Linux has several virtual filesystems that serve various purposes.
DebugFS, SecurityFS, PipeFS, and SockFS are four important filesystems.
DebugFS
DebugFS is a RAM-based filesystem that is used for debugging. This
filesystem is a lot like ProcFS and SysFS, but instead displays
debugging information. Like many other RAM-based filesystems, DebugFS is
a kernel-user interface. This filesystem can be mounted using this
command in a terminal - "mount -t debugfs none /sys/kernel/debug".
If you want DebugFS to be mounted automatically on every system boot,
add this line to /etc/fstab (without the quotes) - "debugfs
/sys/kernel/debug debugfs defaults 0 0".
When configuring the Linux kernel, the name of this feature (DebugFS) is
called "CONFIG_DEBUG_FS". Enabling this enables DebugFS.
SecurityFS
SecurityFS is a virtual filesystem in memory for security kernel
modules. Kernel security modules place their policies and other data
here. The user-space sees SecurityFS as a part of SysFS. SecurityFS is
mounted on /sys/kernel/security/. Some of the security modules read and
write files here that are used for configuring the security modules. The
Linux Security Modules (LSM) will manually mount SecurityFS because the
LSMs read/write data on this pseudo-filesystem, unless the filesystem
is already mounted.
The LSMs make a folder on the root of SecurityFS with their name on it.
For example, AppArmor would make a directory titled "apparmor" at
/sys/kernel/security/.
PipeFS
PipeFS is a unique virtual filesystem. This filesystem is mounted inside
the kernel rather than in the userspace. While most filesystems are
mounted under "/", PipeFS is mounted on "pipe:", making PipeFS its own
root (yes, a second root filesystem). This filesystem is one superblock
and cannot exceed that amount system-wide. The entry point of this
filesystem/second-root is the system-call "pipe()". Unlike the other
virtual/pseudo filesystems, this one cannot be viewed.
Many of you may be wondering what purpose this PipeFS filesystem serves.
Unix pipes (simply called pipes) use this filesystem. When a pipe is
used (like this - ls | less), the pipe() system-call makes a new pipe
object on this filesystem. Without this filesystem, pipes cannot be
made. Also, threads and forks communicate together via pipes. Without
PipeFS, processes could not fork and threads could not communicate.
Network pipes also rely on this virtual/pseudo filesystem.
SockFS
SockFS is a RAM-located pseudo-filesystem for storing information about
the sockets/ports as well as a compatibility layer. SockFS is also
called the Socket FileSystem. Now, as for SockFS being a compatibility
layer, the write() system-call writes data to sockets/ports (the same
ports like port-21 for FTP). Now, it is important to know that these
sockets use the TCP or UDP network protocol and write() is the same
system-call for writing files on the hard-disk. So, the question is "how
is this possible?". The answer - SockFS. When write() writes data on
SockFS, the filesystem makes changes to the data to make it suitable for
the sockets. So, write() is not interacting directly with the sockets.
Instead, the SockFS filesystem is acting as a mediator between the
system-call and the sockets.
TIP: If you want a list of all of the mounted filesystems, both "real"
and virtual, type - cat /proc/filesystems. The filesystems will be
listed in the second column.
No comments:
Post a Comment