How can I tarball the proc file system? How can I tarball the proc file system? bash bash

How can I tarball the proc file system?


The linux /proc filesystem is actually kernel variables pretending to be a filesystem. There is nothing to save thus nothing to backup. If the system let you, you could rm -rf /proc and it would magically reappear upon the next reboot.

The /dev file system has real i-nodes and they can be backed up. Except they have no contents, just a major and minor number, permissions, and a name. Tools that do backup special device files only record those parameters and never try to open(2) the device. However, since the device major and minor numbers are only meaningful on the precise system they are built for, there is little cause for backing them up.

The reason that trying to tar the /proc pseudo-filesystem causes tar to segfault is because /proc has funny file behavior: things like a write-only pseudo-file may appear to have read permissions, but return an error indication if a program tries to open(2) it for backup. That's sure to drive a naïve tar to get persnickety.

Added in response to comment

It doesn't surprise me that tar had problems reading /proc/kmsg because it has some funny properties:

# strace cat /proc/kmsgexecve("/bin/cat", ["cat", "kmsg"],open("kmsg", O_RDONLY|O_LARGEFILE)      = 3// ok, no problem opening the file for readingfstat64(3, { st_mode=S_IFREG|0400,  st_size=0,// looks like a normal file of zero length// but cat does not pay attention to st_size so it just// does a blocking readread(3, "<4>[103128.156051] ata2.00: qc t"..., 32768) = 461write(1, "<4>[103128.156051] ata2.00: qc t"..., 461) = 461// ...forever...read(3, "<6>[103158.228444] ata2.00: conf"..., 32768) = 48write(1, "<6>[103158.228444] ata2.00: conf"..., 48) = 48+++ killed by SIGINT +++

Since /proc/kmsg is a running list of kernel messages as they happen, it never returns 0 (EOF) it just keeps going until I get bored and press ^C.

Interestingly, my tar has no trouble with /proc/kmsg:

$ tar --versiontar (GNU tar) 1.22# tar cf /tmp/junk.tar /proc/kmsg$ tar tvf /tmp/junk.tar-r-------- root/root         0 2010-09-01 14:41 proc/kmsg

and if you look at the strace output, GNU tar 1.22 saw that st_length == 0 and didn't even bother opening the file for reading, since there wasn't anything there.

I can imagine that your tar saw the length was 0, allocated that much (none) space using malloc(3) which dutifully handed back a pointer to a zero length buffer. Your tar read from /proc/kmsg, got a non-zero length read, and tried to store it in the zero length buffer and got a segmentation violation.

That is but one rat-hole that awaits tar in /proc. How many more are there? Dunno. Will they behave identically? Probably not. Which of the ~1000 or so files which aren't /proc/<pid> psuedo-files are going to have weird semantics? Dunno.

But perhaps the most telling question: What sense would you make of /proc/sys/vm/lowmem_reserve_ratio, will it be different next week, and will you be able to learn anything from that difference?


While the accepted answer makes a lot of sense if you want to argue the sense of doing something like this, nevertheless there is an answer that works. Here's a script to duplicate the complete /proc file system into /tmp/proc. This can then be tarred and gzipped. I used this to keep a memory of the setup and capabilities (memory, bogomips, default processes, etc.) of my trusty old file server before I replaced it with a new one.

cd /mkdir /tmp/procfind /proc -type f | while read F ; do   D=/tmp/$(dirname $F)   test -d $D || mkdir -p $D   test -f /tmp/$F || sudo cat $F > /tmp/$Fdone

Notes:Permissions are not preserved since I have to use cat instead of cp.cp -a /proc /proccopy doesn't work since it crashes on "kcore" as well. mc (Midnight Commander) succeeds in creating a copy of /proc which you can then tar and gzip, but you have to dismiss thousands of "Cannot read file XYZ" errors and it too crashes on 'kcore' with a Bus Error.


A simple answer:

ls -Rd /proc/* > proc.lst foreach item (<proc.lst>)  echo "proc_file:$item"  if (-f $item) cat $itemend

Apropos the site advisory protocol:

"But avoid ... Making statements based on opinion..."

(IMHO...based on quite a few years experience) It doesn't require much imagination to think of some good reasons for, at a given point in time, taking a snapshot of selected elements of /proc/* and storing it, or sending it somewhere. Therefore, I would question the usefulness of an 'answer' such as:

The linux /proc filesystem is actually kernel variables pretending to be a filesystem. There is nothing to save thus nothing to backup. If the system let you, you could rm -rf /proc and it would magically reappear upon the next reboot.

...on the grounds that it doesn't answer the question, makes a false assertion, and contains gratuitous information irrelevant to the question.