Overview
Process Control
Lifecycle of a Process
Normal lifecycle
parent forks → child runs → child exits → child becomes zombie
→ parent calls wait()
→ zombie cleaned up ✓
When parent dies first
parent dies → kernel scans all processes
→ finds children whose parent PID is now dead
→ reparents them to PID 1 (init/systemd)
→ children keep running normally
→ when they eventually die, systemd calls wait()
→ cleaned up ✓
# note: a child can opt in to dying with its parent
/proc
the /proc directory, a pseudo-filesystem in which the kernel exposes a variety of interesting information about the system’s state. Despite the name /proc (and the name of the underlying filesystem type, “proc”), the information is not limited to process information—a variety of status information and statistics generated by the kernel are represented here
| File | Contents |
|---|---|
| cgroup | The control groups to which the process belongs |
| cmd | Command or program the process is executing |
| cmdline | Complete command line of the process (null-separated) |
| cwd | Symbolic link to the process’s current directory |
| environ | The process’s environment variables (null-separated) |
| exe | Symbolic link to the file being executed |
| fd | Subdirectory containing links for each open file descriptor |
| fdinfo | Subdirectory containing further info for each open file descriptor |
| maps | Memory mapping information (shared segments, libraries, etc.) |
| ns | Subdirectory with links to each namespace used by the process |
| root | Symbolic link to the process’s root directory (set with chroot) |
| stat | General process status information (best decoded with ps) |
| statm | Memory usage information |
Commands
# environ, reading env vars of a process
cat environ | tr "\000" "\n"
IRIS_APIKEY=DAS3eML1bOqjsrfYWseXNEyEqgAnK3g31hq9zJ93TOx6jX48
EXPORTER_PORT=10043
# fds, are connecting to pipes and null input
ls -l fd
lrwx------ 1 alpine alpine 64 May 24 18:36 0 -> /dev/null
l-wx------ 1 alpine alpine 64 May 24 18:36 1 -> pipe:[269563]
l-wx------ 1 alpine alpine 64 May 24 18:36 2 -> pipe:[269564]
strace
snoop on processes’ syscalls
Commands
strace -p 8948 # attach to a running process
strace -e trace=file vim # start a process and trace, filter for file syscalls only
# Super useful to see where it looks for config files
strace -e trace=file -o vim_trace.txt vim # send to a file
# ./vim_trace.txt
stat("/home/alpine/.vimrc", 0x7ffd5cbbc7c0) = -1 ENOENT (No such file or directory)
open("/home/alpine/.vimrc", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = -1 ENOENT (No such file or directory)
stat("/home/alpine/.vim/vimrc", 0x7ffd5cbbc7c0) = -1 ENOENT (No such file or directory)
open("/home/alpine/.vim/vimrc", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = -1 ENOENT (No such file or directory)
stat("/home/alpine/.config/vim/vimrc", 0x7ffd5cbbc7c0) = -1 ENOENT (No such file or directory)
open("/home/alpine/.config/vim/vimrc", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = -1 ENOENT (No such file or directory)