转载自:http://www.linuxforums.org/misc/underst ... /proc.html
Contributed by Andy Kissner in Misc
03-09-06
Throughout my experience, many users on Linux Help Forums or IRC have had questions that require information from /proc to diagnose. And every single time, I've had to walk them through the process of using and understanding /proc so that I could help them with their problem. For that reason, I think that a brief tutorial on the basics of /proc is in order.
When it comes down to it, /proc is a filesystem. Although it does not represent any physical device, you can still mount it and unmount it as you please. It contains a multitude of valuable information regarding the processes you are running, as well as the hardware you have hooked up to your computer (although in recent years, /sys has been devised by the Kernel folks to represent the hardware hierarchy and export device information ). You can see which modules you have loaded, how long your system has been up, and the memory usage of processes on your system. In fact, every single process running has an entry, or directory, inside /proc. As you can see, /proc can be a very powerful asset. But before you can use it, you need to mount it.
Note: Many of the examples in this guide require root access to work correctly. If you don't have root access on your Linux box, get it. We'll wait.
Next: Mounting /proc
Mounting /proc
As mentioned earlier, /proc is a filesystem. And, like all filesystems, you need to mount it. In theory, you could mount it anywhere, but the standard is to mount it in /proc.
Most systems have /proc mounted by default in /etc/fstab, but just in case, make sure that it's mounted by doing:
$ mount
Note: Throughout this guide, $ indicates a command to be run from a normal user's shell, and # indicates something that must be run from a root shell.
If the output contains a line such as:
proc on /proc type proc (rw)
then you are fine. If not, follow the instructions below.
First, make sure that you have a directory called /proc:
# if ! test -f /proc
then
mkdir /proc
fi
Then, add a line to the file /etc/fstab such as this:
proc /proc proc defaults 0 0
Now, mount it:
# mount proc
You're now ready to play around with /proc.
Next: Viewing Process Information
Each time a new process is created, an entry in /proc is created. The name of the directory entry corresponds to the process identification number (PID) of the created process, so, for example, a process with a PID of 8695 will have a corresponding directory entry of /proc/8695/.
nside /proc/8695/ (replace 8695 with a real PID on your system), you'll see something like:
auxv exe mem root statm
cmdline fd/ mounts seccomp status
cwd loginuid oom_adj smaps task/
environ maps oom_score stat wchan
Note: The entries ending in “/” are directories.
As you can see, a lot of data about each process is stored. Let's go through the basics:
cmdline - This contains information about the actual command line invoked to start this process. This is a down and dirty way to find out what this process is actually doing.
The best way to access this info is by using a tool such as 'strings' which will display any printable information from a binary file:
$ strings cmdline
/opt/OpenOffice.org/program/soffice.bin
private:factory/swriter
cwd - This is a symlink to the working directory from which the process was started. For example, I started OpenOffice.org (PID 8695) in my home directory, so cwd points to /home/akissner.
environ - This file contains the environment of the process, sorted in to key=value pairs. There is no particular order, so for a human readable output, you would want to do something like:
$ strings environ | sort | less
This will sort the output alphabetically, sorted by the key.
exe - 'exe' is another symlink, this time to the actual binary itself. So if you wanted to run another copy of the process, you could do:
$ /proc/8695/exe
fd/ - This is a tricky one. It is a subdirectory of symbolic links to open file descriptors in use by the program. /proc/XXXX/fd/ will always contain, at the very least, the links 0, 1, 2. These correspond to STDIN, STDOUT, and STDERR, respectively.
Using this, you can see what files a program is manipulating. This is one way that you can find out where a browser keeps its cache, or a text editor keeps its temporary files.
loginuid - A little background is required before I can explain this one. This isn't completely technically correct, but it's good enough for a Cliff Notes summary.
Each process is represented in the kernel as a structure of type "task". This task structure keeps track of a lot of information about a process, including the PID, the UID of the user who started it, its children, and countless other things. One such attribute is the field "loginuid". The loginuid shows which account a user gained access to the system with. The /proc/XXXX/loginuid shows this value.
maps - 'maps' is one of the most complicated things inside of the /proc filesystem. Suffice it to say that one must have a basic grounding in the inner workings of the kernel and memory management to fully appreciate the information inside of /proc/XXXX/maps.
08048000-080a1000 r-xp 00000000 08:06 35310321 /opt/OpenOffice.org/program/soffice.bin
080a1000-080a6000 rw-p 00058000 08:06 35310321 /opt/OpenOffice.org/program/soffice.bin
080a6000-084b6000 rw-p 080a6000 00:00 0 [heap]
b0e2d000-b0e3d000 rwxp b0e2d000 00:00 0
b0e4d000-b0e81000 r--p 00000000 08:06 86555296 /opt/OpenOffice.org/help/en/picture.db
b0e81000-b0ec4000 rw-p b0e81000 00:00 0
b0ec4000-b0f34000 rwxp b0ec4000 00:00 0
b0f42000-b0f62000 rwxp b0f42000 00:00 0
b0f62000-b0f7d000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0f7d000-b0f98000 r--s 00000000 00:07 21004324 /SYSV00000000 (deleted)
b0f98000-b0fb3000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fb3000-b0fce000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fce000-b0fe9000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fe9000-b1004000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1004000-b101f000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b101f000-b103a000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b103a000-b1055000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1055000-b1070000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1070000-b108b000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b108b000-b10a6000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
Shown above is a sample listing for my OpenOffice.org process (PID 8695). As you can see, OpenOffice.org uses a lot of memory!
The first column lists, in hexadecimal, the address range for the mapped memory. The next column lists the permissions on that section of memory. This can either be r, w, x, p, or s, which is read, write, execute, private, and shared, respectively. The third column is the offset, and the fourth column lists the device where the memory is mapped from. The device column is split into major:minor, where major is the corresponding major device number (this has to do with which driver is assigned to which device) and minor number (which has to do with the number of devices a driver is representing). Using information from /proc/devices, you can decipher the device being used. The next column is the inode number of the file from which the memory is being mapped. Last is the pathname of the file.
mem - This cannot be used directly from the command line for anything. You can call the open() and read() system calls on it to read the pages of a process's memory, but most people will go their whole life without ever needing to to this.
mounts - In most cases, this is the same thing as /proc/mounts, which displays mounted filesystem information.
oom_* - These files control the system's behavior if it meets an Out of Memory (OOM) condition. Generally, you won't need to mess with this. The oom_adj file can be used to make a process unkillable during OOM.
root - This is a symlink to the process's root directory. Normally, this will be '/'. But if, for example, a process were started inside a 'chroot jail', then /proc/XXXX/root might point to "/foo/jail".
seccomp - Changing the value in this file from '0' to '1' will send the process in to "seccomp" mode. Seccomp is a sandbox mechanism for the kernel, which restricts a certain process from executing most system calls. This is a security feature, which you will probably never use.
smaps - This file provides detailed memory consumption information for a process.
stat - Like the name suggestions, /proc/XXXX/stat contains information about a process's status. In fact, modern versions of ps (namely those coming from the 'procps' package) use /proc/XXXX/stat for their information. The output is not formatted, and looks like this:
8695 (soffice.bin) S 8666 3234 3180 1025 3224
8396864 68 0 8 0 27 31 0 0 16 0 1 0 51495018 134680576 8844
4294967295 134512640 134875180 3216856352 4154390430 582 0
0 4096 2076206327 0 0 0 33 1 0 0
The best place for information on these fields is the proc(5) manpage.
statm - This file gives memory status information. This file gives information in page-sized blocks. The columns are size (total), rss (resident set size), shared pages, text (the executable code), library code, data/stack size, and dirty pages. The last column is no longer used in the 2.6 kernel series.
status - This file contains the information given in stat and statm, but in a much more human-friendly form. Each row is labeled, and the names are for the most part self-explanatory.
task - task is a directory, containing a directory (with the same name as the PID) that contains all the information inside /proc/XXXX (except for task/). It's a bit of a pointless directory, in my opinion.
wchan - The WCHAN data for a process is the kernel function where the process is currently blocking.
That covers things for this first installment in a multi-part series on understanding the /proc filesystem. Part 2 will cover using /proc to find information about the devices attached to your system.
Understanding /proc
-
jazzi
- 帖子: 532
- 注册时间: 2005-10-16 23:26
- 来自: 泉州
- 联系:
Understanding /proc
You make it fun
It will make you fun
It will make you fun
-
leeangle
- 帖子: 90
- 注册时间: 2006-02-16 19:56
- 来自: THU
Re: Understanding /proc
i'll have a try
-
leeangle
- 帖子: 90
- 注册时间: 2006-02-16 19:56
- 来自: THU
我翻译一点补充一点吧~
这篇貌似比较长,可能得过1-2天才能完成了
Contributed by Andy Kissner in Misc
03-09-06
Throughout my experience, many users on Linux Help Forums or IRC have had questions that require information from /proc to diagnose. And every single time, I've had to walk them through the process of using and understanding /proc so that I could help them with their problem. For that reason, I think that a brief tutorial on the basics of /proc is in order.
按照我的经验来看,许多在linux帮助论坛以及IRC上的用户都有遇到过一些问题,并且这些问题经常是需要一些/proc里头的信息才能进行诊断的。而且每一次遇到这种情况,我都得带领他们去理解并使用/proc,只有这样我才能帮助他们。正因为如此,我认为一个关于/proc的基本、简短的教程是有必要的。
When it comes down to it, /proc is a filesystem. Although it does not represent any physical device, you can still mount it anmultitude of valuable d unmount it as you please. It contains a multitude of valuable information regarding the processes you are running, as well as the hardware you have hooked up to your computer (although in recent years, /sys has been devised by the Kernel folks to represent the hardware hierarchy and export device information ). You can see which modules you have loaded, how long your system has been up, and the memory usage of processes on your system. In fact, every single process running has an entry, or directory, inside /proc. As you can see, /proc can be a very powerful asset. But before you can use it, you need to mount it.
当我们仔细去看看它,就能发现,/proc是一个文件系统。虽然它并不在任何物理设备里存在,但你仍然可以按照你的意愿去挂载或者卸载它。它里头有许多重要的信息来表示你当前运行着的进程以及你的电脑钩住的硬件(虽然近些年里,/sys已经被设计为让Kernel来表示硬件之间的继承关系以及可以输出设备信息)。你可以看到你都加载了什么模块,你的系统已经开机多长时间以及进程的内存使用。实际上,每个单独的运行的进程都在/proc里有一个入口、目录。就像你所看到的,/proc将是一个非常有用的东西。但在你使用它之前,你必须先加载它。
Note: Many of the examples in this guide require root access to work correctly. If you don't have root access on your Linux box, get it. We'll wait.
注意:本教程的许多例子都是需要root权限的,如果你还没有你的linux的root权限,先去得到它,我们先等等。
Next: Mounting /proc
下一步:加载/proc
Mounting /proc
加载/proc
As mentioned earlier, /proc is a filesystem. And, like all filesystems, you need to mount it. In theory, you could mount it anywhere, but the standard is to mount it in /proc.
正如上面所提到的,/proc是一个文件系统,并且,就像其他的文件系统一样,你必须加载它.按照这个理论,你可以把它加载到任意地方,但标准的方法还是把它加载到/proc.
Most systems have /proc mounted by default in /etc/fstab, but just in case, make sure that it's mounted by doing:
绝大多数系统里,/proc已经在/etc/fstab里头被默认加载过了,但以防万一,你可以按照下面的代码来验证它是否被加载:
Note: Throughout this guide, $ indicates a command to be run from a normal user's shell, and # indicates something that must be run from a root shell.
注意:本教程的代码中,如果以$开头的命令表示普通用户的终端就可以运行,而#表示你必须以root帐号来运行。
If the output contains a line such as:
如果你的输出中看到了这么一行:
then you are fine. If not, follow the instructions below.
那么很好,不然的话做下列的指令
First, make sure that you have a directory called /proc:
但,首先你得保证你有个目录叫做/proc
Then, add a line to the file /etc/fstab such as this:
然后,在/etc/fstab里头增加一行:
Now, mount it:
现在,加载它:
You're now ready to play around with /proc.
你已经可以开始拿/proc来玩玩了。
Next: Viewing Process Information
下一步:查看进程信息
Each time a new process is created, an entry in /proc is created. The name of the directory entry corresponds to the process identification number (PID) of the created process, so, for example, a process with a PID of 8695 will have a corresponding directory entry of /proc/8695/.
当一个新的进程产生的时候,在/proc里头将会产生一个新的入口。这个入口目录的名称和这个刚产生的进程的PID(进程标识号)相关。所以说,例如,一个进程,如果其PID为8695,那么这个进程的相关的入口目录就是/proc/8695/。
inside /proc/8695/ (replace 8695 with a real PID on your system), you'll see something like:
在/proc/8695/里头(当然,这里的8695应当被题换成你的系统里真实存在的一个PID),你将看到类似于这样的东西:
Note: The entries ending in “/” are directories.
注意:以”/”结束的条目都是目录。
As you can see, a lot of data about each process is stored. Let's go through the basics:
正如你所看到的,每个进程都有大量的信息被保存下来,让我们看看这些基本的东西:
cmdline - This contains information about the actual command line invoked to start this process. This is a down and dirty way to find out what this process is actually doing.
cmdline(命令行)-这个包含了真正调用这个进程的命令行,这是一种底层的(down应该如何翻译好呢?)、肮脏的方法来查找一个进程到底在做什么。
The best way to access this info is by using a tool such as 'strings' which will display any printable information from a binary file:
最好的访问这些信息的方法是使用类似于”strings”这样的工具。这个工具将从一个二进制文件中显示任何可以打印的信息。
cwd - This is a symlink to the working directory from which the process was started. For example, I started OpenOffice.org (PID 8695) in my home directory, so cwd points to /home/akissner.
cwd-这是一个符号连接,连向这个进程启动时所在的工作目录。例如,我在我的home目录里头打开了OpenOffice.org(PID 8695),那么cwd将指向/home/akissner(这里作者的用户名为akissner——译者注)。
environ - This file contains the environment of the process, sorted in to key=value pairs. There is no particular order, so for a human readable output, you would want to do something like:
environ-这个文件包含了这个进程的环境信息,并按照”key=value”的形式分类排列好。但没有什么特定的顺序,所以为了按照一个人类正常的阅读顺序,我们经常这么输出:
This will sort the output alphabetically, sorted by the key.
这将把结果按照key部分的字母序排列,并输出。
exe - 'exe' is another symlink, this time to the actual binary itself. So if you wanted to run another copy of the process, you could do:
exe-'exe'是另外一个符号连接,这一次,连向的是那个二进制文件本身。所以如果你希望再运行这个进程的一个副本的话,你可以这么作:
fd/ - This is a tricky one. It is a subdirectory of symbolic links to open file descriptors in use by the program. /proc/XXXX/fd/ will always contain, at the very least, the links 0, 1, 2. These correspond to STDIN, STDOUT, and STDERR, respectively.
fd/ - 这是一个很狡猾的东西。他是一个子目录,里头的东西是当前程序所打开文件的描述符的符号连接(这句话……真是不好翻译,应该怎么翻译比较合适呢?)。/proc/XXXX/fd/目录里头至少含有这几个连接:0,1,2。这是因为一定会有STDIN,STDOUT,STDERR这三个。
Using this, you can see what files a program is manipulating. This is one way that you can find out where a browser keeps its cache, or a text editor keeps its temporary files.
用这个,你可以看到一个程序正在使用什么文件。这是你能发现一个浏览器是否在保存cache或者一个文件编辑器是否正在使用一个临时文件的方法之一。
loginuid - A little background is required before I can explain this one. This isn't completely technically correct, but it's good enough for a Cliff Notes summary.
loginudi – 在我解释这个之前,我们需要了解一点背景知识。这并不是在技术上完全正确的,但是对于一个Cliff Notes总结(这算什么东西亚?)已经足够好了。
Each process is represented in the kernel as a structure of type "task". This task structure keeps track of a lot of information about a process, including the PID, the UID of the user who started it, its children, and countless other things. One such attribute is the field "loginuid". The loginuid shows which account a user gained access to the system with. The /proc/XXXX/loginuid shows this value.
maps - 'maps' is one of the most complicated things inside of the /proc filesystem. Suffice it to say that one must have a basic grounding in the inner workings of the kernel and memory management to fully appreciate the information inside of /proc/XXXX/maps.
08048000-080a1000 r-xp 00000000 08:06 35310321 /opt/OpenOffice.org/program/soffice.bin
080a1000-080a6000 rw-p 00058000 08:06 35310321 /opt/OpenOffice.org/program/soffice.bin
080a6000-084b6000 rw-p 080a6000 00:00 0 [heap]
b0e2d000-b0e3d000 rwxp b0e2d000 00:00 0
b0e4d000-b0e81000 r--p 00000000 08:06 86555296 /opt/OpenOffice.org/help/en/picture.db
b0e81000-b0ec4000 rw-p b0e81000 00:00 0
b0ec4000-b0f34000 rwxp b0ec4000 00:00 0
b0f42000-b0f62000 rwxp b0f42000 00:00 0
b0f62000-b0f7d000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0f7d000-b0f98000 r--s 00000000 00:07 21004324 /SYSV00000000 (deleted)
b0f98000-b0fb3000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fb3000-b0fce000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fce000-b0fe9000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fe9000-b1004000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1004000-b101f000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b101f000-b103a000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b103a000-b1055000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1055000-b1070000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1070000-b108b000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b108b000-b10a6000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
Shown above is a sample listing for my OpenOffice.org process (PID 8695). As you can see, OpenOffice.org uses a lot of memory!
The first column lists, in hexadecimal, the address range for the mapped memory. The next column lists the permissions on that section of memory. This can either be r, w, x, p, or s, which is read, write, execute, private, and shared, respectively. The third column is the offset, and the fourth column lists the device where the memory is mapped from. The device column is split into major:minor, where major is the corresponding major device number (this has to do with which driver is assigned to which device) and minor number (which has to do with the number of devices a driver is representing). Using information from /proc/devices, you can decipher the device being used. The next column is the inode number of the file from which the memory is being mapped. Last is the pathname of the file.
mem - This cannot be used directly from the command line for anything. You can call the open() and read() system calls on it to read the pages of a process's memory, but most people will go their whole life without ever needing to to this.
mounts - In most cases, this is the same thing as /proc/mounts, which displays mounted filesystem information.
oom_* - These files control the system's behavior if it meets an Out of Memory (OOM) condition. Generally, you won't need to mess with this. The oom_adj file can be used to make a process unkillable during OOM.
root - This is a symlink to the process's root directory. Normally, this will be '/'. But if, for example, a process were started inside a 'chroot jail', then /proc/XXXX/root might point to "/foo/jail".
seccomp - Changing the value in this file from '0' to '1' will send the process in to "seccomp" mode. Seccomp is a sandbox mechanism for the kernel, which restricts a certain process from executing most system calls. This is a security feature, which you will probably never use.
smaps - This file provides detailed memory consumption information for a process.
stat - Like the name suggestions, /proc/XXXX/stat contains information about a process's status. In fact, modern versions of ps (namely those coming from the 'procps' package) use /proc/XXXX/stat for their information. The output is not formatted, and looks like this:
8695 (soffice.bin) S 8666 3234 3180 1025 3224
8396864 68 0 8 0 27 31 0 0 16 0 1 0 51495018 134680576 8844
4294967295 134512640 134875180 3216856352 4154390430 582 0
0 4096 2076206327 0 0 0 33 1 0 0
The best place for information on these fields is the proc(5) manpage.
statm - This file gives memory status information. This file gives information in page-sized blocks. The columns are size (total), rss (resident set size), shared pages, text (the executable code), library code, data/stack size, and dirty pages. The last column is no longer used in the 2.6 kernel series.
status - This file contains the information given in stat and statm, but in a much more human-friendly form. Each row is labeled, and the names are for the most part self-explanatory.
task - task is a directory, containing a directory (with the same name as the PID) that contains all the information inside /proc/XXXX (except for task/). It's a bit of a pointless directory, in my opinion.
wchan - The WCHAN data for a process is the kernel function where the process is currently blocking.
That covers things for this first installment in a multi-part series on understanding the /proc filesystem. Part 2 will cover using /proc to find information about the devices attached to your system.
这篇貌似比较长,可能得过1-2天才能完成了
Contributed by Andy Kissner in Misc
03-09-06
Throughout my experience, many users on Linux Help Forums or IRC have had questions that require information from /proc to diagnose. And every single time, I've had to walk them through the process of using and understanding /proc so that I could help them with their problem. For that reason, I think that a brief tutorial on the basics of /proc is in order.
按照我的经验来看,许多在linux帮助论坛以及IRC上的用户都有遇到过一些问题,并且这些问题经常是需要一些/proc里头的信息才能进行诊断的。而且每一次遇到这种情况,我都得带领他们去理解并使用/proc,只有这样我才能帮助他们。正因为如此,我认为一个关于/proc的基本、简短的教程是有必要的。
When it comes down to it, /proc is a filesystem. Although it does not represent any physical device, you can still mount it anmultitude of valuable d unmount it as you please. It contains a multitude of valuable information regarding the processes you are running, as well as the hardware you have hooked up to your computer (although in recent years, /sys has been devised by the Kernel folks to represent the hardware hierarchy and export device information ). You can see which modules you have loaded, how long your system has been up, and the memory usage of processes on your system. In fact, every single process running has an entry, or directory, inside /proc. As you can see, /proc can be a very powerful asset. But before you can use it, you need to mount it.
当我们仔细去看看它,就能发现,/proc是一个文件系统。虽然它并不在任何物理设备里存在,但你仍然可以按照你的意愿去挂载或者卸载它。它里头有许多重要的信息来表示你当前运行着的进程以及你的电脑钩住的硬件(虽然近些年里,/sys已经被设计为让Kernel来表示硬件之间的继承关系以及可以输出设备信息)。你可以看到你都加载了什么模块,你的系统已经开机多长时间以及进程的内存使用。实际上,每个单独的运行的进程都在/proc里有一个入口、目录。就像你所看到的,/proc将是一个非常有用的东西。但在你使用它之前,你必须先加载它。
Note: Many of the examples in this guide require root access to work correctly. If you don't have root access on your Linux box, get it. We'll wait.
注意:本教程的许多例子都是需要root权限的,如果你还没有你的linux的root权限,先去得到它,我们先等等。
Next: Mounting /proc
下一步:加载/proc
Mounting /proc
加载/proc
As mentioned earlier, /proc is a filesystem. And, like all filesystems, you need to mount it. In theory, you could mount it anywhere, but the standard is to mount it in /proc.
正如上面所提到的,/proc是一个文件系统,并且,就像其他的文件系统一样,你必须加载它.按照这个理论,你可以把它加载到任意地方,但标准的方法还是把它加载到/proc.
Most systems have /proc mounted by default in /etc/fstab, but just in case, make sure that it's mounted by doing:
绝大多数系统里,/proc已经在/etc/fstab里头被默认加载过了,但以防万一,你可以按照下面的代码来验证它是否被加载:
代码: 全选
$ mount
注意:本教程的代码中,如果以$开头的命令表示普通用户的终端就可以运行,而#表示你必须以root帐号来运行。
If the output contains a line such as:
如果你的输出中看到了这么一行:
代码: 全选
proc on /proc type proc (rw)
那么很好,不然的话做下列的指令
First, make sure that you have a directory called /proc:
但,首先你得保证你有个目录叫做/proc
代码: 全选
# if ! test -f /proc
then
mkdir /proc
fi
然后,在/etc/fstab里头增加一行:
代码: 全选
proc /proc proc defaults 0 0
现在,加载它:
代码: 全选
# mount proc
你已经可以开始拿/proc来玩玩了。
Next: Viewing Process Information
下一步:查看进程信息
Each time a new process is created, an entry in /proc is created. The name of the directory entry corresponds to the process identification number (PID) of the created process, so, for example, a process with a PID of 8695 will have a corresponding directory entry of /proc/8695/.
当一个新的进程产生的时候,在/proc里头将会产生一个新的入口。这个入口目录的名称和这个刚产生的进程的PID(进程标识号)相关。所以说,例如,一个进程,如果其PID为8695,那么这个进程的相关的入口目录就是/proc/8695/。
inside /proc/8695/ (replace 8695 with a real PID on your system), you'll see something like:
在/proc/8695/里头(当然,这里的8695应当被题换成你的系统里真实存在的一个PID),你将看到类似于这样的东西:
代码: 全选
auxv exe mem root statm
cmdline fd/ mounts seccomp status
cwd loginuid oom_adj smaps task/
environ maps oom_score stat wchan
注意:以”/”结束的条目都是目录。
As you can see, a lot of data about each process is stored. Let's go through the basics:
正如你所看到的,每个进程都有大量的信息被保存下来,让我们看看这些基本的东西:
cmdline - This contains information about the actual command line invoked to start this process. This is a down and dirty way to find out what this process is actually doing.
cmdline(命令行)-这个包含了真正调用这个进程的命令行,这是一种底层的(down应该如何翻译好呢?)、肮脏的方法来查找一个进程到底在做什么。
The best way to access this info is by using a tool such as 'strings' which will display any printable information from a binary file:
最好的访问这些信息的方法是使用类似于”strings”这样的工具。这个工具将从一个二进制文件中显示任何可以打印的信息。
代码: 全选
$ strings cmdline
/opt/OpenOffice.org/program/soffice.bin
private:factory/swriter
cwd-这是一个符号连接,连向这个进程启动时所在的工作目录。例如,我在我的home目录里头打开了OpenOffice.org(PID 8695),那么cwd将指向/home/akissner(这里作者的用户名为akissner——译者注)。
environ - This file contains the environment of the process, sorted in to key=value pairs. There is no particular order, so for a human readable output, you would want to do something like:
environ-这个文件包含了这个进程的环境信息,并按照”key=value”的形式分类排列好。但没有什么特定的顺序,所以为了按照一个人类正常的阅读顺序,我们经常这么输出:
代码: 全选
$ strings environ | sort | less
这将把结果按照key部分的字母序排列,并输出。
exe - 'exe' is another symlink, this time to the actual binary itself. So if you wanted to run another copy of the process, you could do:
exe-'exe'是另外一个符号连接,这一次,连向的是那个二进制文件本身。所以如果你希望再运行这个进程的一个副本的话,你可以这么作:
代码: 全选
$ /proc/8695/exe
fd/ - 这是一个很狡猾的东西。他是一个子目录,里头的东西是当前程序所打开文件的描述符的符号连接(这句话……真是不好翻译,应该怎么翻译比较合适呢?)。/proc/XXXX/fd/目录里头至少含有这几个连接:0,1,2。这是因为一定会有STDIN,STDOUT,STDERR这三个。
Using this, you can see what files a program is manipulating. This is one way that you can find out where a browser keeps its cache, or a text editor keeps its temporary files.
用这个,你可以看到一个程序正在使用什么文件。这是你能发现一个浏览器是否在保存cache或者一个文件编辑器是否正在使用一个临时文件的方法之一。
loginuid - A little background is required before I can explain this one. This isn't completely technically correct, but it's good enough for a Cliff Notes summary.
loginudi – 在我解释这个之前,我们需要了解一点背景知识。这并不是在技术上完全正确的,但是对于一个Cliff Notes总结(这算什么东西亚?)已经足够好了。
Each process is represented in the kernel as a structure of type "task". This task structure keeps track of a lot of information about a process, including the PID, the UID of the user who started it, its children, and countless other things. One such attribute is the field "loginuid". The loginuid shows which account a user gained access to the system with. The /proc/XXXX/loginuid shows this value.
maps - 'maps' is one of the most complicated things inside of the /proc filesystem. Suffice it to say that one must have a basic grounding in the inner workings of the kernel and memory management to fully appreciate the information inside of /proc/XXXX/maps.
08048000-080a1000 r-xp 00000000 08:06 35310321 /opt/OpenOffice.org/program/soffice.bin
080a1000-080a6000 rw-p 00058000 08:06 35310321 /opt/OpenOffice.org/program/soffice.bin
080a6000-084b6000 rw-p 080a6000 00:00 0 [heap]
b0e2d000-b0e3d000 rwxp b0e2d000 00:00 0
b0e4d000-b0e81000 r--p 00000000 08:06 86555296 /opt/OpenOffice.org/help/en/picture.db
b0e81000-b0ec4000 rw-p b0e81000 00:00 0
b0ec4000-b0f34000 rwxp b0ec4000 00:00 0
b0f42000-b0f62000 rwxp b0f42000 00:00 0
b0f62000-b0f7d000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0f7d000-b0f98000 r--s 00000000 00:07 21004324 /SYSV00000000 (deleted)
b0f98000-b0fb3000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fb3000-b0fce000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fce000-b0fe9000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fe9000-b1004000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1004000-b101f000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b101f000-b103a000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b103a000-b1055000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1055000-b1070000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1070000-b108b000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b108b000-b10a6000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
Shown above is a sample listing for my OpenOffice.org process (PID 8695). As you can see, OpenOffice.org uses a lot of memory!
The first column lists, in hexadecimal, the address range for the mapped memory. The next column lists the permissions on that section of memory. This can either be r, w, x, p, or s, which is read, write, execute, private, and shared, respectively. The third column is the offset, and the fourth column lists the device where the memory is mapped from. The device column is split into major:minor, where major is the corresponding major device number (this has to do with which driver is assigned to which device) and minor number (which has to do with the number of devices a driver is representing). Using information from /proc/devices, you can decipher the device being used. The next column is the inode number of the file from which the memory is being mapped. Last is the pathname of the file.
mem - This cannot be used directly from the command line for anything. You can call the open() and read() system calls on it to read the pages of a process's memory, but most people will go their whole life without ever needing to to this.
mounts - In most cases, this is the same thing as /proc/mounts, which displays mounted filesystem information.
oom_* - These files control the system's behavior if it meets an Out of Memory (OOM) condition. Generally, you won't need to mess with this. The oom_adj file can be used to make a process unkillable during OOM.
root - This is a symlink to the process's root directory. Normally, this will be '/'. But if, for example, a process were started inside a 'chroot jail', then /proc/XXXX/root might point to "/foo/jail".
seccomp - Changing the value in this file from '0' to '1' will send the process in to "seccomp" mode. Seccomp is a sandbox mechanism for the kernel, which restricts a certain process from executing most system calls. This is a security feature, which you will probably never use.
smaps - This file provides detailed memory consumption information for a process.
stat - Like the name suggestions, /proc/XXXX/stat contains information about a process's status. In fact, modern versions of ps (namely those coming from the 'procps' package) use /proc/XXXX/stat for their information. The output is not formatted, and looks like this:
8695 (soffice.bin) S 8666 3234 3180 1025 3224
8396864 68 0 8 0 27 31 0 0 16 0 1 0 51495018 134680576 8844
4294967295 134512640 134875180 3216856352 4154390430 582 0
0 4096 2076206327 0 0 0 33 1 0 0
The best place for information on these fields is the proc(5) manpage.
statm - This file gives memory status information. This file gives information in page-sized blocks. The columns are size (total), rss (resident set size), shared pages, text (the executable code), library code, data/stack size, and dirty pages. The last column is no longer used in the 2.6 kernel series.
status - This file contains the information given in stat and statm, but in a much more human-friendly form. Each row is labeled, and the names are for the most part self-explanatory.
task - task is a directory, containing a directory (with the same name as the PID) that contains all the information inside /proc/XXXX (except for task/). It's a bit of a pointless directory, in my opinion.
wchan - The WCHAN data for a process is the kernel function where the process is currently blocking.
That covers things for this first installment in a multi-part series on understanding the /proc filesystem. Part 2 will cover using /proc to find information about the devices attached to your system.
-
leal
- 帖子: 1119
- 注册时间: 2005-08-29 14:49
- 来自: 杭州
- 联系:
based on leeangle's work
leal
Contributed by Andy Kissner in Misc
03-09-06
Throughout my experience, many users on Linux Help Forums or IRC have had questions that require information from /proc to diagnose. And every single time, I've had to walk them through the process of using and understanding /proc so that I could help them with their problem. For that reason, I think that a brief tutorial on the basics of /proc is in order.
据我的经验看,linux帮助论坛以及IRC上的许多用户都遇到过这类问题,它们都需要借助/proc里的信息进行诊断。每每遇到这种情况,我都得手把手教他们去使用和理解/proc,以便帮助他们解决问题。鉴于此,我认为需要一份介绍/proc基础知识的简要指南。
When it comes down to it, /proc is a filesystem. Although it does not represent any physical device, you can still mount it and unmount it as you please. It contains a multitude of valuable information regarding the processes you are running, as well as the hardware you have hooked up to your computer (although in recent years, /sys has been devised by the Kernel folks to represent the hardware hierarchy and export device information ). You can see which modules you have loaded, how long your system has been up, and the memory usage of processes on your system. In fact, every single process running has an entry, or directory, inside /proc. As you can see, /proc can be a very powerful asset. But before you can use it, you need to mount it.
归根结底,/proc是个文件系统。尽管它并不代表任何物理设备,只要你乐意,仍可mount(挂载)和unmount(卸载)它。/proc包含有大量和当前运行的进程及电脑所启用的硬件相关的重要信息(近些年来,Kernel一族设计了/sys来代表硬件体系,并可输出设备信息)。你可以查到当前加载了哪些模块,系统已启动多久,以及系统中进程的内存使用情况。实际上,每个进程的单独运行(need improvement)在/proc里都有一个条目或目录。如你所见,/proc是个功能强大的工具。不过使用之前,你必需现mount(挂载)/proc。
Note: Many of the examples in this guide require root access to work correctly. If you don't have root access on your Linux box, get it. We'll wait.
注意:本指南里的许多例子都要求root权限方可正常工作,如果你还没拥有Linux的root权限,赶紧弄一个先,我们在这儿候着。
Next: Mounting /proc
下一步:挂载/proc
Mounting /proc
挂载/proc
As mentioned earlier, /proc is a filesystem. And, like all filesystems, you need to mount it. In theory, you could mount it anywhere, but the standard is to mount it in /proc.
上面提到/proc是个文件系统,像其它文件系统一样,需先挂载之。理论上你可以把它挂载到任意位置,标准做法是将其挂载到/proc。
Most systems have /proc mounted by default in /etc/fstab, but just in case, make sure that it's mounted by doing:
大部分系统会在/etc/fstab里缺省挂载/proc,不过为以防万一,请用如下命令确认它已挂载:
代码:
$ mount
Note: Throughout this guide, $ indicates a command to be run from a normal user's shell, and # indicates something that must be run from a root shell.
注意:本指南中,$表示在普通用户的shell里运行该命令即可,而#表示必须以root帐号运行。
If the output contains a line such as:
如果输出包含如下行:
代码:
proc on /proc type proc (rw)
then you are fine. If not, follow the instructions below.
那就万事大吉。若否,则按如下指令照做。
First, make sure that you have a directory called /proc:
首先确保存在名为/proc的目录:
代码:
# if ! test -f /proc
then
mkdir /proc
fi
(译注:如下命令也挺省事,
# mkdir -p /proc
)
Then, add a line to the file /etc/fstab such as this:
然后,在/etc/fstab里添加一行:
代码:
proc /proc proc defaults 0 0
Now, mount it:
接着挂载之:
代码:
# mount proc
You're now ready to play around with /proc.
从此你便可以和/proc如胶似漆了。
Next: Viewing Process Information
下一步:查看进程信息
Each time a new process is created, an entry in /proc is created. The name of the directory entry corresponds to the process identification number (PID) of the created process, so, for example, a process with a PID of 8695 will have a corresponding directory entry of /proc/8695/.
每次一有新进程创建,/proc里就会产生一个新条目。目录项的名字和刚创建进程的进程标识号(PID)一致,例如,PID为8695的进程会有一个对应的目录项/proc/8695/。
inside /proc/8695/ (replace 8695 with a real PID on your system), you'll see something like:
在/proc/8695/里(把8695换成自己系统上的某个实际PID),这里的8695应当被题换成你的系统里真实存在的一个PID),你会看到类似如下的信息:
代码:
auxv exe mem root statm
cmdline fd/ mounts seccomp status
cwd loginuid oom_adj smaps task/
environ maps oom_score stat wchan
Note: The entries ending in “/” are directories.
注意:以”/”结束的条目都是目录。
As you can see, a lot of data about each process is stored. Let's go through the basics:
如上所示,每个进程都有大量相关数据被保存下来,让我们来走马观花一把:
leal
Contributed by Andy Kissner in Misc
03-09-06
Throughout my experience, many users on Linux Help Forums or IRC have had questions that require information from /proc to diagnose. And every single time, I've had to walk them through the process of using and understanding /proc so that I could help them with their problem. For that reason, I think that a brief tutorial on the basics of /proc is in order.
据我的经验看,linux帮助论坛以及IRC上的许多用户都遇到过这类问题,它们都需要借助/proc里的信息进行诊断。每每遇到这种情况,我都得手把手教他们去使用和理解/proc,以便帮助他们解决问题。鉴于此,我认为需要一份介绍/proc基础知识的简要指南。
When it comes down to it, /proc is a filesystem. Although it does not represent any physical device, you can still mount it and unmount it as you please. It contains a multitude of valuable information regarding the processes you are running, as well as the hardware you have hooked up to your computer (although in recent years, /sys has been devised by the Kernel folks to represent the hardware hierarchy and export device information ). You can see which modules you have loaded, how long your system has been up, and the memory usage of processes on your system. In fact, every single process running has an entry, or directory, inside /proc. As you can see, /proc can be a very powerful asset. But before you can use it, you need to mount it.
归根结底,/proc是个文件系统。尽管它并不代表任何物理设备,只要你乐意,仍可mount(挂载)和unmount(卸载)它。/proc包含有大量和当前运行的进程及电脑所启用的硬件相关的重要信息(近些年来,Kernel一族设计了/sys来代表硬件体系,并可输出设备信息)。你可以查到当前加载了哪些模块,系统已启动多久,以及系统中进程的内存使用情况。实际上,每个进程的单独运行(need improvement)在/proc里都有一个条目或目录。如你所见,/proc是个功能强大的工具。不过使用之前,你必需现mount(挂载)/proc。
Note: Many of the examples in this guide require root access to work correctly. If you don't have root access on your Linux box, get it. We'll wait.
注意:本指南里的许多例子都要求root权限方可正常工作,如果你还没拥有Linux的root权限,赶紧弄一个先,我们在这儿候着。
Next: Mounting /proc
下一步:挂载/proc
Mounting /proc
挂载/proc
As mentioned earlier, /proc is a filesystem. And, like all filesystems, you need to mount it. In theory, you could mount it anywhere, but the standard is to mount it in /proc.
上面提到/proc是个文件系统,像其它文件系统一样,需先挂载之。理论上你可以把它挂载到任意位置,标准做法是将其挂载到/proc。
Most systems have /proc mounted by default in /etc/fstab, but just in case, make sure that it's mounted by doing:
大部分系统会在/etc/fstab里缺省挂载/proc,不过为以防万一,请用如下命令确认它已挂载:
代码:
$ mount
Note: Throughout this guide, $ indicates a command to be run from a normal user's shell, and # indicates something that must be run from a root shell.
注意:本指南中,$表示在普通用户的shell里运行该命令即可,而#表示必须以root帐号运行。
If the output contains a line such as:
如果输出包含如下行:
代码:
proc on /proc type proc (rw)
then you are fine. If not, follow the instructions below.
那就万事大吉。若否,则按如下指令照做。
First, make sure that you have a directory called /proc:
首先确保存在名为/proc的目录:
代码:
# if ! test -f /proc
then
mkdir /proc
fi
(译注:如下命令也挺省事,
# mkdir -p /proc
)
Then, add a line to the file /etc/fstab such as this:
然后,在/etc/fstab里添加一行:
代码:
proc /proc proc defaults 0 0
Now, mount it:
接着挂载之:
代码:
# mount proc
You're now ready to play around with /proc.
从此你便可以和/proc如胶似漆了。
Next: Viewing Process Information
下一步:查看进程信息
Each time a new process is created, an entry in /proc is created. The name of the directory entry corresponds to the process identification number (PID) of the created process, so, for example, a process with a PID of 8695 will have a corresponding directory entry of /proc/8695/.
每次一有新进程创建,/proc里就会产生一个新条目。目录项的名字和刚创建进程的进程标识号(PID)一致,例如,PID为8695的进程会有一个对应的目录项/proc/8695/。
inside /proc/8695/ (replace 8695 with a real PID on your system), you'll see something like:
在/proc/8695/里(把8695换成自己系统上的某个实际PID),这里的8695应当被题换成你的系统里真实存在的一个PID),你会看到类似如下的信息:
代码:
auxv exe mem root statm
cmdline fd/ mounts seccomp status
cwd loginuid oom_adj smaps task/
environ maps oom_score stat wchan
Note: The entries ending in “/” are directories.
注意:以”/”结束的条目都是目录。
As you can see, a lot of data about each process is stored. Let's go through the basics:
如上所示,每个进程都有大量相关数据被保存下来,让我们来走马观花一把:
-
leal
- 帖子: 1119
- 注册时间: 2005-08-29 14:49
- 来自: 杭州
- 联系:
cmdline - This contains information about the actual command line invoked to start this process. This is a down and dirty way to find out what this process is actually doing.
cmdline-它包含有启动这个进程实际调用的命令行。通过这种方法找出进程的实际所为实在有些龌龊(down and dirty way)。
The best way to access this info is by using a tool such as 'strings' which will display any printable information from a binary file:
访问这份信息的最佳途径是使用诸如“strings”的工具,它能显示二进制文件里的可打印信息。
代码:
$ strings cmdline
/opt/OpenOffice.org/program/soffice.bin
private:factory/swriter
cwd - This is a symlink to the working directory from which the process was started. For example, I started OpenOffice.org (PID 8695) in my home directory, so cwd points to /home/akissner.
cwd-这是个符号连接,指向该进程启动时所在的工作目录。例如,我在自己的主目录里启动了OpenOffice.org(PID 8695),因此cwd指向/home/akissner(译注:本文作者帐号为akissner)。
environ - This file contains the environment of the process, sorted in to key=value pairs. There is no particular order, so for a human readable output, you would want to do something like:
environ-这个文件包含了该进程的环境信息,并按“key=value”对的形式排列好。但排列并无特定顺序,因此为可读性起见,你可以使用如下命令输出该文件内容:
代码:
$ strings environ | sort | less
This will sort the output alphabetically, sorted by the key.
上述命令会将输出按key的字母顺序进行排列。
exe - 'exe' is another symlink, this time to the actual binary itself. So if you wanted to run another copy of the process, you could do:
exe-'exe'是另一个符号连接,这次指向实际的二进制本身。因此如果你希望运行该进程的另一份拷贝,可以这么做:
代码:
$ /proc/8695/exe
fd/ - This is a tricky one. It is a subdirectory of symbolic links to open file descriptors in use by the program. /proc/XXXX/fd/ will always contain, at the very least, the links 0, 1, 2. These correspond to STDIN, STDOUT, and STDERR, respectively.
fd/ - 这个有点棘手。它是个包含符号连接的子目录,这些符号连接指向该程序正使用的打开文件的描述符。/proc/XXXX/fd/目录里至少包含如下连接,即0、1、2,它们分别对应于STDIN、STDOUT、STDERR。
cmdline-它包含有启动这个进程实际调用的命令行。通过这种方法找出进程的实际所为实在有些龌龊(down and dirty way)。
The best way to access this info is by using a tool such as 'strings' which will display any printable information from a binary file:
访问这份信息的最佳途径是使用诸如“strings”的工具,它能显示二进制文件里的可打印信息。
代码:
$ strings cmdline
/opt/OpenOffice.org/program/soffice.bin
private:factory/swriter
cwd - This is a symlink to the working directory from which the process was started. For example, I started OpenOffice.org (PID 8695) in my home directory, so cwd points to /home/akissner.
cwd-这是个符号连接,指向该进程启动时所在的工作目录。例如,我在自己的主目录里启动了OpenOffice.org(PID 8695),因此cwd指向/home/akissner(译注:本文作者帐号为akissner)。
environ - This file contains the environment of the process, sorted in to key=value pairs. There is no particular order, so for a human readable output, you would want to do something like:
environ-这个文件包含了该进程的环境信息,并按“key=value”对的形式排列好。但排列并无特定顺序,因此为可读性起见,你可以使用如下命令输出该文件内容:
代码:
$ strings environ | sort | less
This will sort the output alphabetically, sorted by the key.
上述命令会将输出按key的字母顺序进行排列。
exe - 'exe' is another symlink, this time to the actual binary itself. So if you wanted to run another copy of the process, you could do:
exe-'exe'是另一个符号连接,这次指向实际的二进制本身。因此如果你希望运行该进程的另一份拷贝,可以这么做:
代码:
$ /proc/8695/exe
fd/ - This is a tricky one. It is a subdirectory of symbolic links to open file descriptors in use by the program. /proc/XXXX/fd/ will always contain, at the very least, the links 0, 1, 2. These correspond to STDIN, STDOUT, and STDERR, respectively.
fd/ - 这个有点棘手。它是个包含符号连接的子目录,这些符号连接指向该程序正使用的打开文件的描述符。/proc/XXXX/fd/目录里至少包含如下连接,即0、1、2,它们分别对应于STDIN、STDOUT、STDERR。
-
leal
- 帖子: 1119
- 注册时间: 2005-08-29 14:49
- 来自: 杭州
- 联系:
Using this, you can see what files a program is manipulating. This is one way that you can find out where a browser keeps its cache, or a text editor keeps its temporary files.
借助该目录,我们可以查看程序正在操作哪些文件,也是找出浏览器保存缓存或文本编辑器保存其临时文件的位置的方法之一。
loginuid - A little background is required before I can explain this one. This isn't completely technically correct, but it's good enough for a Cliff Notes summary.
loginuid - 解释这个条目之前先要介绍些背景知识,尽管该介绍在技术上并非完全正确,不过作为一份Cliff笔记式的小结绰绰有余。
(译注:“克利夫笔记”是Cliff Hillegass在1958年创办的品牌。“克利夫笔记”图书涵盖了从简单的英国文学史到高级英文写作。每一本“克利夫笔记”的文学书都会介绍作者的生平和这本书的写作背景,讨论故事的情节,探索这本书的主题思想。“克利夫笔记”的作者都是些在各自领域有所建树的专家和教授。http://www.cnempp.gov.cn/info/article.asp?id=16)
Each process is represented in the kernel as a structure of type "task". This task structure keeps track of a lot of information about a process, including the PID, the UID of the user who started it, its children, and countless other things. One such attribute is the field "loginuid". The loginuid shows which account a user gained access to the system with. The /proc/XXXX/loginuid shows this value.
进程在内核里由“task”型别的结构体表示。task结构会记录大量进程相关的信息,包括PID、启动该进程的用户UID、其子进程以及凡此种种。其中一个属性(译注:即task结构的成员之一)即为“loginuid”,它记录了用户是以哪个帐号访问系统的。/proc/XXXX/loginuid给出了这个值。
maps - 'maps' is one of the most complicated things inside of the /proc filesystem. Suffice it to say that one must have a basic grounding in the inner workings of the kernel and memory management to fully appreciate the information inside of /proc/XXXX/maps.
maps - 它是/proc文件系统里最为复杂的东西之一。毫无疑问,要完全理解/proc/XXXX/maps里的信息,你必须对内核和内存管理的内部工作机制有个基础而扎实的理解。
08048000-080a1000 r-xp 00000000 08:06 35310321 /opt/OpenOffice.org/program/soffice.bin
080a1000-080a6000 rw-p 00058000 08:06 35310321 /opt/OpenOffice.org/program/soffice.bin
080a6000-084b6000 rw-p 080a6000 00:00 0 [heap]
b0e2d000-b0e3d000 rwxp b0e2d000 00:00 0
b0e4d000-b0e81000 r--p 00000000 08:06 86555296 /opt/OpenOffice.org/help/en/picture.db
b0e81000-b0ec4000 rw-p b0e81000 00:00 0
b0ec4000-b0f34000 rwxp b0ec4000 00:00 0
b0f42000-b0f62000 rwxp b0f42000 00:00 0
b0f62000-b0f7d000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0f7d000-b0f98000 r--s 00000000 00:07 21004324 /SYSV00000000 (deleted)
b0f98000-b0fb3000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fb3000-b0fce000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fce000-b0fe9000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fe9000-b1004000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1004000-b101f000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b101f000-b103a000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b103a000-b1055000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1055000-b1070000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1070000-b108b000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b108b000-b10a6000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
Shown above is a sample listing for my OpenOffice.org process (PID 8695). As you can see, OpenOffice.org uses a lot of memory!
上述内容只是我的OpenOffice.org进程(PID 8695)相关的一部分信息,从中可以看出OpenOffice.org占用了大量内存!
The first column lists, in hexadecimal, the address range for the mapped memory. The next column lists the permissions on that section of memory. This can either be r, w, x, p, or s, which is read, write, execute, private, and shared, respectively. The third column is the offset, and the fourth column lists the device where the memory is mapped from. The device column is split into major:minor, where major is the corresponding major device number (this has to do with which driver is assigned to which device) and minor number (which has to do with the number of devices a driver is representing). Using information from /proc/devices, you can decipher the device being used. The next column is the inode number of the file from which the memory is being mapped. Last is the pathname of the file.
第一栏列出了映射内存的地址范围,以十六进制表示。第二栏表示这段内存的权限,可能值为r, w, x, p或s,分别表示read(读)、write(写)、execute(可执行)、private(私有)和shared(共享)。第三栏表示偏移量,第四栏列出了设备,内存即映射自该设备。设备一栏分隔成major:minor(主:次),这儿major对应于主设备号(这和哪个驱动程序分配给哪个设备有关),minor对应次设备号(这和一个驱动程序要代表的设备数量有关)。借助/proc/devices里的信息,你可以找出正在使用的设备。再下一栏是内存映射源的文件inode号。最后一栏为该文件的路径名。
借助该目录,我们可以查看程序正在操作哪些文件,也是找出浏览器保存缓存或文本编辑器保存其临时文件的位置的方法之一。
loginuid - A little background is required before I can explain this one. This isn't completely technically correct, but it's good enough for a Cliff Notes summary.
loginuid - 解释这个条目之前先要介绍些背景知识,尽管该介绍在技术上并非完全正确,不过作为一份Cliff笔记式的小结绰绰有余。
(译注:“克利夫笔记”是Cliff Hillegass在1958年创办的品牌。“克利夫笔记”图书涵盖了从简单的英国文学史到高级英文写作。每一本“克利夫笔记”的文学书都会介绍作者的生平和这本书的写作背景,讨论故事的情节,探索这本书的主题思想。“克利夫笔记”的作者都是些在各自领域有所建树的专家和教授。http://www.cnempp.gov.cn/info/article.asp?id=16)
Each process is represented in the kernel as a structure of type "task". This task structure keeps track of a lot of information about a process, including the PID, the UID of the user who started it, its children, and countless other things. One such attribute is the field "loginuid". The loginuid shows which account a user gained access to the system with. The /proc/XXXX/loginuid shows this value.
进程在内核里由“task”型别的结构体表示。task结构会记录大量进程相关的信息,包括PID、启动该进程的用户UID、其子进程以及凡此种种。其中一个属性(译注:即task结构的成员之一)即为“loginuid”,它记录了用户是以哪个帐号访问系统的。/proc/XXXX/loginuid给出了这个值。
maps - 'maps' is one of the most complicated things inside of the /proc filesystem. Suffice it to say that one must have a basic grounding in the inner workings of the kernel and memory management to fully appreciate the information inside of /proc/XXXX/maps.
maps - 它是/proc文件系统里最为复杂的东西之一。毫无疑问,要完全理解/proc/XXXX/maps里的信息,你必须对内核和内存管理的内部工作机制有个基础而扎实的理解。
08048000-080a1000 r-xp 00000000 08:06 35310321 /opt/OpenOffice.org/program/soffice.bin
080a1000-080a6000 rw-p 00058000 08:06 35310321 /opt/OpenOffice.org/program/soffice.bin
080a6000-084b6000 rw-p 080a6000 00:00 0 [heap]
b0e2d000-b0e3d000 rwxp b0e2d000 00:00 0
b0e4d000-b0e81000 r--p 00000000 08:06 86555296 /opt/OpenOffice.org/help/en/picture.db
b0e81000-b0ec4000 rw-p b0e81000 00:00 0
b0ec4000-b0f34000 rwxp b0ec4000 00:00 0
b0f42000-b0f62000 rwxp b0f42000 00:00 0
b0f62000-b0f7d000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0f7d000-b0f98000 r--s 00000000 00:07 21004324 /SYSV00000000 (deleted)
b0f98000-b0fb3000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fb3000-b0fce000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fce000-b0fe9000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b0fe9000-b1004000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1004000-b101f000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b101f000-b103a000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b103a000-b1055000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1055000-b1070000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b1070000-b108b000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
b108b000-b10a6000 r--s 00000000 00:07 20971555 /SYSV00000000 (deleted)
Shown above is a sample listing for my OpenOffice.org process (PID 8695). As you can see, OpenOffice.org uses a lot of memory!
上述内容只是我的OpenOffice.org进程(PID 8695)相关的一部分信息,从中可以看出OpenOffice.org占用了大量内存!
The first column lists, in hexadecimal, the address range for the mapped memory. The next column lists the permissions on that section of memory. This can either be r, w, x, p, or s, which is read, write, execute, private, and shared, respectively. The third column is the offset, and the fourth column lists the device where the memory is mapped from. The device column is split into major:minor, where major is the corresponding major device number (this has to do with which driver is assigned to which device) and minor number (which has to do with the number of devices a driver is representing). Using information from /proc/devices, you can decipher the device being used. The next column is the inode number of the file from which the memory is being mapped. Last is the pathname of the file.
第一栏列出了映射内存的地址范围,以十六进制表示。第二栏表示这段内存的权限,可能值为r, w, x, p或s,分别表示read(读)、write(写)、execute(可执行)、private(私有)和shared(共享)。第三栏表示偏移量,第四栏列出了设备,内存即映射自该设备。设备一栏分隔成major:minor(主:次),这儿major对应于主设备号(这和哪个驱动程序分配给哪个设备有关),minor对应次设备号(这和一个驱动程序要代表的设备数量有关)。借助/proc/devices里的信息,你可以找出正在使用的设备。再下一栏是内存映射源的文件inode号。最后一栏为该文件的路径名。
-
leal
- 帖子: 1119
- 注册时间: 2005-08-29 14:49
- 来自: 杭州
- 联系:
mem - This cannot be used directly from the command line for anything. You can call the open() and read() system calls on it to read the pages of a process's memory, but most people will go their whole life without ever needing to to this.
mem - 无法从命令行里直接使用该条目。你可以对其调用open()和read()系统调用,来读取进程所占用内存的各页面,不过大部分用户和mem老死不相往来。
mounts - In most cases, this is the same thing as /proc/mounts, which displays mounted filesystem information.
mounts - 大部分情况下,它和/proc/mounts同属一物,能给出已挂载的文件系统信息。
oom_* - These files control the system's behavior if it meets an Out of Memory (OOM) condition. Generally, you won't need to mess with this. The oom_adj file can be used to make a process unkillable during OOM.
oom_* - 当系统遇到内存用尽(Out of Memory OOM)情况时,就是由这些文件控制着系统的行为。一般来说,你无需与它纠缠。oom_adj文件可用来让进程在OOM时变得不可杀死(unkillable)。
root - This is a symlink to the process's root directory. Normally, this will be '/'. But if, for example, a process were started inside a 'chroot jail', then /proc/XXXX/root might point to "/foo/jail".
root - 这是到进程根目录的符号连接,一般都是“/”。不过也有例外,比如进程是在chroot jail之后启动的,那么/proc/XXXX/root可能指向"/foo/jail"。
seccomp - Changing the value in this file from '0' to '1' will send the process in to "seccomp" mode. Seccomp is a sandbox mechanism for the kernel, which restricts a certain process from executing most system calls. This is a security feature, which you will probably never use.
seccomp - 把该文件里的值从0改为1,就会把进程送入“seccomp”模式。Seccomp是用于内核的沙盒机制,可以限制特定进程执行大部分的系统调用。这是个安全特性,估计你永远不会用它。
smaps - This file provides detailed memory consumption information for a process.
smaps - 该文件提供了一个进程的内存消耗相关的详细信息。
stat - Like the name suggestions, /proc/XXXX/stat contains information about a process's status. In fact, modern versions of ps (namely those coming from the 'procps' package) use /proc/XXXX/stat for their information. The output is not formatted, and looks like this:
stat - 顾名思义,/proc/XXXX/stat包含有进程状态(status)的相关信息。实际上,ps的现代版本(来自procps包)就是使用/proc/XXXX/stat来获得相关信息的。输出是无格式的,如下:
8695 (soffice.bin) S 8666 3234 3180 1025 3224
8396864 68 0 8 0 27 31 0 0 16 0 1 0 51495018 134680576 8844
4294967295 134512640 134875180 3216856352 4154390430 582 0
0 4096 2076206327 0 0 0 33 1 0 0
The best place for information on these fields is the proc(5) manpage.
上述信息各部分的详细说明请参考proc(5) man页。
statm - This file gives memory status information. This file gives information in page-sized blocks. The columns are size (total), rss (resident set size), shared pages, text (the executable code), library code, data/stack size, and dirty pages. The last column is no longer used in the 2.6 kernel series.
statm - 该文件给出了内存状态信息,以页大小的块为单位。各栏分别是size(总和)大小、rss(resident set size驻留集大小)、shared pages(共享的内存页面)、text(可执行代码)、库代码、数据/栈大小以及失效页面(dirty pages)。2.6内核系列已不再使用最后一栏。
status - This file contains the information given in stat and statm, but in a much more human-friendly form. Each row is labeled, and the names are for the most part self-explanatory.
status - 该文件包含了stat和statm给出的信息,不过可读性强的多。每行都加了标签,其名字大部分都不言自明。
task - task is a directory, containing a directory (with the same name as the PID) that contains all the information inside /proc/XXXX (except for task/). It's a bit of a pointless directory, in my opinion.
task - task是个目录,包含一个目录(和PID同名),里头包括/proc/XXXX(task/除外)里的全部信息。依我之见,这个目录并无多大价值。
wchan - The WCHAN data for a process is the kernel function where the process is currently blocking.
wchan - 进程的WCHAN数据包含有该进程当前被阻塞的内核函数。
That covers things for this first installment in a multi-part series on understanding the /proc filesystem. Part 2 will cover using /proc to find information about the devices attached to your system.
这是理解/proc文件系统相关系列文章的第一部分。第二部分介绍如何使用/proc查看连接到系统的设备相关的信息。
mem - 无法从命令行里直接使用该条目。你可以对其调用open()和read()系统调用,来读取进程所占用内存的各页面,不过大部分用户和mem老死不相往来。
mounts - In most cases, this is the same thing as /proc/mounts, which displays mounted filesystem information.
mounts - 大部分情况下,它和/proc/mounts同属一物,能给出已挂载的文件系统信息。
oom_* - These files control the system's behavior if it meets an Out of Memory (OOM) condition. Generally, you won't need to mess with this. The oom_adj file can be used to make a process unkillable during OOM.
oom_* - 当系统遇到内存用尽(Out of Memory OOM)情况时,就是由这些文件控制着系统的行为。一般来说,你无需与它纠缠。oom_adj文件可用来让进程在OOM时变得不可杀死(unkillable)。
root - This is a symlink to the process's root directory. Normally, this will be '/'. But if, for example, a process were started inside a 'chroot jail', then /proc/XXXX/root might point to "/foo/jail".
root - 这是到进程根目录的符号连接,一般都是“/”。不过也有例外,比如进程是在chroot jail之后启动的,那么/proc/XXXX/root可能指向"/foo/jail"。
seccomp - Changing the value in this file from '0' to '1' will send the process in to "seccomp" mode. Seccomp is a sandbox mechanism for the kernel, which restricts a certain process from executing most system calls. This is a security feature, which you will probably never use.
seccomp - 把该文件里的值从0改为1,就会把进程送入“seccomp”模式。Seccomp是用于内核的沙盒机制,可以限制特定进程执行大部分的系统调用。这是个安全特性,估计你永远不会用它。
smaps - This file provides detailed memory consumption information for a process.
smaps - 该文件提供了一个进程的内存消耗相关的详细信息。
stat - Like the name suggestions, /proc/XXXX/stat contains information about a process's status. In fact, modern versions of ps (namely those coming from the 'procps' package) use /proc/XXXX/stat for their information. The output is not formatted, and looks like this:
stat - 顾名思义,/proc/XXXX/stat包含有进程状态(status)的相关信息。实际上,ps的现代版本(来自procps包)就是使用/proc/XXXX/stat来获得相关信息的。输出是无格式的,如下:
8695 (soffice.bin) S 8666 3234 3180 1025 3224
8396864 68 0 8 0 27 31 0 0 16 0 1 0 51495018 134680576 8844
4294967295 134512640 134875180 3216856352 4154390430 582 0
0 4096 2076206327 0 0 0 33 1 0 0
The best place for information on these fields is the proc(5) manpage.
上述信息各部分的详细说明请参考proc(5) man页。
statm - This file gives memory status information. This file gives information in page-sized blocks. The columns are size (total), rss (resident set size), shared pages, text (the executable code), library code, data/stack size, and dirty pages. The last column is no longer used in the 2.6 kernel series.
statm - 该文件给出了内存状态信息,以页大小的块为单位。各栏分别是size(总和)大小、rss(resident set size驻留集大小)、shared pages(共享的内存页面)、text(可执行代码)、库代码、数据/栈大小以及失效页面(dirty pages)。2.6内核系列已不再使用最后一栏。
status - This file contains the information given in stat and statm, but in a much more human-friendly form. Each row is labeled, and the names are for the most part self-explanatory.
status - 该文件包含了stat和statm给出的信息,不过可读性强的多。每行都加了标签,其名字大部分都不言自明。
task - task is a directory, containing a directory (with the same name as the PID) that contains all the information inside /proc/XXXX (except for task/). It's a bit of a pointless directory, in my opinion.
task - task是个目录,包含一个目录(和PID同名),里头包括/proc/XXXX(task/除外)里的全部信息。依我之见,这个目录并无多大价值。
wchan - The WCHAN data for a process is the kernel function where the process is currently blocking.
wchan - 进程的WCHAN数据包含有该进程当前被阻塞的内核函数。
That covers things for this first installment in a multi-part series on understanding the /proc filesystem. Part 2 will cover using /proc to find information about the devices attached to your system.
这是理解/proc文件系统相关系列文章的第一部分。第二部分介绍如何使用/proc查看连接到系统的设备相关的信息。