-
译文:
The Linux virtual file system or virtual file system generally is a layer that sits on the top of your actual file system which allows the user to access different types of file systems, you can think of virtual file system as an interface between the kernel and the actual file system.
Linux 虚拟文件系统位于实际的文件系统之上,允许用户通过虚拟文件系统这一层访问不同的文件系统。你可以将其理解为内核和实际文件系统之间的接口。
That means you will not find any entries for those Linux virtual filesystems in your /etc/fstab file. Yet, you will still find them when you type the mount command.
也就是说,你在 /etc/fstab中不会看到任何关于虚拟文件系统的条目,然而,你却依然可以通过mount命令看到他们。
If you are coming from Windows, the virtual file system is the Registry.
如果你比较熟悉Windows,虚拟文件系统就相当于注册表。
1) /proc 文件系统
The proc file system is a virtual file system which is mounted on /proc directory.
proc 虚拟文件系统挂载在 /proc目录
There is no real file system exists on /proc, it’s a virtual layer that is used for dealing with the kernel functionalities.
/proc目录并不存在实际的文件系统,它只是用于处理内核功能的虚拟层。
For example, to get the processor specifications, type the following command:
例如想要查看处理器详细指标,可以键入如下的命令:
$ cat /proc/cpuinfo
This is a very powerful and easy way to query Linux kernel.
这是查看内核状态最方便的一种方式
Notice that if you check the size of the file in /proc directory, you will find that all file sizes are 0, because as we said they don’t exist on the disk.
需要注意的是,如果你去查看/proc目录下的文件大小,会发现所有的文件大小都是0,那是因为它们其实并没有存储在磁盘上而是存储在内存中。
When you type cat /proc/cpuinfo command, a file is dynamically created to show you the CPU info.
当你键入 cat /proc/cpuinfo 命令,cpuinfo文件将被动态创建以展示CPU信息。
The only file that has a size in /proc directory is /proc/kcore file, which shows the RAM content. Actually, this file isn’t occupying any space on the disk.
在/proc目录唯一有大小的是/proc/kcore文件,它显示了RAM的内容。实际上,这个文件并不占用磁盘上的任何空间。
2)Writing to Proc Files
As we’ve seen, we can read the content of proc files, but some of them are writable, so we can write to them to change some functionality.
可以看到,我们可以读取proc文件的内容,但其中一些也是可写的,所以可以通过改变这些文件修改系统的功能。
For example, this /proc/sys/net/ipv4/ip_forward file controls IP forwarding in case you have multiple network cards.
例如,在多卡网络中,/proc/sys/net/ipv4/ip_forward 控制IP的转发功能。
You can change the value of this file like this:
你可以参考如下配置,开启IP转发功能
$ echo "1" > /proc/sys/net/ipv4/ip_forward
Keep in mind that when you change any file or value under /proc directory there is no validation of what you are doing, you may crash your system if you type a wrong setting.
值得注意的是,当你变更/proc文件的内容时,这些值并不会被校验,错误的配置可能导致系统崩溃。
3) Persisting /proc Files Changes
The previous modification to the /proc/sys/net/ipv4/ip_forward entry will not survive after rebooting since you are not writing to a file, this is a virtual file system, means change happens to the memory.
之前对/proc/sys/net/ipv4/ip_forward的修改在系统重启后不会再次生效,因为你修改一个虚拟文件系统,只对内存进行了修改,并没有写入文件。
If you need to save changes under /proc, you have two ways:
有两种方式保存对/proc下文件的修改:
You can write your entries in /etc/rc.local file, or in Red Hat based distros like CentOS, create /etc/rc.d/rc.local file and make it executable and enable the systemd service unit that enables the use of the rc.local file and write your entries.-
可以在/etc/rc.local中增加命令,或在红帽系列如centos中:参考
- 创建/etc/rc.d/rc.local并增加可执行权限
- systemctl enable rc-local.service
- 在/etc/rc.d/rc.local增加相应的条目
The sysctl command is used to change entries in /proc/sys/ directory.
sysctl net.ipv4.ip_forward
sysctl 命令是用来修改/proc/sys/目录下的文件参数
This will show the value of the entry, to change it, use the -w option:
$ sysctl -w net.ipv4.ip_forward=1
加上-w选项可以直接进行参数修改
One final step is to write the changes to /etc/sysctl.conf:
$ echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
最后一步,把修改写入磁盘,重启生效。
Make sure that the file /etc/sysctl.conf does not contain the entry before you write your changes.
还需要注意的是 /etc/sysctl.conf 中不应有重复的项。
4) Common /proc Entries
These are some of the commonly used /proc entries:
下面列出了常用的/proc配置选项:
| 选项 | 简介 |
|---|---|
| /proc/cpuinfo | information about CPUs in the system. |
| /proc/meminfo | information about memory usage. |
| /proc/ioports | list of port regions used for I/O communication with devices. |
| /proc/mdstat | display the status of RAID disks configuration. |
| /proc/kcore | displays the system actual memory. |
| /proc/modules | displays a list of kernel loaded modules. |
| /proc/cmdline | displays the passed boot parameters. |
| /proc/swaps | displays the status of swap partitions. |
| /proc/iomem | the current map of the system memory for each physical device. |
| /proc/version | displays the kernel version and time of compilation. |
| /proc/net/dev | displays information about each network device like packets count. |
| /proc/net/sockstat | displays statistics about network socket utilization. |
| /proc/sys/net/ipv4/ip_local_port_range | display the range of ports that Linux uses. |
| /proc/sys/net/ipv4/tcp_ syncookies | protection against syn flood attacks. |
5) Listing /proc Directory
If you list the files in /proc directory, you’ll notice a lot of directories which have numeric names, these directories contain information about the running processes and the numeric value is the corresponding process ID.
/proc下数字名称的文件夹下,即对应进程号的相关信息
You can check the consumed resources by a specific process from these directories.
你可以通过查看指定进程目录下的文件,获取进程资源的消耗详情。
If you take a look at the folder named 1, it belongs to the init process or systemd (like CentOS 7) which is the first process runs When Linux starts.
$ ls -l /proc/1
你可以看一下1号进程目录,它属于系统初始化进程或者systemd(centos7 中),也就是linux 系统启动的第一个进程。
01-Linux-Virtual-File-System.png
The /proc/1/exe file is a symbolic link to /lib/systemd/systemd binary or /sbin/init in other systems that use init binary.
/proc/1/exe 这个文件是 /lib/systemd/systemd 或 /sbin/init 的链接文件。
The same concept applies to all numeric folders under /proc directory.
/proc目录其他以数字命名的文件也是如此。
6) /proc Useful Examples
To protect your server from SYN flood attack, you can use iptables to block SYN packets.
为了防止你的服务器受到SYN flood攻击(拒绝服务攻击),你可以设置iptables 阻止 SYN包。
A better solution is to use SYN cookies. A special method in the kernel that keeps track of which SYN packets come. If the SYN packets don’t move to established state within a reasonable interval, the kernel will drop them.
一个好的解决方式是 SYN cookies,在内核中通过一种特殊的方法,去跟踪有哪些SYN包进来,如果SYN 包没有在一个合理的时间间隔内转换到 established 状态,则内核将会丢弃这些SYN包。
$ sysctl -w net.ipv4.tcp_syncookies=1
And to persist the changes.
如果想持久化这些修改:
$ echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
Another useful example which is the /proc/sys/fs/file-max, this value shows the maximum files (including sockets, files, etc,) that can be opened at the same time.
另外一个比较有用的例子就是 /proc/sys/fs/file-max,这个值表示系统能够同时打开的文件句柄的数量(包含 sockets、文件等)
You can increase this number like this:
可以通过如下方式增大这个数值
$ sysctl -w "fs.file-max=96992"
$ echo "fs.file-max = 96992" >> /etc/sysctl.conf
7) sysfs Virtual File System
sysfs is a Linux virtual file systems which mean it’s also in memory.
sysfs 也是 虚拟文件系统,也就是只存在于内存中。
sysfs file system can be found at /sys. The sysfs can be used to get information about your system hardware.
sysfs 文件系统位于 /sys目录,sysfs展示了系统硬件的相关信息。
ls -l /sys
From the result of the above command, the file sizes are all zero because as we know this is a Linux virtual file system.
从上述命令的结果中可以看到,所有文件的大小都是0,从而也验证了这是虚拟文件系统。
The top level directory of /sys contains the following:
/sys目录下包含了如下文件:
| 文件 | 简介 |
|---|---|
| Block | list of block devices detected on the system like sda. |
| Bus | contains subdirectories for physical buses detected in the kernel. |
| class | describes class of device like audio, network or printer. |
| Devices | list all detected devices by the physical bus registered with the kernel. |
| Module | lists all loaded modules. |
| Power | the power state of your devices. |
8) tmpfs Virtual File System
tmpfs is a Linux virtual file system that keeps data in the system virtual memory. It is the same like any other Virtual File Systems, any files are temporarily stored in the Kernel’s internal caches.
tmpfs 也是虚拟文件系统,它的内容存在于系统虚拟内存之中。和其他虚拟文件系统一样,所有的文件只是暂时的存储在内核的内部缓存中。
The /tmp file system is used as the storage location for temporary files.
/tmp 是用于存储临时文件的目录。
The /tmp file system is backed by an actual disk-based storage and not by a virtual system.
/tmp文件目录存储于实际的磁盘之上,而不是一个虚拟的文件系统。
This location is chosen during Linux installation
这个临时目录的位置可以在系统安装时选择。
The /tmp is created automatically by systemd service when booting the system.
/tmp目录由 systemd 服务在系统启动是自动创建。
You can setup tmpfs style file system with the size you want, using the mount command.
你可以使用mount命令任意设置 tmpfs类型的文件系统大小:
$ mount it tmpfs -o size=2GB tmpfs /home/myfolder
网友评论