procfs | Go package for accessing the /proc virtual filesystem | File Utils library
kandi X-RAY | procfs Summary
kandi X-RAY | procfs Summary
Procfs is a parser for the /proc virtual filesystem on Linux written in the Go programming lanugage.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- linesToLimits converts lines to a map of Limit .
- ParseMeminfo parses a meminfo file
- Processes returns a map of all processes .
- parseField parses a line into field .
- NewProcessFromPath returns a new Process .
- linesToMeminfo converts a list of lines to memory .
- sysStart returns the start value
- makeUnit converts a string to Unit
- ParseStringsIntoStruct takes a slice of strings and parses it into a struct
- Sessionid returns the session id .
procfs Key Features
procfs Examples and Code Snippets
Community Discussions
Trending Discussions on procfs
QUESTION
I'm working on a procfs kernel extension for macOS and trying to implement a feature that emulates Linux’s /proc/cpuinfo similar to what FreeBSD does with its linprocfs. Since I'm trying to learn, and since not every bit of FreeBSD code can simply be copied over to XNU and be expected to work right out of the jar, I'm writing this feature from scratch, with FreeBSD and NetBSD's linux-based procfs features as a reference. Anyways...
Under Linux, $cat /proc/cpuinfo showes me something like this:
...ANSWER
Answered 2022-Mar-18 at 07:54There is no need to allocate memory for this task: pass a pointer to a local array along with its size and use strlcat properly:
QUESTION
I have several VMs running gilab-runner,and I'm using gitlab-ci to deploy microservices into those VMs. Now I want to monitoring those VMs with prometheus and grafana, but i need to setup node-exporter/cadvisor etc. service into those VMs.
My Ideas is using gitlab-ci to define a common job for those VMs.
I have already write the docker-compose.yml and .gitlab-ci.yml.
...ANSWER
Answered 2021-Nov-15 at 22:36This is probably not a good way to be deploying your services onto virtual machines. You don't want to just launch your GitLab CI job and then hope that it results in what you want. Managing each VM separately is both going to be tedious and error-prone.
You probably want to do is have a method that has a declarative way to define/describe your infrastructure and the state of how that infrastructure should be configured and the applications running on it.
For example, you could:
- Use a proper orchestrator, such as docker swarm or Kubernetes AND/OR
- Use a provisioning tool, such as Ansible connected to each VM, or if your VMs run in the cloud, Terraform or similar.
In both these examples, you can leverage these tools from a single GitLab CI job and deploy changes to all of your VMs/clusters at once.
Using docker swarmFor example, instead of running your docker-compose on 20 hosts, you can join all 20 VMs to the same docker swarm.
Then in your compose file, you create a deploy key specifying how many replicas you want across the swarm, including numbers per node. Or use mode: global to simply specify you want one container of the service per host in your cluster.
QUESTION
I am trying to install this package: github.com/czerwonk/bird_exporter After installing golang like so:
...ANSWER
Answered 2021-Sep-11 at 09:06This issue has been resolved. The reason for the confusion was the log output as it was hard to read, but eventually I found this:
QUESTION
pip3 list
Package Version
------------------- ------------
apipkg 1.5
apparmor 3.0.3
appdirs 1.4.4
asn1crypto 1.4.0
brotlipy 0.7.0
certifi 2021.5.30
cffi 1.14.6
chardet 4.0.0
cmdln 2.0.0
configobj 5.0.6
createrepo-c 0.17.3
cryptography 3.3.2
cssselect 1.1.0
cupshelpers 1.0
cycler 0.10.0
decorator 5.0.9
idna 3.2
iniconfig 0.0.0
isc 2.0
joblib 1.0.1
kiwisolver 1.3.1
LibAppArmor 3.0.3
lxml 4.6.3
matplotlib 3.4.3
mysqlclient 2.0.3
nftables 0.1
notify2 0.3.1
numpy 1.21.1
opi 2.1.1
ordered-set 3.1.1
packaging 20.9
pandas 1.3.1
Pillow 8.3.1
pip 20.2.4
ply 3.11
psutil 5.8.0
py 1.10.0
pyasn1 0.4.8
pycairo 1.20.1
pycparser 2.20
pycups 2.0.1
pycurl 7.43.0.6
PyGObject 3.40.1
pyOpenSSL 20.0.1
pyparsing 2.4.7
pysmbc 1.0.23
PySocks 1.7.1
python-dateutil 2.8.2
python-linux-procfs 0.6
pytz 2021.1
pyudev 0.22.0
requests 2.25.1
rpm 4.16.1.3
scikit-learn 0.24.2
scipy 1.7.1
setuptools 57.4.0
six 1.16.0
sklearn 0.0
slip 0.6.5
slip.dbus 0.6.5
termcolor 1.1.0
threadpoolctl 2.2.0
torch 1.9.0+cu111
torchaudio 0.9.0
torchvision 0.10.0+cu111
tqdm 4.62.1
typing-extensions 3.10.0.0
urllib3 1.26.6
ANSWER
Answered 2021-Aug-20 at 18:37It is very likely that pip3 is pointing to a different python instance.
Imagine you had python, python3, python3.6 and python3.8 all installed on your system. Which one would pip3 install packages for? (who knows?)
It is almost always safer to do python3.8 -m pip list/install since you can be sure that python3.8 somefile.py will be using the same files you just saw. (even better, do python3.8 -m venv /path/to/some/virtualenv and then make sure that is activated, then you can be sure pip points to the same python)
QUESTION
I am creating a proc file (/proc/key) that a user can write his decryption_key to it and then this key will be used to decrypt the contents of a buffer stored inside a kernel module. Also, I have another proc entry (/proc/decrypted) that will be used to read the contents of the buffer that stores the decrypted text.
The problem is that I don't want the user to be able to write anything to the (/proc/decrypted) file and I don't want him to read anything from the (/proc/key). How can this be implemented?
I have pointed the corresponding functions inside the file_operations struct to NULL, but obviously, this is going to cause segmentation faults once the user tries them.
How can I prevent reading or writing from a procfs? should I just create functions that have no body and point the file_operations struct to them when needed?
...ANSWER
Answered 2021-Apr-16 at 22:45If you want to disallow reading, you can just omit explicitly setting the .read field of struct file_operation. If the structure is defined as static and therefore initialized to 0, all fields that are not explicitly overridden will default to NULL, and the kernel will simply not do anything and return an error (I believe -EINVAL) whenever user code tries to call read on your open file.
Alternatively, if you want to return a custom error, you can define a dummy function which only returns an error (like for example return -EFAULT;).
Do you think the way I am "writing" the key into the buffer is the right way to do it ?
This is wrong for multiple reasons.
First, your copy_from_user() is blindly trusting the user count, so this result in a kernel buffer overflow on the temp variable, which is pretty bad. You need to check and/or limit the size first. You are also not checking the return value of copy_from_user(), which you should (and it is not an int, but rather an unsigned long).
QUESTION
I have installed kube-prometheus-stack as a dependency in my helm chart on a local Docker for Mac Kubernetes cluster v1.19.7.
The myrelease-name-prometheus-node-exporter service is failing with errors received from the node-exporter daemonset after installation of the helm chart for kube-prometheus-stack is installed. This is installed in a Docker Desktop for Mac Kubernetes Cluster environment.
release-name-prometheus-node-exporter daemonset error log
...ANSWER
Answered 2021-Apr-01 at 08:10This issue was solved recently. Here is more information: https://github.com/prometheus-community/helm-charts/issues/467 and here: https://github.com/prometheus-community/helm-charts/pull/757
Here is the solution (https://github.com/prometheus-community/helm-charts/issues/467#issuecomment-802642666):
[you need to] opt-out the rootfs host mount (preventing the crash). In order to do that you need to specify the following value in values.yaml file:
QUESTION
Here is the output of a sample /proc/pid/status file.
From the procfs(5) Man page, found that those are Real, Effective, Saved and FileSystem UIDs
...ANSWER
Answered 2021-Feb-26 at 14:02Taking this as a question:
So, in any chance those four columns will show different UIDs.
Yes. Subject to various limitations, processes can change their effective and saved UIDs and GIDs. This is what the setuid(), setgid(), seteuid(), and setegid() functions do.
The filesystem uid and gid are Linux-specific features that are used mainly, if not entirely, in the context of NFS (see filesystem uid and gid in linux). These can be manipulated with setfsuid() and setfsgid(), subject, again, to limitations.
For most processes, all the UIDs will the same and all the GIDs will be the same, but it is conceivable that they would all be different. It is a function of the behavior of the process.
QUESTION
The background of my question is a set of test cases for my Linux-kernel Namespaces discovery Go package lxkns where I create a new child user namespace as well as a new child PID namespace inside a test container. I then need to remount /proc, otherwise I would see the wrong process information and cannot lookup the correct process-related information, such as the namespaces of the test process inside the new child user+PID namespaces (without resorting to guerilla tactics).
The test harness/test setup is essentially this and fails without --privileged (I'm simplifying to all caps and switching off seccomp and apparmor in order to cut through to the real meat):
ANSWER
Answered 2021-Jan-30 at 16:26Quite some more digging turned up this answer to "About mounting and unmounting inherited mounts inside a newly-created mount namespace" which points in the correct direction, but needs additional explanations (not least due to basing on a misleading paragraph about mount namespaces being hierarchical from man pages which Michael Kerrisk fixed some time ago).
Our starting point is when runc sets up the (test) container, for masking system paths especially in the container's future /proc tree, it creates a set of new mounts to either mask out individual files using /dev/null or subdirectories using tmpfs. This results in procfs being mounted on /proc, as well as further sub-mounts.
Now the test container starts and at some point a process unshares into a new user namespace. Please keep in mind that this new user namespace (again) belongs to the (real) root user with UID 0, as a default Docker installation won't enable running containers in new user namespaces.
Next, the test process also unshares into a new mount namespace, so this new mount namespace belongs to the newly created user namespace, but not to the initial user namespace. According to section "restrictions on mount namespaces" in mount_namespaces(7):
If the new namespace and the namespace from which the mount point list was copied are owned by different user namespaces, then the new mount namespace is considered less privileged.
Please note that the criterion here is: the "donor" mount namespace and the new mount namespace have different user namespaces; it doesn't matter whether they have the same owner user (UID), or not.
The important clue now is:
Mounts that come as a single unit from a more privileged mount namespace are locked together and may not be separated in a less privileged mount namespace. (The unshare(2) CLONE_NEWNS operation brings across all of the mounts from the original mount namespace as a single unit, and recursive mounts that propagate between mount namespaces propagate as a single unit.)
As it now is not possible anymore to separate the /proc mountpoint as well as the masking submounts, it's not possible to (re)mount /proc (question 1). In the same sense, it is impossible to unmount /proc/kcore, because that would allow unmasking (question 2).
Now, when deploying the test container using --security-opt systempaths=unconfined this results in a single /proc mount only, without any of the masking submounts. In consequence and according to the man page rules cited above, there is only a single mount which we are allowed to (re)mount, subject to the CAP_SYS_ADMIN capability including also mounting (besides tons of other interesting functionality).
Please note that it is possible to unmount masked /proc/ paths inside the container while still in the original (=initial) user namespace and when possessing (not surprisingly) CAP_SYS_ADMIN. The (b)lock only kicks in with a separate user namespace, hence some projects striving for deploying containers in their own new user namespaces (which unfortunately has effects not least on container networking).
QUESTION
I'm trying to deploy a Prometheus nodeexporter Daemonset in my AWS EKS K8s cluster.
...ANSWER
Answered 2020-Nov-10 at 12:03As posted in the comments:
Please add to the question the steps that you followed (editing any values in the Helm chart etc). Also please check if the nodes are not over the limit of pods that can be scheduled on it. Here you can find the link for more reference: LINK.
no processes occupying 9100 on the given node. @DawidKruk The POD limit was reached. Thanks! I expected them to give me some error regarding that rather than vague node selector property not matching
Not really sure why the following messages were displayed:
- node(s) didn't have free ports for the requested pod ports
- node(s) didn't match node selector
The issue that Pods couldn't be scheduled on the nodes (Pending state) was connected with the Insufficient pods message in the $ kubectl get events command.
Above message is displayed when the nodes reached their maximum capacity of pods (example: node1 can schedule maximum of 30 pods).
More on the Insufficient Pods can be found in this github issue comment:
That's true. That's because the CNI implementation on EKS. Max pods number is limited by the network interfaces attached to instance multiplied by the number of ips per ENI - which varies depending on the size of instance. It's apparent for small instances, this number can be quite a low number.
Docs.aws.amazon.com: AWSEC2: User Guide: Using ENI: Available IP per ENI
-- Github.com: Kubernetes: Autoscaler: Issue 1576: Comment 454100551
Additional resources:
QUESTION
I have an Elastic APM-Server up and running and it has successfully established connection with Elasticsearch.
Then I installed an Elastic APM Go agent:
...ANSWER
Answered 2020-Aug-19 at 05:40Since you didn't mention it above: did you instrument a Go application? The Elastic APM Go "Agent" is a package which you use to instrument your application source code. It is not an independent process, but runs within your application.
So, first (if you haven't already) instrument your application. See https://www.elastic.co/guide/en/apm/agent/go/current/getting-started.html#instrumenting-source
Here's an example web server using Echo, and the apmechov4 instrumentation module:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install procfs
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
