts serviced
		     including unnumbered  architecture	 specific  interrupts;
		     each  subsequent  column is the total for that particular
		     numbered interrupt.  Unnumbered interrupts are not shown,
		     only summed into the total.

	      disk_io: (2,0):(31,30,5764,1,2) (3,0):...
		     (major,disk_idx):(noinfo,	   read_io_ops,	    blks_read,
		     write_io_ops, blks_written)
		     (Linux 2.4 only)

	      ctxt 115315
		     The number of context switches that the system underwent.

	      btime 769041601
		     boot  time,  in  seconds  since  the  Epoch,   1970-01-01
		     00:00:00 +0000 (UTC).

	      processes 86031
		     Number of forks since boot.

	      procs_running 6
		     Number  of	 processes  in	runnable state.	 (Linux 2.5.45
		     onward.)

	      procs_blocked 2
		     Number of processes blocked waiting for I/O to  complete.
		     (Linux 2.5.45 onward.)

	      softirq  229245889 94 60001584 13619 5175704 2471304 28 51212741
	      59130143 0 51240672
		     This line shows the number of softirq for all CPUs.   The
		     first column is the total of all softirqs and each subse‐
		     quent column is the total for particular softirq.	(Linux
		     2.6.31 onward.)

       /proc/swaps
	      Swap areas in use.  See also swapon(8).

       /proc/sys
	      This directory (present since 1.3.57) contains a number of files
	      and subdirectories corresponding	to  kernel  variables.	 These
	      variables	 can  be  read	and sometimes modified using the /proc
	      filesystem, and the (deprecated) sysctl(2) system call.

	      String values may be terminated by either '\0' or '\n'.

	      Integer and long values may be written either in decimal	or  in
	      hexadecimal notation (e.g. 0x3FFF).  When writing multiple inte‐
	      ger or long values, these may be separated by any of the follow‐
	      ing whitespace characters: ' ', '\t', or '\n'.  Using other sep‐
	      arators leads to the error EINVAL.

       /proc/sys/abi (since Linux 2.4.10)
	      This directory may contain files with application binary	infor‐
	      mation.	 See   the   Linux   kernel   source  file  Documenta‐
	      tion/sysctl/abi.txt for more information.

       /proc/sys/debug
	      This directory may be empty.

       /proc/sys/dev
	      This  directory  contains	 device-specific  information	(e.g.,
	      dev/cdrom/info).	On some systems, it may be empty.

       /proc/sys/fs
	      This  directory contains the files and subdirectories for kernel
	      variables related to filesystems.

       /proc/sys/fs/binfmt_misc
	      Documentation for files in this directory can be	found  in  the
	      Linux   kernel   source	in   the   file	  Documentation/admin-
	      guide/binfmt-misc.rst (or	 in  Documentation/binfmt_misc.txt  on
	      older kernels).

       /proc/sys/fs/dentry-state (since Linux 2.2)
	      This file contains information about the status of the directory
	      cache (dcache).	The  file  contains  six  numbers,  nr_dentry,
	      nr_unused,   age_limit   (age  in	 seconds),  want_pages	(pages
	      requested by system) and two dummy values.

	      * nr_dentry  is  the  number  of	allocated   dentries   (dcache
		entries).  This field is unused in Linux 2.2.

	      * nr_unused is the number of unused dentries.

	      * age_limit is the age in seconds after which dcache entries can
		be reclaimed when memory is short.

	      * want_pages   is	  nonzero   when   the	 kernel	  has	called
		shrink_dcache_pages() and the dcache isn't pruned yet.

       /proc/sys/fs/dir-notify-enable
	      This file can be used to disable or enable the dnotify interface
	      described in fcntl(2) on a system-wide basis.  A value of	 0  in
	      this file disables the interface, and a value of 1 enables it.

       /proc/sys/fs/dquot-max
	      This file shows the maximum number of cached disk quota entries.
	      On some (2.4) systems, it is not present.	 If the number of free
	      cached  disk quota entries is very low and you have some awesome
	      number of simultaneous system users, you might want to raise the
	      limit.

       /proc/sys/fs/dquot-nr
	      This  file  shows the number of allocated disk quota entries and
	      the number of free disk quota entries.

       /proc/sys/fs/epoll (since Linux 2.6.28)
	      This directory contains the file max_user_watches, which can  be
	      used  to limit the amount of kernel memory consumed by the epoll
	      interface.  For further details, see epoll(7).

       /proc/sys/fs/file-max
	      This file defines a system-wide limit  on	 the  number  of  open
	      files for all processes.	System calls that fail when encounter‐
	      ing this limit fail with the  error  ENFILE.   (See  also	 setr‐
	      limit(2),	 which can be used by a process to set the per-process
	      limit, RLIMIT_NOFILE, on the number of files it may  open.)   If
	      you  get	lots of error messages in the kernel log about running
	      out of file handles (look	 for  "VFS:  file-max  limit  <number>
	      reached"), try increasing this value:

		  echo 100000 > /proc/sys/fs/file-max

	      Privileged  processes  (CAP_SYS_ADMIN) can override the file-max
	      limit.

       /proc/sys/fs/file-nr
	      This (read-only) file contains  three  numbers:  the  number  of
	      allocated	 file  handles	(i.e.,	the  number of files presently
	      opened); the number of free file handles; and the maximum number
	      of file handles (i.e., the same value as /proc/sys/fs/file-max).
	      If the number of allocated file handles is close to the maximum,
	      you  should  consider increasing the maximum.  Before Linux 2.6,
	      the kernel allocated file handles	 dynamically,  but  it	didn't
	      free  them  again.  Instead the free file handles were kept in a
	      list for reallocation; the "free file handles"  value  indicates
	      the  size	 of  that  list.   A large number of free file handles
	      indicates that there was a past peak in the usage of  open  file
	      handles.	Since Linux 2.6, the kernel does deallocate freed file
	      handles, and the "free file handles" value is always zero.

       /proc/sys/fs/inode-max (only present until Linux 2.2)
	      This file contains the maximum number of in-memory inodes.  This
	      value  should  be	 3–4  times larger than the value in file-max,
	      since stdin, stdout and network sockets also need	 an  inode  to
	      handle  them.  When you regularly run out of inodes, you need to
	      increase this value.

	      Starting with Linux 2.4, there is no longer a  static  limit  on
	      the number of inodes, and this file is removed.

       /proc/sys/fs/inode-nr
	      This file contains the first two values from inode-state.

       /proc/sys/fs/inode-state
	      This  file  contains  seven  numbers: nr_inodes, nr_free_inodes,
	      preshrink, and four dummy values (always zero).

	      nr_inodes is the number of  inodes  the  system  has  allocated.
	      nr_free_inodes represents the number of free inodes.

	      preshrink is nonzero when the nr_inodes > inode-max and the sys‐
	      tem needs to prune the inode list instead	 of  allocating	 more;
	      since Linux 2.4, this field is a dummy value (always zero).

       /proc/sys/fs/inotify (since Linux 2.6.13)
	      This     directory     contains	  files	    max_queued_events,
	      max_user_instances, and max_user_watches, that can  be  used  to
	      limit the amount of kernel memory consumed by the inotify inter‐
	      face.  For further details, see inotify(7).

       /proc/sys/fs/lease-break-time
	      This file specifies the grace period that the kernel grants to a
	      process holding a file lease (fcntl(2)) after it has sent a sig‐
	      nal to that process notifying it that another process is waiting
	      to  open the file.  If the lease holder does not remove or down‐
	      grade the lease within this grace period,	 the  kernel  forcibly
	      breaks the lease.

       /proc/sys/fs/leases-enable
	      This  file  can  be  used	 to  enable  or	 disable  file	leases
	      (fcntl(2)) on a system-wide basis.  If this  file	 contains  the
	      value 0, leases are disabled.  A nonzero value enables leases.

       /proc/sys/fs/mount-max (since Linux 4.9)
	      The  value  in  this file specifies the maximum number of mounts
	      that may exist in a mount namespace.  The default value in  this
	      file is 100,000.

       /proc/sys/fs/mqueue (since Linux 2.6.6)
	      This   directory	 contains   files  msg_max,  msgsize_max,  and
	      queues_max, controlling the  resources  used  by	POSIX  message
	      queues.  See mq_overview(7) for details.

       /proc/sys/fs/nr_open (since Linux 2.6.25)
	      This   file   imposes   ceiling	on  the	 value	to  which  the
	      RLIMIT_NOFILE resource limit can be raised  (see	getrlimit(2)).
	      This  ceiling  is	 enforced for both unprivileged and privileged
	      process.	The default value in this file	is  1048576.   (Before
	      Linux  2.6.25,  the  ceiling for RLIMIT_NOFILE was hard-coded to
	      the same value.)

       /proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid
	      These files allow you to change the value of the fixed  UID  and
	      GID.   The  default  is  65534.	Some  filesystems support only
	      16-bit UIDs and GIDs, although in Linux UIDs  and	 GIDs  are  32
	      bits.   When  one	 of  these  filesystems is mounted with writes
	      enabled, any UID or GID that would exceed 65535 is translated to
	      the overflow value before being written to disk.

       /proc/sys/fs/pipe-max-size (since Linux 2.6.35)
	      See pipe(7).

       /proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)
	      See pipe(7).

       /proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)
	      See pipe(7).

       /proc/sys/fs/protected_hardlinks (since Linux 3.6)
	      When  the value in this file is 0, no restrictions are placed on
	      the creation of hard links (i.e., this is the historical	behav‐
	      ior before Linux 3.6).  When the value in this file is 1, a hard
	      link can be created to a target file only if one of the  follow‐
	      ing conditions is true:

	      *	 The calling process has the CAP_FOWNER capability in its user
		 namespace and the file UID has a mapping in the namespace.

	      *	 The filesystem UID of the process creating the	 link  matches
		 the  owner  (UID) of the target file (as described in creden‐
		 tials(7), a process's filesystem UID is normally the same  as
		 its effective UID).

	      *	 All of the following conditions are true:

		  ·  the target is a regular file;

		  ·  the  target  file	does not have its set-user-ID mode bit
		     enabled;

		  ·  the target file does not have both its  set-group-ID  and
		     group-executable mode bits enabled; and

		  ·  the  caller  has  permission to read and write the target
		     file (either via the file's permissions mask  or  because
		     it has suitable capabilities).

	      The  default  value  in  this file is 0.	Setting the value to 1
	      prevents a longstanding class of security issues caused by hard-
	      link-based  time-of-check, time-of-use races, most commonly seen
	      in world-writable directories such as /tmp.  The	common	method
	      of  exploiting  this  flaw is to cross privilege boundaries when
	      following a given hard link (i.e., a root process follows a hard
	      link created by another user).  Additionally, on systems without
	      separated partitions, this stops unauthorized users  from	 "pin‐
	      ning"  vulnerable	 set-user-ID  and  set-group-ID	 files against
	      being upgraded by	 the  administrator,  or  linking  to  special
	      files.

       /proc/sys/fs/protected_symlinks (since Linux 3.6)
	      When  the value in this file is 0, no restrictions are placed on
	      following symbolic links (i.e., this is the historical  behavior
	      before  Linux  3.6).  When the value in this file is 1, symbolic
	      links are followed only in the following circumstances:

	      *	 the filesystem UID of the process following the link  matches
		 the owner (UID) of the symbolic link (as described in creden‐
		 tials(7), a process's filesystem UID is normally the same  as
		 its effective UID);

	      *	 the link is not in a sticky world-writable directory; or

	      *	 the  symbolic	link  and  its	parent directory have the same
		 owner (UID)

	      A system call that fails to follow a symbolic  link  because  of
	      the above restrictions returns the error EACCES in errno.

	      The  default  value  in  this file is 0.	Setting the value to 1
	      avoids a longstanding class of security issues based on time-of-
	      check, time-of-use races when accessing symbolic links.

       /proc/sys/fs/suid_dumpable (since Linux 2.6.13)
	      The  value  in  this  file is assigned to a process's "dumpable"
	      flag in the circumstances described in prctl(2).	In effect, the
	      value  in	 this file determines whether core dump files are pro‐
	      duced for set-user-ID or otherwise  protected/tainted  binaries.
	      The  "dumpable" setting also affects the ownership of files in a
	      process's /proc/[pid] directory, as described above.

	      Three different integer values can be specified:

	      0 (default)
		     This provides the traditional (pre-Linux  2.6.13)	behav‐
		     ior.   A  core  dump  will	 not be produced for a process
		     which has changed	credentials  (by  calling  seteuid(2),
		     setgid(2),	 or  similar, or by executing a set-user-ID or
		     set-group-ID program) or whose binary does not have  read
		     permission enabled.

	      1 ("debug")
		     All  processes  dump  core when possible.	(Reasons why a
		     process might nevertheless not dump core are described in
		     core(5).)	 The core dump is owned by the filesystem user
		     ID of the dumping process and  no	security  is  applied.
		     This  is  intended	 for system debugging situations only:
		     this mode is  insecure  because  it  allows  unprivileged
		     users  to	examine the memory contents of privileged pro‐
		     cesses.

	      2 ("suidsafe")
		     Any binary which normally would not be  dumped  (see  "0"
		     above)  is dumped readable by root only.  This allows the
		     user to remove the core dump file but  not	 to  read  it.
		     For  security  reasons  core  dumps in this mode will not
		     overwrite one another  or	other  files.	This  mode  is
		     appropriate  when	administrators are attempting to debug
		     problems in a normal environment.

		     Additionally, since Linux 3.6, /proc/sys/kernel/core_pat‐
		     tern  must	 either be an absolute pathname or a pipe com‐
		     mand, as detailed in core(5).  Warnings will  be  written
		     to	 the  kernel log if core_pattern does not follow these
		     rules, and no core dump will be produced.

	      For details of the effect of a process's "dumpable"  setting  on
	      ptrace access mode checking, see ptrace(2).

       /proc/sys/fs/super-max
	      This  file  controls the maximum number of superblocks, and thus
	      the maximum number of mounted filesystems the kernel  can	 have.
	      You  need	 increase  only	 super-max  if	you need to mount more
	      filesystems than the current value in super-max allows you to.

       /proc/sys/fs/super-nr
	      This file contains the number of filesystems currently mounted.

       /proc/sys/kernel
	      This directory contains files  controlling  a  range  of	kernel
	      parameters, as described below.

       /proc/sys/kernel/acct
	      This  file contains three numbers: highwater, lowwater, and fre‐
	      quency.  If BSD-style process accounting is enabled, these  val‐
	      ues control its behavior.	 If free space on filesystem where the
	      log lives goes below lowwater percent, accounting suspends.   If
	      free  space  gets	 above	highwater percent, accounting resumes.
	      frequency determines how often the kernel checks the  amount  of
	      free  space  (value is in seconds).  Default values are 4, 2 and
	      30.  That is, suspend accounting if 2% or less  space  is	 free;
	      resume  it  if  4%  or  more space is free; consider information
	      about amount of free space valid for 30 seconds.

       /proc/sys/kernel/auto_msgmni (Linux 2.6.27 to 3.18)
	      From Linux 2.6.27 to 3.18, this file was used to control	recom‐
	      puting of the value in /proc/sys/kernel/msgmni upon the addition
	      or removal of memory or  upon  IPC  namespace  creation/removal.
	      Echoing  "1" into this file enabled msgmni automatic recomputing
	      (and triggered a recomputation of msgmni based  on  the  current
	      amount of available memory and number of IPC namespaces).	 Echo‐
	      ing "0" disabled automatic recomputing.  (Automatic  recomputing
	      was  also	 disabled  if  a  value	 was  explicitly  assigned  to
	      /proc/sys/kernel/msgmni.)	 The default value in auto_msgmni  was
	      1.

	      Since  Linux  3.19,  the	content	 of  this  file	 has no effect
	      (because msgmni defaults to near the  maximum  value  possible),
	      and reads from this file always return the value "0".

       /proc/sys/kernel/cap_last_cap (since Linux 3.2)
	      See capabilities(7).

       /proc/sys/kernel/cap-bound (from Linux 2.2 to 2.6.24)
	      This  file holds the value of the kernel capability bounding set
	      (expressed as a signed  decimal  number).	  This	set  is	 ANDed
	      against	the   capabilities   permitted	to  a  process	during
	      execve(2).  Starting with Linux 2.6.25, the system-wide capabil‐
	      ity  bounding  set disappeared, and was replaced by a per-thread
	      bounding set; see capabilities(7).

       /proc/sys/kernel/core_pattern
	      See core(5).

       /proc/sys/kernel/core_pipe_limit
	      See core(5).

       /proc/sys/kernel/core_uses_pid
	      See core(5).

       /proc/sys/kernel/ctrl-alt-del
	      This file controls the handling of Ctrl-Alt-Del  from  the  key‐
	      board.   When  the  value	 in  this  file	 is 0, Ctrl-Alt-Del is
	      trapped and sent to the init(1) program  to  handle  a  graceful
	      restart.	 When the value is greater than zero, Linux's reaction
	      to a Vulcan Nerve Pinch (tm) will be an immediate reboot,	 with‐
	      out  even syncing its dirty buffers.  Note: when a program (like
	      dosemu) has the keyboard in  "raw"  mode,	 the  ctrl-alt-del  is
	      intercepted by the program before it ever reaches the kernel tty
	      layer, and it's up to the program to decide what to do with it.

       /proc/sys/kernel/dmesg_restrict (since Linux 2.6.37)
	      The value in this file determines who can see kernel syslog con‐
	      tents.   A  value of 0 in this file imposes no restrictions.  If
	      the value is 1, only privileged users can read the  kernel  sys‐
	      log.   (See  syslog(2) for more details.)	 Since Linux 3.4, only
	      users with the CAP_SYS_ADMIN capability may change the value  in
	      this file.

       /proc/sys/kernel/domainname and /proc/sys/kernel/hostname
	      can  be  used  to	 set the NIS/YP domainname and the hostname of
	      your box in exactly the same way as the  commands	 domainname(1)
	      and hostname(1), that is:

		  # echo 'darkstar' > /proc/sys/kernel/hostname
		  # echo 'mydomain' > /proc/sys/kernel/domainname

	      has the same effect as

		  # hostname 'darkstar'
		  # domainname 'mydomain'

	      Note,  however, that the classic darkstar.frop.org has the host‐
	      name "darkstar" and DNS (Internet Domain Name Server) domainname
	      "frop.org", not to be confused with the NIS (Network Information
	      Service) or YP (Yellow  Pages)  domainname.   These  two	domain
	      names  are  in general different.	 For a detailed discussion see
	      the hostname(1) man page.

       /proc/sys/kernel/hotplug
	      This file contains the path for the hotplug policy  agent.   The
	      default value in this file is /sbin/hotplug.

       /proc/sys/kernel/htab-reclaim (before Linux 2.4.9.2)
	      (PowerPC	only) If this file is set to a nonzero value, the Pow‐
	      erPC htab (see kernel  file  Documentation/powerpc/ppc_htab.txt)
	      is pruned each time the system hits the idle loop.

       /proc/sys/kernel/keys/*
	      This directory contains various files that define parameters and
	      limits  for  the	key-management	facility.   These  files   are
	      described in keyrings(7).

       /proc/sys/kernel/kptr_restrict (since Linux 2.6.38)
	      The  value  in this file determines whether kernel addresses are
	      exposed via /proc files and other interfaces.  A value of	 0  in
	      this  file  imposes  no restrictions.  If the value is 1, kernel
	      pointers printed using the %pK format specifier will be replaced
	      with  zeros  unless  the user has the CAP_SYSLOG capability.  If
	      the value is 2, kernel pointers printed  using  the  %pK	format
	      specifier	 will  be replaced with zeros regardless of the user's
	      capabilities.  The initial default value for this	 file  was  1,
	      but  the	default was changed to 0 in Linux 2.6.39.  Since Linux
	      3.4, only users with the CAP_SYS_ADMIN capability can change the
	      value in this file.

       /proc/sys/kernel/l2cr
	      (PowerPC	only)  This  file contains a flag that controls the L2
	      cache of G3 processor boards.  If	 0,  the  cache	 is  disabled.
	      Enabled if nonzero.

       /proc/sys/kernel/modprobe
	      This  file  contains the path for the kernel module loader.  The
	      default value is /sbin/modprobe.	The file is  present  only  if
	      the  kernel  is  built  with  the CONFIG_MODULES (CONFIG_KMOD in
	      Linux 2.6.26 and earlier) option enabled.	 It  is	 described  by
	      the  Linux  kernel  source  file Documentation/kmod.txt (present
	      only in kernel 2.4 and earlier).

       /proc/sys/kernel/modules_disabled (since Linux 2.6.31)
	      A toggle value indicating if modules are allowed to be loaded in
	      an  otherwise  modular kernel.  This toggle defaults to off (0),
	      but can be set true (1).	Once  true,  modules  can  be  neither
	      loaded nor unloaded, and the toggle cannot be set back to false.
	      The file is present only if the kernel is built  with  the  CON‐
	      FIG_MODULES option enabled.

       /proc/sys/kernel/msgmax (since Linux 2.2)
	      This  file  defines  a  system-wide limit specifying the maximum
	      number of bytes in a single message written on a System  V  mes‐
	      sage queue.

       /proc/sys/kernel/msgmni (since Linux 2.4)
	      This file defines the system-wide limit on the number of message
	      queue identifiers.  See also /proc/sys/kernel/auto_msgmni.

       /proc/sys/kernel/msgmnb (since Linux 2.2)
	      This file defines a system-wide parameter used to initialize the
	      msg_qbytes setting for subsequently created message queues.  The
	      msg_qbytes setting specifies the maximum number  of  bytes  that
	      may be written to the message queue.

       /proc/sys/kernel/ngroups_max (since Linux 2.6.4)
	      This  is	a  read-only file that displays the upper limit on the
	      number of a process's group memberships.

       /proc/sys/kernel/ns_last_pid (since Linux 3.3)
	      See pid_namespaces(7).

       /proc/sys/kernel/ostype and /proc/sys/kernel/osrelease
	      These files give substrings of /proc/version.

       /proc/sys/kernel/overflowgid and /proc/sys/kernel/overflowuid
	      These files duplicate  the  files	 /proc/sys/fs/overflowgid  and
	      /proc/sys/fs/overflowuid.

       /proc/sys/kernel/panic
	      This  file  gives	 read/write  access  to	 the  kernel  variable
	      panic_timeout.  If this is zero,	the  kernel  will  loop	 on  a
	      panic;  if  nonzero, it indicates that the kernel should autore‐
	      boot after this number of seconds.  When you  use	 the  software
	      watchdog device driver, the recommended setting is 60.

       /proc/sys/kernel/panic_on_oops (since Linux 2.5.68)
	      This  file controls the kernel's behavior when an oops or BUG is
	      encountered.  If this file contains 0, then the system tries  to
	      continue	operation.  If it contains 1, then the system delays a
	      few seconds (to give klogd time to record the oops  output)  and
	      then   panics.   If  the	/proc/sys/kernel/panic	file  is  also
	      nonzero, then the machine will be rebooted.

       /proc/sys/kernel/pid_max (since Linux 2.5.34)
	      This file specifies the value at which PIDs wrap	around	(i.e.,
	      the  value  in  this  file is one greater than the maximum PID).
	      PIDs greater than this value are not allocated; thus, the	 value
	      in  this file also acts as a system-wide limit on the total num‐
	      ber of processes and threads.  The default value for this	 file,
	      32768,  results in the same range of PIDs as on earlier kernels.
	      On 32-bit platforms, 32768 is the maximum value for pid_max.  On
	      64-bit  systems,	pid_max	 can  be  set  to any value up to 2^22
	      (PID_MAX_LIMIT, approximately 4 million).

       /proc/sys/kernel/powersave-nap (PowerPC only)
	      This file contains a flag.  If set, Linux-PPC will use the "nap"
	      mode of powersaving, otherwise the "doze" mode will be used.

       /proc/sys/kernel/printk
	      See syslog(2).

       /proc/sys/kernel/pty (since Linux 2.6.4)
	      This directory contains two files relating to the number of UNIX
	      98 pseudoterminals (see pts(4)) on the system.

       /proc/sys/kernel/pty/max
	      This file defines the maximum number of pseudoterminals.

       /proc/sys/kernel/pty/nr
	      This read-only file indicates how many pseudoterminals are  cur‐
	      rently in use.

       /proc/sys/kernel/random
	      This directory contains various parameters controlling the oper‐
	      ation of the file /dev/random.  See random(4) for further infor‐
	      mation.

       /proc/sys/kernel/random/uuid (since Linux 2.4)
	      Each  read from this read-only file returns a randomly generated
	      128-bit UUID, as a string in the standard UUID format.

       /proc/sys/kernel/randomize_va_space (since Linux 2.6.12)
	      Select the address space layout randomization (ASLR) policy  for
	      the  system  (on architectures that support ASLR).  Three values
	      are supported for this file:

	      0	 Turn ASLR off.	 This is the default  for  architectures  that
		 don't	support	 ASLR,	and when the kernel is booted with the
		 norandmaps parameter.

	      1	 Make the addresses of mmap(2) allocations, the stack, and the
		 VDSO  page  randomized.   Among other things, this means that
		 shared libraries will be loaded at randomized addresses.  The
		 text  segment of PIE-linked binaries will also be loaded at a
		 randomized address.  This value is the default if the	kernel
		 was configured with CONFIG_COMPAT_BRK.

	      2	 (Since	 Linux	2.6.25) Also support heap randomization.  This
		 value is the default if the kernel was	 not  configured  with
		 CONFIG_COMPAT_BRK.

       /proc/sys/kernel/real-root-dev
	      This file is documented in the Linux kernel source file Documen‐
	      tation/admin-guide/initrd.rst    (or    Documentation/initrd.txt
	      before Linux 4.10).

       /proc/sys/kernel/reboot-cmd (Sparc only)
	      This  file  seems	 to  be a way to give an argument to the SPARC
	      ROM/Flash boot loader.  Maybe  to	 tell  it  what	 to  do	 after
	      rebooting?

       /proc/sys/kernel/rtsig-max
	      (Only  in	 kernels  up to and including 2.6.7; see setrlimit(2))
	      This file can be used to tune the maximum number of POSIX	 real-
	      time (queued) signals that can be outstanding in the system.

       /proc/sys/kernel/rtsig-nr
	      (Only  in	 kernels  up to and including 2.6.7.)  This file shows
	      the number of POSIX real-time signals currently queued.

       /proc/[pid]/sched_autogroup_enabled (since Linux 2.6.38)
	      See sched(7).

       /proc/sys/kernel/sched_child_runs_first (since Linux 2.6.23)
	      If this file contains the value zero, then, after a fork(2), the
	      parent  is  first	 scheduled on the CPU.	If the file contains a
	      nonzero value, then the child is scheduled  first	 on  the  CPU.
	      (Of course, on a multiprocessor system, the parent and the child
	      might both immediately be scheduled on a CPU.)

       /proc/sys/kernel/sched_rr_timeslice_ms (since Linux 3.9)
	      See sched_rr_get_interval(2).

       /proc/sys/kernel/sched_rt_period_us (since Linux 2.6.25)
	      See sched(7).

       /proc/sys/kernel/sched_rt_runtime_us (since Linux 2.6.25)
	      See sched(7).

       /proc/sys/kernel/seccomp (since Linux 4.14)
	      This directory provides additional seccomp information and  con‐
	      figuration.  See seccomp(2) for further details.

       /proc/sys/kernel/sem (since Linux 2.4)
	      This  file  contains  4 numbers defining limits for System V IPC
	      semaphores.  These fields are, in order:

	      SEMMSL  The maximum semaphores per semaphore set.

	      SEMMNS  A system-wide limit on the number of semaphores  in  all
		      semaphore sets.

	      SEMOPM  The  maximum  number of operations that may be specified
		      in a semop(2) call.

	      SEMMNI  A system-wide limit on the maximum number	 of  semaphore
		      identifiers.

       /proc/sys/kernel/sg-big-buff
	      This file shows the size of the generic SCSI device (sg) buffer.
	      You can't tune it just yet, but you could change it  at  compile
	      time  by	editing	 include/scsi/sg.h  and	 changing the value of
	      SG_BIG_BUFF.  However, there shouldn't be any reason  to	change
	      this value.

       /proc/sys/kernel/shm_rmid_forced (since Linux 3.1)
	      If  this	file  is set to 1, all System V shared memory segments
	      will be marked for destruction as soon as the number of attached
	      processes	 falls to zero; in other words, it is no longer possi‐
	      ble to create shared memory segments that exist independently of
	      any attached process.

	      The effect is as though a shmctl(2) IPC_RMID is performed on all
	      existing segments as well as all segments created in the	future
	      (until  this  file  is reset to 0).  Note that existing segments
	      that are attached to no process will  be	immediately  destroyed
	      when  this  file	is  set	 to  1.	 Setting this option will also
	      destroy segments that were created,  but	never  attached,  upon
	      termination  of  the  process  that  created  the	 segment  with
	      shmget(2).

	      Setting this file to 1 provides a way of ensuring that all  Sys‐
	      tem  V  shared  memory segments are counted against the resource
	      usage and resource limits (see the description of	 RLIMIT_AS  in
	      getrlimit(2)) of at least one process.

	      Because  setting	this  file to 1 produces behavior that is non‐
	      standard and could also break existing applications, the default
	      value  in this file is 0.	 Set this file to 1 only if you have a
	      good understanding of the semantics of  the  applications	 using
	      System V shared memory on your system.

       /proc/sys/kernel/shmall (since Linux 2.2)
	      This  file contains the system-wide limit on the total number of
	      pages of System V shared memory.

       /proc/sys/kernel/shmmax (since Linux 2.2)
	      This file can be used to query and set the run-time limit on the
	      maximum  (System	V  IPC) shared memory segment size that can be
	      created.	Shared memory segments up to 1GB are now supported  in
	      the kernel.  This value defaults to SHMMAX.

       /proc/sys/kernel/shmmni (since Linux 2.4)
	      This  file  specifies the system-wide maximum number of System V
	      shared memory segments that can be created.

       /proc/sys/kernel/sysctl_writes_strict (since Linux 3.16)
	      The value in this file determines how the	 file  offset  affects
	      the  behavior of updating entries in files under /proc/sys.  The
	      file has three possible values:

	      -1  This provides legacy	handling,  with	 no  printk  warnings.
		  Each	write(2)  must	fully contain the value to be written,
		  and multiple writes on the same file descriptor  will	 over‐
		  write the entire value, regardless of the file position.

	      0	  (default)  This  provides  the  same behavior as for -1, but
		  printk warnings  are	written	 for  processes	 that  perform
		  writes when the file offset is not 0.

	      1	  Respect  the file offset when writing strings into /proc/sys
		  files.  Multiple writes will append  to  the	value  buffer.
		  Anything written beyond the maximum length of the value buf‐
		  fer will be ignored.	Writes to  numeric  /proc/sys  entries
		  must	always be at file offset 0 and the value must be fully
		  contained in the buffer provided to write(2).

       /proc/sys/kernel/sysrq
	      This file controls the functions allowed to be  invoked  by  the
	      SysRq  key.   By default, the file contains 1 meaning that every
	      possible SysRq request is allowed	 (in  older  kernel  versions,
	      SysRq was disabled by default, and you were required to specifi‐
	      cally enable it at run-time, but this is not the case any more).
	      Possible values in this file are:

	      0	   Disable sysrq completely

	      1	   Enable all functions of sysrq

	      > 1  Bit mask of allowed sysrq functions, as follows:
		     2	Enable control of console logging level
		     4	Enable control of keyboard (SAK, unraw)
		     8	Enable debugging dumps of processes etc.
		    16	Enable sync command
		    32	Enable remount read-only
		    64	Enable signaling of processes (term, kill, oom-kill)
		   128	Allow reboot/poweroff
		   256	Allow nicing of all real-time tasks

	      This  file is present only if the CONFIG_MAGIC_SYSRQ kernel con‐
	      figuration option is enabled.  For further details see the Linux
	      kernel source file Documentation/admin-guide/sysrq.rst (or Docu‐
	      mentation/sysrq.txt before Linux 4.10).

       /proc/sys/kernel/version
	      This file contains a string such as:

		  #5 Wed Feb 25 21:49:24 MET 1998

	      The "#5" means that this is the fifth  kernel  built  from  this
	      source  base  and	 the  date following it indicates the time the
	      kernel was built.

       /proc/sys/kernel/threads-max (since Linux 2.3.11)
	      This file specifies the  system-wide  limit  on  the  number  of
	      threads (tasks) that can be created on the system.

	      Since Linux 4.1, the value that can be written to threads-max is
	      bounded.	The minimum value that can be written is 20.  The max‐
	      imum  value  that	 can  be  written  is  given  by  the constant
	      FUTEX_TID_MASK (0x3fffffff).  If a value outside of  this	 range
	      is written to threads-max, the error EINVAL occurs.

	      The  value  written  is checked against the available RAM pages.
	      If the thread structures would occupy too much (more than 1/8th)
	      of the available RAM pages, threads-max is reduced accordingly.

       /proc/sys/kernel/yama/ptrace_scope (since Linux 3.5)
	      See ptrace(2).

       /proc/sys/kernel/zero-paged (PowerPC only)
	      This  file  contains  a flag.  When enabled (nonzero), Linux-PPC
	      will pre-zero pages in  the  idle	 loop,	possibly  speeding  up
	      get_free_pages.

       /proc/sys/net
	      This directory contains networking stuff.	 Explanations for some
	      of the files under this directory can be	found  in  tcp(7)  and
	      ip(7).

       /proc/sys/net/core/bpf_jit_enable
	      See bpf(2).

       /proc/sys/net/core/somaxconn
	      This  file  defines  a ceiling value for the backlog argument of
	      listen(2); see the listen(2) manual page for details.

       /proc/sys/proc
	      This directory may be empty.

       /proc/sys/sunrpc
	      This directory supports Sun remote procedure  call  for  network
	      filesystem (NFS).	 On some systems, it is not present.

       /proc/sys/user (since Linux 4.9)
	      See namespaces(7).

       /proc/sys/vm
	      This directory contains files for memory management tuning, buf‐
	      fer and cache management.

       /proc/sys/vm/admin_reserve_kbytes (since Linux 3.10)
	      This file defines the amount of free memory (in KiB) on the sys‐
	      tem  that	 should	 be  reserved  for  users  with the capability
	      CAP_SYS_ADMIN.

	      The default value in this file is the minimum  of	 [3%  of  free
	      pages,  8MiB] expressed as KiB.  The default is intended to pro‐
	      vide enough for the superuser to log in and kill a  process,  if
	      necessary, under the default overcommit 'guess' mode (i.e., 0 in
	      /proc/sys/vm/overcommit_memory).

	      Systems  running	in  "overcommit	 never"	 mode  (i.e.,	2   in
	      /proc/sys/vm/overcommit_memory)  should  increase	 the  value in
	      this file to account for the full virtual	 memory	 size  of  the
	      programs	used  to  recover  (e.g., login(1) ssh(1), and top(1))
	      Otherwise, the superuser may not be able to log  in  to  recover
	      the  system.   For example, on x86-64 a suitable value is 131072
	      (128MiB reserved).

	      Changing the value in this file takes effect whenever an	appli‐
	      cation requests memory.

       /proc/sys/vm/compact_memory (since Linux 2.6.35)
	      When  1  is  written  to this file, all zones are compacted such
	      that free memory is available in contiguous blocks where	possi‐
	      ble.   The  effect  of  this  action  can	 be  seen by examining
	      /proc/buddyinfo.

	      Present only if  the  kernel  was	 configured  with  CONFIG_COM‐
	      PACTION.

       /proc/sys/vm/drop_caches (since Linux 2.6.16)
	      Writing  to  this	 file  causes the kernel to drop clean caches,
	      dentries, and inodes from memory, causing that memory to	become
	      free.  This can be useful for memory management testing and per‐
	      forming reproducible filesystem benchmarks.  Because writing  to
	      this  file  causes  the  benefits	 of caching to be lost, it can
	      degrade overall system performance.

	      To free pagecache, use:

		  echo 1 > /proc/sys/vm/drop_caches

	      To free dentries and inodes, use:

		  echo 2 > /proc/sys/vm/drop_caches

	      To free pagecache, dentries and inodes, use:

		  echo 3 > /proc/sys/vm/drop_caches

	      Because writing to this file is a nondestructive	operation  and
	      dirty  objects  are  not	freeable,  the user should run sync(1)
	      first.

       /proc/sys/vm/legacy_va_layout (since Linux 2.6.9)
	      If nonzero, this disables the new 32-bit memory-mapping  layout;
	      the kernel will use the legacy (2.4) layout for all processes.

       /proc/sys/vm/memory_failure_early_kill (since Linux 2.6.32)
	      Control  how  to kill processes when an uncorrected memory error
	      (typically a 2-bit error in a memory module) that cannot be han‐
	      dled  by	the  kernel is detected in the background by hardware.
	      In some cases (like the page still having a valid copy on disk),
	      the kernel will handle the failure transparently without affect‐
	      ing any applications.  But if there is no other up-to-date  copy
	      of  the data, it will kill processes to prevent any data corrup‐
	      tions from propagating.

	      The file has one of the following values:

	      1:  Kill all processes that have	the  corrupted-and-not-reload‐
		  able	page  mapped  as  soon	as the corruption is detected.
		  Note that this is not supported for a few  types  of	pages,
		  such	as kernel internally allocated data or the swap cache,
		  but works for the majority of user pages.

	      0:  Unmap the corrupted page  from  all  processes  and  kill  a
		  process only if it tries to access the page.

	      The  kill is performed using a SIGBUS signal with si_code set to
	      BUS_MCEERR_AO.  Processes can handle this if they want  to;  see
	      sigaction(2) for more details.

	      This  feature  is	 active	 only  on architectures/platforms with
	      advanced machine check handling  and  depends  on	 the  hardware
	      capabilities.

	      Applications  can override the memory_failure_early_kill setting
	      individually with the prctl(2) PR_MCE_KILL operation.

	      Present only if  the  kernel  was	 configured  with  CONFIG_MEM‐
	      ORY_FAILURE.

       /proc/sys/vm/memory_failure_recovery (since Linux 2.6.32)
	      Enable memory failure recovery (when supported by the platform)

	      1:  Attempt recovery.

	      0:  Always panic on a memory failure.

	      Present  only  if	 the  kernel  was  configured with CONFIG_MEM‐
	      ORY_FAILURE.

       /proc/sys/vm/oom_dump_tasks (since Linux 2.6.25)
	      Enables a system-wide task dump (excluding kernel threads) to be
	      produced	when  the  kernel  performs  an OOM-killing.  The dump
	      includes	the  following	information  for  each	task  (thread,
	      process): thread ID, real user ID, thread group ID (process ID),
	      virtual memory size, resident set size, the CPU that the task is
	      scheduled	  on,	oom_adj	  score	  (see	 the   description  of
	      /proc/[pid]/oom_adj), and command	 name.	 This  is  helpful  to
	      determine	 why  the  OOM-killer  was invoked and to identify the
	      rogue task that caused it.

	      If this contains the value zero, this information is suppressed.
	      On  very	large  systems	with thousands of tasks, it may not be
	      feasible to dump the memory  state  information  for  each  one.
	      Such systems should not be forced to incur a performance penalty
	      in OOM situations when the information may not be desired.

	      If this is set to nonzero, this information  is  shown  whenever
	      the OOM-killer actually kills a memory-hogging task.

	      The default value is 0.

       /proc/sys/vm/oom_kill_allocating_task (since Linux 2.6.24)
	      This enables or disables killing the OOM-triggering task in out-
	      of-memory situations.

	      If this is set to zero, the OOM-killer  will  scan  through  the
	      entire  tasklist	and select a task based on heuristics to kill.
	      This normally selects a rogue memory-hogging task that frees  up
	      a large amount of memory when killed.

	      If  this is set to nonzero, the OOM-killer simply kills the task
	      that triggered the out-of-memory condition.  This avoids a  pos‐
	      sibly expensive tasklist scan.

	      If  /proc/sys/vm/panic_on_oom  is	 nonzero,  it takes precedence
	      over whatever value is  used  in	/proc/sys/vm/oom_kill_allocat‐
	      ing_task.

	      The default value is 0.

       /proc/sys/vm/overcommit_kbytes (since Linux 3.14)
	      This writable file provides an alternative to /proc/sys/vm/over‐
	      commit_ratio    for    controlling    the	   CommitLimit	  when
	      /proc/sys/vm/overcommit_memory  has  the value 2.	 It allows the
	      amount of memory overcommitting to be specified as  an  absolute
	      value  (in  kB),	rather	than  as a percentage, as is done with
	      overcommit_ratio.	 This allows for finer-grained control of Com‐
	      mitLimit on systems with extremely large memory sizes.

	      Only  one	 of  overcommit_kbytes or overcommit_ratio can have an
	      effect: if overcommit_kbytes has a nonzero  value,  then	it  is
	      used  to	calculate  CommitLimit,	 otherwise overcommit_ratio is
	      used.  Writing a value to either of these files causes the value
	      in the other file to be set to zero.

       /proc/sys/vm/overcommit_memory
	      This  file  contains  the kernel virtual memory accounting mode.
	      Values are:

		     0: heuristic overcommit (this is the default)
		     1: always overcommit, never check
		     2: always check, never overcommit

	      In mode 0, calls of mmap(2) with MAP_NORESERVE are not  checked,
	      and  the default check is very weak, leading to the risk of get‐
	      ting a process "OOM-killed".

	      In mode 1, the kernel pretends there is  always  enough  memory,
	      until  memory  actually runs out.	 One use case for this mode is
	      scientific  computing  applications  that	 employ	 large	sparse
	      arrays.	In  Linux  kernel  versions  before 2.6.0, any nonzero
	      value implies mode 1.

	      In mode 2 (available since Linux 2.6), the total virtual address
	      space  that  can	be allocated (CommitLimit in /proc/meminfo) is
	      calculated as

		  CommitLimit = (total_RAM - total_huge_TLB) *
				overcommit_ratio / 100 + total_swap

	      where:

		   *  total_RAM is the total amount of RAM on the system;

		   *  total_huge_TLB is the amount of  memory  set  aside  for
		      huge pages;

		   *  overcommit_ratio	is  the value in /proc/sys/vm/overcom‐
		      mit_ratio; and

		   *  total_swap is the amount of swap space.

	      For example, on a system with 16GB  of  physical	RAM,  16GB  of
	      swap,  no space dedicated to huge pages, and an overcommit_ratio
	      of 50, this formula yields a CommitLimit of 24GB.

	      Since Linux 3.14, if the value in /proc/sys/vm/overcommit_kbytes
	      is nonzero, then CommitLimit is instead calculated as:

		  CommitLimit = overcommit_kbytes + total_swap

	      See  also	 the description of /proc/sys/vm/admiin_reserve_kbytes
	      and /proc/sys/vm/user_reserve_kbytes.

       /proc/sys/vm/overcommit_ratio (since Linux 2.6.0)
	      This writable file defines a percentage by which memory  can  be
	      overcommitted.   The  default  value in the file is 50.  See the
	      description of /proc/sys/vm/overcommit_memory.

       /proc/sys/vm/panic_on_oom (since Linux 2.6.18)
	      This enables or disables a kernel panic in an out-of-memory sit‐
	      uation.

	      If this file is set to the value 0, the kernel's OOM-killer will
	      kill some rogue process.	Usually, the  OOM-killer  is  able  to
	      kill a rogue process and the system will survive.

	      If  this	file  is  set to the value 1, then the kernel normally
	      panics when out-of-memory happens.  However, if a process limits
	      allocations  to  certain	nodes  using memory policies (mbind(2)
	      MPOL_BIND) or cpusets (cpuset(7)) and those nodes	 reach	memory
	      exhaustion  status, one process may be killed by the OOM-killer.
	      No panic occurs in this case: because other nodes' memory may be
	      free,  this  means the system as a whole may not have reached an
	      out-of-memory situation yet.

	      If this file is set to the value 2,  the	kernel	always	panics
	      when an out-of-memory condition occurs.

	      The default value is 0.  1 and 2 are for failover of clustering.
	      Select either according to your policy of failover.

       /proc/sys/vm/swappiness
	      The value in this file controls how aggressively the kernel will
	      swap memory pages.  Higher values increase aggressiveness, lower
	      values decrease aggressiveness.  The default value is 60.

       /proc/sys/vm/user_reserve_kbytes (since Linux 3.10)
	      Specifies an amount of memory (in KiB) to reserve for user  pro‐
	      cesses,  This is intended to prevent a user from starting a sin‐
	      gle memory hogging process, such that they cannot recover	 (kill
	      the  hog).   The	value  in  this	 file  has an effect only when
	      /proc/sys/vm/overcommit_memory is set to 2  ("overcommit	never"
	      mode).   In  this	 case, the system reserves an amount of memory
	      that  is	the  minimum  of  [3%	of   current   process	 size,
	      user_reserve_kbytes].

	      The  default  value  in  this file is the minimum of [3% of free
	      pages, 128MiB] expressed as KiB.

	      If the value in this file is set to zero, then a	user  will  be
	      allowed to allocate all free memory with a single process (minus
	      the amount reserved by /proc/sys/vm/admin_reserve_kbytes).   Any
	      subsequent  attempts  to execute a command will result in "fork:
	      Cannot allocate memory".

	      Changing the value in this file takes effect whenever an	appli‐
	      cation requests memory.

       /proc/sysrq-trigger (since Linux 2.4.21)
	      Writing  a  character to this file triggers the same SysRq func‐
	      tion as typing ALT-SysRq-<character>  (see  the  description  of
	      /proc/sys/kernel/sysrq).	This file is normally writable only by
	      root.  For further details see the Linux kernel source file Doc‐
	      umentation/admin-guide/sysrq.rst	 (or   Documentation/sysrq.txt
	      before Linux 4.10).

       /proc/sysvipc
	      Subdirectory containing  the  pseudo-files  msg,	sem  and  shm.
	      These  files  list the System V Interprocess Communication (IPC)
	      objects (respectively: message queues,  semaphores,  and	shared
	      memory)  that  currently	exist on the system, providing similar
	      information to that available via	 ipcs(1).   These  files  have
	      headers  and  are	 formatted  (one IPC object per line) for easy
	      understanding.  svipc(7)	provides  further  background  on  the
	      information shown by these files.

       /proc/thread-self (since Linux 3.17)
	      This directory refers to the thread accessing the /proc filesys‐
	      tem, and is identical  to	 the  /proc/self/task/[tid]  directory
	      named by the process thread ID ([tid]) of the same thread.

       /proc/timer_list (since Linux 2.6.21)
	      This  read-only  file  exposes  a	 list of all currently pending
	      (high-resolution) timers, all  clock-event  sources,  and	 their
	      parameters in a human-readable form.

       /proc/timer_stats (from	Linux 2.6.21 until Linux 4.10)
	      This  is	a  debugging facility to make timer (ab)use in a Linux
	      system visible to kernel and user-space developers.  It  can  be
	      used  by	kernel	and user-space developers to verify that their
	      code does not make undue use of timers.  The goal	 is  to	 avoid
	      unnecessary wakeups, thereby optimizing power consumption.

	      If  enabled in the kernel (CONFIG_TIMER_STATS), but not used, it
	      has almost zero runtime overhead and a  relatively  small	 data-
	      structure	 overhead.   Even if collection is enabled at runtime,
	      overhead is low: all  the	 locking  is  per-CPU  and  lookup  is
	      hashed.

	      The  /proc/timer_stats  file  is	used  both to control sampling
	      facility and to read out the sampled information.

	      The timer_stats functionality is inactive on bootup.  A sampling
	      period can be started using the following command:

		  # echo 1 > /proc/timer_stats

	      The following command stops a sampling period:

		  # echo 0 > /proc/timer_stats

	      The statistics can be retrieved by:

		  $ cat /proc/timer_stats

	      While  sampling  is enabled, each readout from /proc/timer_stats
	      will see newly updated statistics.  Once sampling	 is  disabled,
	      the  sampled  information	 is  kept until a new sample period is
	      started.	This allows multiple readouts.

	      Sample output from /proc/timer_stats:

    $ cat /proc/timer_stats
    Timer Stats Version: v0.3
    Sample period: 1.764 s
    Collection: active
      255,     0 swapper/3	  hrtimer_start_range_ns (tick_sched_timer)
       71,     0 swapper/1	  hrtimer_start_range_ns (tick_sched_timer)
       58,     0 swapper/0	  hrtimer_start_range_ns (tick_sched_timer)
	4,  1694 gnome-shell	  mod_delayed_work_on (delayed_work_timer_fn)
       17,     7 rcu_sched	  rcu_gp_kthread (process_timeout)
    ...
	1,  4911 kworker/u16:0	  mod_delayed_work_on (delayed_work_timer_fn)
       1D,  2522 kworker/0:0	  queue_delayed_work_on (delayed_work_timer_fn)
    1029 total events, 583.333 events/sec

	      The output columns are:

	      *	 a count of the number	of  events,  optionally	 (since	 Linux
		 2.6.23)  followed  by	the letter 'D' if this is a deferrable
		 timer;

	      *	 the PID of the process that initialized the timer;

	      *	 the name of the process that initialized the timer;

	      *	 the function where the timer was initialized; and

	      *	 (in parentheses) the callback	function  that	is  associated
		 with the timer.

	      During  the Linux 4.11 development cycle, this file  was removed
	      because of security concerns, as it exposes  information	across
	      namespaces.   Furthermore,  it  is  possible  to obtain the same
	      information via in-kernel tracing facilities such as ftrace.

       /proc/tty
	      Subdirectory containing the pseudo-files and subdirectories  for
	      tty drivers and line disciplines.

       /proc/uptime
	      This  file  contains two numbers: the uptime of the system (sec‐
	      onds), and the amount of time spent in idle process (seconds).

       /proc/version
	      This string identifies the kernel version that is currently run‐
	      ning.   It  includes  the	 contents  of /proc/sys/kernel/ostype,
	      /proc/sys/kernel/osrelease  and  /proc/sys/kernel/version.   For
	      example:

	Linux version 1.0.9 (quinlan@phaze) #1 Sat May 14 01:51:54 EDT 1994

       /proc/vmstat (since Linux 2.6.0)
	      This file displays various virtual memory statistics.  Each line
	      of this file contains a single  name-value  pair,	 delimited  by
	      white space.  Some lines are present only if the kernel was con‐
	      figured with suitable options.   (In  some  cases,  the  options
	      required	for  particular	 files have changed across kernel ver‐
	      sions, so they are not listed here.  Details  can	 be  found  by
	      consulting the kernel source code.)  The following fields may be
	      present:

	      nr_free_pages (since Linux 2.6.31)

	      nr_alloc_batch (since Linux 3.12)

	      nr_inactive_anon (since Linux 2.6.28)

	      nr_active_anon (since Linux 2.6.28)

	      nr_inactive_file (since Linux 2.6.28)

	      nr_active_file (since Linux 2.6.28)

	      nr_unevictable (since Linux 2.6.28)

	      nr_mlock (since Linux 2.6.28)

	      nr_anon_pages (since Linux 2.6.18)

	      nr_mapped (since Linux 2.6.0)

	      nr_file_pages (since Linux 2.6.18)

	      nr_dirty (since Linux 2.6.0)

	      nr_writeback (since Linux 2.6.0)

	      nr_slab_reclaimable (since Linux 2.6.19)

	      nr_slab_unreclaimable (since Linux 2.6.19)

	      nr_page_table_pages (since Linux 2.6.0)

	      nr_kernel_stack (since Linux 2.6.32)
		     Amount of memory allocated to kernel stacks.

	      nr_unstable (since Linux 2.6.0)

	      nr_bounce (since Linux 2.6.12)

	      nr_vmscan_write (since Linux 2.6.19)

	      nr_vmscan_immediate_reclaim (since Linux 3.2)

	      nr_writeback_temp (since Linux 2.6.26)

	      nr_isolated_anon (since Linux 2.6.32)

	      nr_isolated_file (since Linux 2.6.32)

	      nr_shmem (since Linux 2.6.32)
		     Pages used by shmem and tmpfs(5).

	      nr_dirtied (since Linux 2.6.37)

	      nr_written (since Linux 2.6.37)

	      nr_pages_scanned (since Linux 3.17)

	      numa_hit (since Linux 2.6.18)

	      numa_miss (since Linux 2.6.18)

	      numa_foreign (since Linux 2.6.18)

	      numa_interleave (since Linux 2.6.18)

	      numa_local (since Linux 2.6.18)

	      numa_other (since Linux 2.6.18)

	      workingset_refault (since Linux 3.15)

	      workingset_activate (since Linux 3.15)

	      workingset_nodereclaim (since Linux 3.15)

	      nr_anon_transparent_hugepages (since Linux 2.6.38)

	      nr_free_cma (since Linux 3.7)
		     Number of free CMA (Contiguous Memory Allocator) pages.

	      nr_dirty_threshold (since Linux 2.6.37)

	      nr_dirty_background_threshold (since Linux 2.6.37)

	      pgpgin (since Linux 2.6.0)

	      pgpgout (since Linux 2.6.0)

	      pswpin (since Linux 2.6.0)

	      pswpout (since Linux 2.6.0)

	      pgalloc_dma (since Linux 2.6.5)

	      pgalloc_dma32 (since Linux 2.6.16)

	      pgalloc_normal (since Linux 2.6.5)

	      pgalloc_high (since Linux 2.6.5)

	      pgalloc_movable (since Linux 2.6.23)

	      pgfree (since Linux 2.6.0)

	      pgactivate (since Linux 2.6.0)

	      pgdeactivate (since Linux 2.6.0)

	      pgfault (since Linux 2.6.0)

	      pgmajfault (since Linux 2.6.0)

	      pgrefill_dma (since Linux 2.6.5)

	      pgrefill_dma32 (since Linux 2.6.16)

	      pgrefill_normal (since Linux 2.6.5)

	      pgrefill_high (since Linux 2.6.5)

	      pgrefill_movable (since Linux 2.6.23)

	      pgsteal_kswapd_dma (since Linux 3.4)

	      pgsteal_kswapd_dma32 (since Linux 3.4)

	      pgsteal_kswapd_normal (since Linux 3.4)

	      pgsteal_kswapd_high (since Linux 3.4)

	      pgsteal_kswapd_movable (since Linux 3.4)

	      pgsteal_direct_dma

	      pgsteal_direct_dma32 (since Linux 3.4)

	      pgsteal_direct_normal (since Linux 3.4)

	      pgsteal_direct_high (since Linux 3.4)

	      pgsteal_direct_movable (since Linux 2.6.23)

	      pgscan_kswapd_dma

	      pgscan_kswapd_dma32 (since Linux 2.6.16)

	      pgscan_kswapd_normal (since Linux 2.6.5)

	      pgscan_kswapd_high

	      pgscan_kswapd_movable (since Linux 2.6.23)

	      pgscan_direct_dma

	      pgscan_direct_dma32 (since Linux 2.6.16)

	      pgscan_direct_normal

	      pgscan_direct_high

	      pgscan_direct_movable (since Linux 2.6.23)

	      pgscan_direct_throttle (since Linux 3.6)

	      zone_reclaim_failed (since linux 2.6.31)

	      pginodesteal (since linux 2.6.0)

	      slabs_scanned (since linux 2.6.5)

	      kswapd_inodesteal (since linux 2.6.0)

	      kswapd_low_wmark_hit_quickly (since 2.6.33)

	      kswapd_high_wmark_hit_quickly (since 2.6.33)

	      pageoutrun (since Linux 2.6.0)

	      allocstall (since Linux 2.6.0)

	      pgrotated (since Linux 2.6.0)

	      drop_pagecache (since Linux 3.15)

	      drop_slab (since Linux 3.15)

	      numa_pte_updates (since Linux 3.8)

	      numa_huge_pte_updates (since Linux 3.13)

	      numa_hint_faults (since Linux 3.8)

	      numa_hint_faults_local (since Linux 3.8)

	      numa_pages_migrated (since Linux 3.8)

	      pgmigrate_success (since Linux 3.8)

	      pgmigrate_fail (since Linux 3.8)

	      compact_migrate_scanned (since Linux 3.8)

	      compact_free_scanned (since Linux 3.8)

	      compact_isolated (since Linux 3.8)

	      compact_stall (since Linux 2.6.35)
		     See  the  kernel	source	 file	Documentation/vm/tran‐
		     shuge.txt.

	      compact_fail (since Linux 2.6.35)
		     See   the	 kernel	  source  file	Documentation/vm/tran‐
		     shuge.txt.

	      compact_success (since Linux 2.6.35)
		     See  the  kernel	source	 file	Documentation/vm/tran‐
		     shuge.txt.

	      htlb_buddy_alloc_success (since Linux 2.6.26)

	      htlb_buddy_alloc_fail (since Linux 2.6.26)

	      unevictable_pgs_culled (since Linux 2.6.28)

	      unevictable_pgs_scanned (since Linux 2.6.28)

	      unevictable_pgs_rescued (since Linux 2.6.28)

	      unevictable_pgs_mlocked (since Linux 2.6.28)

	      unevictable_pgs_munlocked (since Linux 2.6.28)

	      unevictable_pgs_cleared (since Linux 2.6.28)

	      unevictable_pgs_stranded (since Linux 2.6.28)

	      thp_fault_alloc (since Linux 2.6.39)
		     See   the	 kernel	  source  file	Documentation/vm/tran‐
		     shuge.txt.

	      thp_fault_fallback (since Linux 2.6.39)
		     See  the  kernel	source	 file	Documentation/vm/tran‐
		     shuge.txt.

	      thp_collapse_alloc (since Linux 2.6.39)
		     See   the	 kernel	  source  file	Documentation/vm/tran‐
		     shuge.txt.

	      thp_collapse_alloc_failed (since Linux 2.6.39)
		     See  the  kernel	source	 file	Documentation/vm/tran‐
		     shuge.txt.

	      thp_split (since Linux 2.6.39)
		     See   the	 kernel	  source  file	Documentation/vm/tran‐
		     shuge.txt.

	      thp_zero_page_alloc (since Linux 3.8)
		     See  the  kernel	source	 file	Documentation/vm/tran‐
		     shuge.txt.

	      thp_zero_page_alloc_failed (since Linux 3.8)
		     See   the	 kernel	  source  file	Documentation/vm/tran‐
		     shuge.txt.

	      balloon_inflate (since Linux 3.18)

	      balloon_deflate (since Linux 3.18)

	      balloon_migrate (since Linux 3.18)

	      nr_tlb_remote_flush (since Linux 3.12)

	      nr_tlb_remote_flush_received (since Linux 3.12)

	      nr_tlb_local_flush_all (since Linux 3.12)

	      nr_tlb_local_flush_one (since Linux 3.12)

	      vmacache_find_calls (since Linux 3.16)

	      vmacache_find_hits (since Linux 3.16)

	      vmacache_full_flushes (since Linux 3.19)

       /proc/zoneinfo (since Linux 2.6.13)
	      This file display information about memory zones.	 This is  use‐
	      ful for analyzing virtual memory behavior.

NOTES
       Many strings (i.e., the environment and command line) are in the inter‐
       nal format, with subfields terminated by null bytes ('\0'), so you  may
       find  that  things are more readable if you use od -c or tr "\000" "\n"
       to read them.  Alternatively, echo `cat <file>` works well.

       This manual page is incomplete, possibly inaccurate, and is the kind of
       thing that needs to be updated very often.

SEE ALSO
       cat(1),	dmesg(1),  find(1), free(1), init(1), ps(1), tr(1), uptime(1),
       chroot(2),  mmap(2),  readlink(2),  syslog(2),  slabinfo(5),  sysfs(5),
       hier(7),	  namespaces(7),   time(7),  arp(8),  hdparm(8),  ifconfig(8),
       lsmod(8),  lspci(8),  mount(8),	netstat(8),   procinfo(8),   route(8),
       sysctl(8)

       The Linux kernel source files: Documentation/filesystems/proc.txt Docu‐
       mentation/sysctl/fs.txt,	 Documentation/sysctl/kernel.txt,   Documenta‐
       tion/sysctl/net.txt, and Documentation/sysctl/vm.txt.

COLOPHON
       This  page  is  part of release 4.14 of the Linux man-pages project.  A
       description of the project, information about reporting bugs,  and  the
       latest	  version     of     this    page,    can    be	   found    at
       https://www.kernel.org/doc/man-pages/.

Linux				  2017-09-15			       PROC(5)
[top]

List of man pages available for Kali

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net