I know pgrep, top, and ps all query /proc filesystems. So far so good. Yet what got me thinking is that in the past there was no /proc filesystem. Even nowadays, Mac OS X, as far as I know, has no /proc filesystem, yet top still accesses process info, which sugggests to me such info should be coming from kernel directly. My question, however, is specific to Linux. Which libraries and/or syscalls can be used to query process information directly, bypassing /proc ?
Linux – Is it possible to query process information from Linux kernel directly
clinux-kernelproc
Best Answer
It is possible to query process information from the Linux kernel directly — by reading files under
/proc. This is the way it's done on Linux, Solaris and several other Unix variants.Ancient Unix systems had a
pscommand that was setuid root and mapped some kernel memory (through/dev/kmemor similar) and parsed kernel data structures. This requiredpsto have privileges (dangerous) and to be tied to the exact kernel version (inconvenient).On modern *BSD systems,
psworks by calling thesysctlfunction, which in turn makes system calls to retrieve information formatted as structures defined by a binary format. MacOS uses the same mechanism.Linux does not have this BSD interface. It uses procfs and sysfs to allow userland to retrieve information from the kernel. Where BSD marshals information in a binary format retrieved by a special-purpose system call, Linux marshals information as strings retrieved through ordinary file access to a special-purpose filesystem. It would be possible to use the same method as in ancient Unix systems, but nobody does it because it's such an inferior method (requires privileges and requires updating whenever the kernel data structures change).