Linux Virtual File System
Server Administration

Linux Virtual File System

The Linux virtual file system or virtual file system generally is a layer on the top of your actual file system which allows the user to access different types of file systems, you can think of virtual file system as an interface between the kernel and the actual file system.

That means you will not find any entries for those virtual file systems in your /etc/fstab file, though you will still find them listed in the output of the mount command.

Other operating systems also make use of virtual file systems in different forms like Registry in windows.

 

/proc File System

The proc file system is a popular virtual file system on Linux. The /proc directory is the mount point for the proc file system.

The proc file system is especially interesting because it doesn’t really exist on disk anywhere, it’s an abstraction of kernel information.

All of the files in this directory correspond to a function in the kernel or to a set of variables in the kernel.

For example, to see a report on the type of processor type the following command:

$ cat /proc/cpuinfo

The kernel will dynamically create the report, show processor information.

This is a very powerful and easy way to query Linux kernel.

Notice that if you check the size of the file in /proc directory you will find that all file sizes are 0, because as we said they do not exist on the disk.

When you type cat /proc/cpuinfo command the content of the file is dynamically generated by a special program inside the kernel.

The only file that has a size in /proc directory is /proc/kcore file, which is a pointer to the contents of RAM. Actually, this file isn’t occupying any space on the disk.

Writing to Proc Files

As we’ve seen we can read the content of proc files, but some of the files under /proc directory have the write permission, so we can write to them.

For example, the file /proc/sys/net/ipv4/ip_forward  contains 0 value. This value means don’t perform IP forwarding when there are multiple network interfaces. But if you want to set up something like a Linux router, you need to allow forwarding.

You can change the value of that file like this:

$ echo "1" > /proc/sys/net/ipv4/ip_forward

Keep in mind that when you change any file or value under /proc directory there is no validation of what you are doing, you could crash your system if you type a wrong setting.

Persisting /proc Files Changes

The previous modification to the /proc/sys/net/ipv4/ip_forward entry will not survive after rebooting since you are not writing to a file, this is a virtual file system, means change happens to the memory.

If you need changes under /proc to be automatically enabled between reboots, you can either edit your boot scripts so that the change is made at boot time or use the sysctl command.

You can write your entries in /etc/rc.local  file, or in Red Hat based distros create /etc/rc.d/rc.local file and make it executable and enable the systemd service unit that enables the use of the rc.local file and write your entries.

The sysctl command is used for displaying and modifying kernel parameters in real time.it can be used to change entries in /proc/sys/  directory.

$ sysctl net.ipv4.ip_forward

This will show the value of the entry, to change it use the -w option:

$ sysctl -w net.ipv4.ip_forward=1

One final step is to write the changes to /etc/sysctl.conf:

$ echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

Make sure that the file /etc/sysctl.conf does not contain the entry before you write your changes.

Useful /proc Entries

These are some of the /proc entries that you may find them useful in managing your Linux system:

/proc/cpuinfo                    information about CPUs in the system.

/proc/ioports                     list of port regions used for I/O communication with devices.

/proc/iomem                     the current map of the system memory for each physical device.

/proc/mdstat                     display the status of RAID disks configuration.

/proc/meminfo                status of memory usage.

/proc/kcore                        displays the physical memory of the system.

/proc/modules                 displays list of kernel loaded modules.

/proc/cmdline                   displays the parameters passed to the kernel when the system started.

/proc/swaps                      displays the status of swap partitions.

/proc/version                    displays the kernel version, and time of compilation.

/proc/net/dev                   displays information about each network device, like packets count.

/proc/net/sockstat         displays statistics about network socket utilization.

/proc/sys/net/ipv4/ip_ display the range of ports that Linux will use when originating a connection.

local_port_range

/proc/sys/net/ipv4/        protection against syn flood attacks.

tcp_ syncookies

These are some of the common entries in /proc directory.

Listing /proc Directory

If you list the files in /proc directory, you will see a large number of directories whose names are just numbers, these numbers are the process IDs (PIDs) for each running process in the system, each directory contains several files describing the state of the process.

This information can be useful in finding what sort of resources the process is consuming and other useful information.

If you take a look at the folder named 1, you will notice that this folder represents the information about the init process or systemd (like CentOS 7) which is the first process runs When Linux starts.

$ ls -l /proc/1

Linux Virtual File System

As you can see from the output, the /proc/1/exe  file is a soft link that points to the actual executable for the /lib/systemd/systemd  binary or /sbin/init  in other systems that use init binary.

The same concept applies to all numeric folders under /proc directory.

/proc Useful Examples

We know from Linux iptables firewall post that when you make a TCP connection, the process is called three-way handshake and we know the SYN flood attack, and we use iptables to block SYN packets, and we also said that on a busy system, this can cause throttle the network.

A better solution is to use SYN cookies. A special method in the kernel that keeps track of which SYN packets arrive. If the syncookie detects the rate going above a certain threshold, it will get rid of SYN packets that don’t move to established state within a reasonable interval.

$ sysctl -w net.ipv4.tcp_syncookies=1

And to persist the changes.

$ echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf

Another useful example for /proc entries which are the /proc/sys/fs/file-max which specifies the maximum number of open files that Linux can support at any one time.

On busy systems with a lot of network connections, consider raising this number.

sysfs Virtual File System

sysfs or system file system is similar to the proc file system, both are Linux virtual file systems which mean they are in memory.

sysfs is usually mounted at the /sys mount point. The sysfs can be used to get information about kernel devices, modules, the system bus, firmware, and so on.

Most modern Linux distros have switched to using udev to manage devices. udev is used to control the device nodes under the /dev directory.

The new udev system allows the consistent naming of devices, which, in turn, is useful for the hot-plugging of devices. Old Linux users will understand this very well.

udev is able to do all these amazing stuff because of sysfs.

udev can dynamically create and remove device nodes as they are attached to or detached from the system.

$ ls -l /sys

And as you can see the file sizes are all zero because as we know this is a virtual file system.

The top level directory of /sys contains the following:

Block                     list of block devices detected on the system like sda.

Bus                         contains subdirectories for physical buses detected in the kernel.

class                       describes class of device like audio, network or printer.

Devices                list all detected devices by the physical bus registered with the kernel.

Firmware             lists an interface through which firmware can be viewed and manipulated.

Module                lists all loaded modules.

Power                   contains files that can be used to manage the power state of a specific hardware.

tmpfs Virtual File System

tmpfs is a Linux virtual file system that keeps data in the system virtual memory. It is the same like any other Virtual File Systems, any files created are not stored permanently on the disk, but instead temporarily stored in the Kernel’s internal caches.

The /tmp file system is used as the storage location for temporary files.

The /tmp file system is backed by an actual disk-based storage and not by a virtual system.

This location is chosen during Linux installation.

The systemd service manager is responsible for automatically creating and mounting the /tmp.

You can setup tmpfs style file system with the size you want, using the mount command.

$ mount it tmpfs -o size=2GB tmpfs  /home/myfolder

Awesome!!

Working with Linux virtual file system is very easy.

I hope you find the post useful and interesting. Keep coming back, we still have a lot to cover about server administration.

Thank you.