Overview of Linux syscalls
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
A
- accept
- Accept a connection on a socket
- access
- Checks whether the calling process can access the pathname, dereferenced when it is a symbolic link
- add_key
- Create or update a key for kernel key management facility
- adjtimex
- Reads and optionally sets adjustment parameters for clock adjustment algorithm used on Linux (RFC 5905)
- alarm
- Schedule an alarm; it lets the system generate a SIGALRM signal for the process after a specified time
B
- bind
- Assigns address to a socket that was created with socket()
- brk
- Change the location of program break, specifically the end of the process's data segment
C
- cacheflush
- Flushes contents of cache(s) for user addresses in specified range
- capget
- Retrieve thread capabilities
- capset
- Set thread capabilities
- chdir
- Change work directory
- chmod
- Change mode of the file, dereferenced for symbolic links
- chown
- Changes ownership of file specified by pathname, dereferenced if file is a symbolic link
- chroot
- The root directory (which is normally /) of the calling process will be changed to the one specified in the path to sandbox a process
- clock_adjtime
- Reads and optionally sets adjustment parameters for clock adjustment algorithm used on Linux (RFC 5905). It behaves like adjtimex(), but takes an additional clk_id argument to define the clock
- clock_getres
- Retrieve the resolution (precision) of a specified clock
- clock_gettime
- Retrieve time from specified clock
- clock_settime
- Set time of specified clock
- clone
- Similar to fork() to create a child process, with more fine-grained options to define what is shared between calling process and child. This system call can also make a new process part of newly created namespace by specifying a flag.
- clone2
- Specific for ia64 platform, similar to clone() but with different handling of stack assignment
- clone3
- Provides superset of the functionality of the older clone() interface to create child process
- close
- Close file descriptor
- close_range
- Close the file descriptors of the selected range
- connect
- Initiate connection on a defined socket
- creat
- Like open(), but sets flags O_CREAT|O_WRONLY|O_TRUNC
- create_module
- Deprecated syscall to create an entry to load a kernel module and reserve the kernel memory for it
D
- delete_module
- Tries to remove an unused loadable module entry which is related currently loaded Linux kernel module (LKM)
- dup
- Duplicate file descriptor; more specifically it allocates a new file descriptor that also refers to open file description oldfd
- dup2
- Same as dup(), duplicate file descriptor; difference is that it uses file descriptor number specified in newfd
- dup3
- Same as dup2(); difference is that caller can force close-on-exec flag (O_CLOEXEC) to be set
E
- epoll_ctl
- Manage (add, modify, remove) entries in epoll instance, which is used to monitor if I/O is allowed on the defined set of file descriptors. Similar to poll(), with additional benefits.
- epoll_wait
- Waits for events on an epoll instance which is defined by a file descriptor (epfd)
- execve
- Executes the program referred to by specified pathname
- exit
- Terminates the calling process, parent process will receive a SIGCHLD signal
F
- faccessat
- Similar to access(), works slightly different when pathname is relative
- faccessat2
- Closely similar to faccessat() but implements flags argument to correct incorrect implementation in faccessat()
- fallocate
- Allows the caller to manipulate allocated disk space for a file
- fchdir
- Similar to chdir, but uses open file descriptor
- fchmod
- Same as chmod, but used file by open file descriptor fd
- fchmodat
- Similar to chmod(), works slightly different when pathname is relative
- fchown
- Changes ownership of file, referred to by open file descriptor (fd)
- fchownat
- Similar to fchown(), but deals differently with relative paths
- fcntl
- Performs an action on file defined by a file descriptor, such as setting flags
- fgetxattr
- Retrieves xattr (extended attributes) by using a file descriptor returned by open()
- finit_module
- Similar to init_module(); loads image (ELF) but refers to a file description
- flistxattr
- Like listxattr() it retrieves the list of extended attributes (xattr) but associated with an open file descriptor
- flock
- Apply or remove advisory lock on file
- fork
- Create a new child process by duplicating the calling process, with caller becoming the parent process
- fstat
- Similar to stat(), but uses file descriptor fd
- fstatat
- More generic interface to receive information that is similar to stat(), fstat(), and lstat()
- fstatfs
- Returns information about an open file
- ftruncate
- Truncate a file open for writing to specified number of bytes, which may fill it with null bytes (\0) or decrease its size and losing data
- futex
- Provides a method for waiting until certain condition becomes true
G
- get_current_dir_name
- Like getcwd(); will retrieve current working directory but creates an array to store the value
- getcwd
- Copies the absolute pathname of current working directory to a buffer
- getdents
- Retrieve entries from a directory
- getegid
- Returns effective group ID of the calling process
- geteuid
- Retrieve effective user ID of calling process
- getgid
- Returns real group ID of the calling process
- getgroups
- Returns supplementary group IDs of calling process
- getpeername
- Receive address of the peer connected to a socket
- getpgid
- Retrieve process group ID (PGID)
- getpgrp
- Retrieves process group ID (PGID) of the calling process
- getpid
- Returns process ID (PID) of calling process
- getppid
- Returns process ID (PID) of parent of the calling process
- getrandom
- Receive random bytes
- getrlimit
- Get resource limits
- getsid
- Receive session ID of a defined process
- getsockname
- Retrieve current address of defined socket
- getsockopt
- Get options for socket
- gettid
- Returns thread ID (TID) of caller. Same as process ID (PID) for single-threaded applications, otherwise different
- gettimeofday
- Get time or timezone
- getuid
- Retrieve real user ID of calling process
- getwd
- Retrieves current working directory in specified pointer to a related buffer; deprecated for security and portability reasons
- getxattr
- Retrieves xattr (extended attributes) from a given file defined by its path and name
I
- init_module
- Load image (ELF) into the kernel space including the required steps to initialize it, including triggering the init() function of the module
- inotify_add_watch
- Adds a new watch or change an existing watch for a file
- inotify_init
- Initializes new inotify instance and returns file descriptor that is associated with a new inotify event queue
- inotify_init1
- Like inotify_init() it initializes a new inotify instance and returns file descriptor that is associated with a new inotify event queue, with additional flags
- inotify_rm_watch
- Removes a watch with a watch descriptor (wd) from an inotify instance specified by its file descriptor (fd)
- io_cancel
- Attempts to cancel asynchronous I/O operation that was submitted by io_submit()
- io_submit
- Submit asynchronous I/O blocks for processing, can be cancelled with io_cancel()
K
- kexec_file_load
- Similar to kexec_load(), but uses file descriptor for kernel and initrd (initial ram disk)
- kexec_load
- Load new kernel for later execution
- keyctl
- Allow user-space programs to take actions on keys, such as updating, revocation, ownership
L
- lchown
- Like chown(), does not dereference symbolic links
- lgetxattr
- Retrieves xattr (extended attributes) for symbolic links itself, not the destination it links to
- link
- Create new link (hard link) to existing file
- linkat
- Similar to link(), but deals differently with relative paths
- listen
- Marks socket as a passive to allow it accepting incoming connections with accept()
- listxattr
- Retrieves the list of extended attributes (xattr) associated with the path
- llistxattr
- Like listxattr, it retrieves the list of extended attributes (xattr) associated with the path, but if it is a symbolic link it will give information about the link, not the destination target
- lseek
- Reposition file offset for read/write
- lstat
- Similar to stat(), but if pathname is symbolic link, return information about link and not the file that symbolic link points to
M
- mkdir
- Create directory
- mkdirat
- Similar to mkdir() but deals differently with relative paths
- mknod
- Create filesystem node (file, device special file, or named pipe) named pathname
- mknodat
- Similar to mknod, works slightly different when pathname is relative
- mlock
- Lock pages in a specified address range, so they are guaranteed to stay in memory instead of being swapped to disk
- mlock2
- Same as mlock() if flags is 0. With flag MLOCK_ONFAULT is locks the current resident pages, the mark the range so currently nonresident pages are locked later when they are used (page fault)
- mlockall
- Similar to mlock, but tries to lock all the memory pages of the calling process to prevent swapping
- mmap
- Create new mapping in the virtual address space of the calling process
- mprotect
- Sets protection on a defined region of memory
- mseal
- Provides memory protection by allow developers to mark specific memory regions immutable, which helps with exploit mitigation
- munlock
- Opposite of mlock() to release lock on memory area, so it can be swapped to disk if needed
- munlockall
- Unlocks all memory pages of calling process so it can be swapped to disk again by the kernel
- munmap
- Deletes the mappings for specified address range and marks range to generate invalid memory references
N
- nanosleep
- Suspends the execution of the thread calling the request
- nice
- Change process priority, with +19 (lowest priority) up to to -20 (high priority)
- ntp_adjtime
- Doing same task as adjtimex(), but is a more portable interface
O
- open
- Opens file specified by pathname to allow reading or writing data
- open_by_handle_at
- The open_by_handle_at opens a file handle returned by a name_to_handle_at() and returns an open file descriptor.
- openat
- Similar to open(), but uses dirfd argument and deals differently with path
P
- pause
- Changes the thread or process that is calling the request to sleep until the moment a signal is received
- personality
- Set or get the personality for a process, a kernel execution domain
- pidfd_open
- Obtain a file descriptor referring to a process
- pipe
- Create a pipe that allows unidirectional communication between processes
- pipe2
- Similar to pipe(), to create a channel between two processes. With flag O_DIRECT it will use packet-style communication instead of a stream
- poll
- Similar task to select(2), which is waiting for a set of file descriptors to become available for I/O.
- ppol
- Let an application wait until file descriptor is available or signal is caught
- prctl
- Perform operations on a process or thread, such as changing its capabilities, set name of the calling thread, set the secure computing mode (seccomp), and more.
- pread64
- Similar to pread() but with an offtype of type off64_t that allows changing file positions in files larger than two gigabytes
- preadv
- Reads data into multiple buffers as readv(), with option to set an offset where in the file the read operation is to be performed.
- preadv2
- Reads data into multiple buffers like preadv(), with additional flags
- prlimit
- Get and sets resource limit, combines getrlimit() and setrlimit()
- ptrace
- Process tracing; usually for breakpoint debugging and system call tracing
- pwrite64
- Similar to pwrite() but with an offtype of type off64_t that allows changing file positions in files larger than two gigabytes
- pwritev
- Write to file description like writev(), except that multiple buffers are written
- pwritev2
- Write to file description like pwritev() with multiple buffers, additionally has extra flags
R
- read
- Read from file descriptor
- readdir
- Read a directory
- readlink
- Places a copy of the symbolic link referenced by its path into a buffer
- readlinkat
- Like readlinkat() it places a copy of the symbolic link referenced by its path into a buffer, but can use relative path
- readv
- Read buffers from file
- reboot
- Reboots the system, or enables/disables reboot keystroke (default: Ctrl+Alt+Delete; changed using loadkeys(1))
- recv
- Like read(), but normally only used on a socket and has additional flags that can be set
- recvfrom
- Receives a message on a socket, close to recv(), but with additional flags related to receiving source
- recvmsg
- Receives a message on a socket with a predefined structure to minimize the number of arguments
- rename
- Rename a file, move it between directories if required
- renameat
- Similar to rename(), with deals differently with relative paths
- renameat2
- Similar to renameat() when no flags are provided, otherwise it has additional options
- request_key
- Request a key from kernel key management facility
- rmdir
- Delete directory
S
- sbrk
- Change the location of program break, specifically it increments the program's data space
- sched_getaffinity
- Retrieves the mask on which CPUs the process thread can run
- sched_setaffinity
- Defines by using a mask on which CPUs the process thread can run
- sched_yield
- Request by the calling thread to free up itself from the CPU and move it to the very end of the queue, so the next thread can run
- seccomp
- Perform operations on the secure computing (seccomp) state of a process
- select
- Let a program monitor multiple file descriptors until one or more become available for I/O actions. This system call has limitations and typically poll or epoll is used.
- sendfile
- Copies data between one file descriptor and another
- sendto
- Transmits a message to another socket
- setdomainname
- Sets the NIS domain name to the defined value
- setfsgid
- Sets the group identity used for performing file system checks
- setgid
- Set effective group ID of calling process, with CAP_SETGID capability it also sets real GID and saved set-group-ID
- setgroups
- Defines supplementary group IDs of calling process
- sethostname
- Sets the hostname to the defined value
- setns
- Allows calling thread to switch to a different namespace
- setpgid
- Sets the process group ID (PGID) of the process
- setrlimit
- Set resource limits
- setsockopt
- Set options on socket
- settimeofday
- Set time or timezone
- setuid
- Set effective user ID of calling process, with CAP_SETUID capability it also sets real UID and saved set-user-ID
- sigreturn
- Allow implementation of signal handlers
- socket
- Create endpoint for communication and return file descriptor
- socketpair
- Create a pair of connected sockets, for example for communication between parent and child process
- stat
- Get information about file
- statfs
- Returns information about mounted file system
- symlink
- Create symbolic link
- symlinkat
- Similar to symlink() but deals differently with relative paths
T
- tee
- Duplicate pipe content, does not consume the data
- time
- Return time; as number of seconds since the Epoch (1970-01-01 00:00:00 +0000 (UTC))
- times
- Get process and child process times, including CPU time in userspace and by the system for the calling process, and similar for the child processes
- truncate
- Truncate a writable file to specified number of bytes, which may fill it with null bytes (\0) or decrease its size and losing data
U
- umask
- Set file mode creation mask
- uname
- Retrieve name and information about the current kernel
- unlink
- Delete name from filesystem
- unlinkat
- Similar to unlink() but deals differently with relative paths
- Allows a process to unshare parts of its execution context, such as mount namespace, from other processes. Parts of the execution context are automatically shared with other processes when fork(2), vfork(2) or clone(2) are used. With this syscall it does not have not to create a new process.
- utime
- Change access and modification times of inode
- utimes
- Similar to utime(), but uses array instead of a structure
W
- wait
- Suspend the execution of the calling process thread until one of its child processes terminates.
- waitpid
- Suspend the execution of the calling process thread until one of the specified child processes (by PID) terminates. By using specific options, also other actions like termination can be waited for. The functionality of this system call is similar to wait(), yet with more control over the children and states.
- write
- Write to file descriptor
- writev
- Writes buffers to file