Overview of Linux syscalls

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z

A

accept
Accept a connection on a socket
access
Checks whether the calling process can access the pathname, dereferenced when it is a symbolic link
add_key
Create or update a key for kernel key management facility
adjtimex
Reads and optionally sets adjustment parameters for clock adjustment algorithm used on Linux (RFC 5905)
alarm
Schedule an alarm; it lets the system generate a SIGALRM signal for the process after a specified time

B

bind
Assigns address to a socket that was created with socket()
brk
Change the location of program break, specifically the end of the process's data segment

C

cacheflush
Flushes contents of cache(s) for user addresses in specified range
capget
Retrieve thread capabilities
capset
Set thread capabilities
chdir
Change work directory
chmod
Change mode of the file, dereferenced for symbolic links
chown
Changes ownership of file specified by pathname, dereferenced if file is a symbolic link
chroot
The root directory (which is normally /) of the calling process will be changed to the one specified in the path to sandbox a process
clock_adjtime
Reads and optionally sets adjustment parameters for clock adjustment algorithm used on Linux (RFC 5905). It behaves like adjtimex(), but takes an additional clk_id argument to define the clock
clock_getres
Retrieve the resolution (precision) of a specified clock
clock_gettime
Retrieve time from specified clock
clock_settime
Set time of specified clock
clone
Similar to fork() to create a child process, with more fine-grained options to define what is shared between calling process and child. This system call can also make a new process part of newly created namespace by specifying a flag.
clone2
Specific for ia64 platform, similar to clone() but with different handling of stack assignment
clone3
Provides superset of the functionality of the older clone() interface to create child process
close
Close file descriptor
close_range
Close the file descriptors of the selected range
connect
Initiate connection on a defined socket
creat
Like open(), but sets flags O_CREAT|O_WRONLY|O_TRUNC
create_module
Deprecated syscall to create an entry to load a kernel module and reserve the kernel memory for it

D

delete_module
Tries to remove an unused loadable module entry which is related currently loaded Linux kernel module (LKM)
dup
Duplicate file descriptor; more specifically it allocates a new file descriptor that also refers to open file description oldfd
dup2
Same as dup(), duplicate file descriptor; difference is that it uses file descriptor number specified in newfd
dup3
Same as dup2(); difference is that caller can force close-on-exec flag (O_CLOEXEC) to be set

E

epoll_ctl
Manage (add, modify, remove) entries in epoll instance, which is used to monitor if I/O is allowed on the defined set of file descriptors. Similar to poll(), with additional benefits.
epoll_wait
Waits for events on an epoll instance which is defined by a file descriptor (epfd)
execve
Executes the program referred to by specified pathname
exit
Terminates the calling process, parent process will receive a SIGCHLD signal

F

faccessat
Similar to access(), works slightly different when pathname is relative
faccessat2
Closely similar to faccessat() but implements flags argument to correct incorrect implementation in faccessat()
fallocate
Allows the caller to manipulate allocated disk space for a file
fchdir
Similar to chdir, but uses open file descriptor
fchmod
Same as chmod, but used file by open file descriptor fd
fchmodat
Similar to chmod(), works slightly different when pathname is relative
fchown
Changes ownership of file, referred to by open file descriptor (fd)
fchownat
Similar to fchown(), but deals differently with relative paths
fcntl
Performs an action on file defined by a file descriptor, such as setting flags
fgetxattr
Retrieves xattr (extended attributes) by using a file descriptor returned by open()
finit_module
Similar to init_module(); loads image (ELF) but refers to a file description
flistxattr
Like listxattr() it retrieves the list of extended attributes (xattr) but associated with an open file descriptor
flock
Apply or remove advisory lock on file
fork
Create a new child process by duplicating the calling process, with caller becoming the parent process
fstat
Similar to stat(), but uses file descriptor fd
fstatat
More generic interface to receive information that is similar to stat(), fstat(), and lstat()
fstatfs
Returns information about an open file
ftruncate
Truncate a file open for writing to specified number of bytes, which may fill it with null bytes (\0) or decrease its size and losing data
futex
Provides a method for waiting until certain condition becomes true

G

get_current_dir_name
Like getcwd(); will retrieve current working directory but creates an array to store the value
getcwd
Copies the absolute pathname of current working directory to a buffer
getdents
Retrieve entries from a directory
getegid
Returns effective group ID of the calling process
geteuid
Retrieve effective user ID of calling process
getgid
Returns real group ID of the calling process
getgroups
Returns supplementary group IDs of calling process
getpeername
Receive address of the peer connected to a socket
getpgid
Retrieve process group ID (PGID)
getpgrp
Retrieves process group ID (PGID) of the calling process
getpid
Returns process ID (PID) of calling process
getppid
Returns process ID (PID) of parent of the calling process
getrandom
Receive random bytes
getrlimit
Get resource limits
getsid
Receive session ID of a defined process
getsockname
Retrieve current address of defined socket
getsockopt
Get options for socket
gettid
Returns thread ID (TID) of caller. Same as process ID (PID) for single-threaded applications, otherwise different
gettimeofday
Get time or timezone
getuid
Retrieve real user ID of calling process
getwd
Retrieves current working directory in specified pointer to a related buffer; deprecated for security and portability reasons
getxattr
Retrieves xattr (extended attributes) from a given file defined by its path and name

I

init_module
Load image (ELF) into the kernel space including the required steps to initialize it, including triggering the init() function of the module
inotify_add_watch
Adds a new watch or change an existing watch for a file
inotify_init
Initializes new inotify instance and returns file descriptor that is associated with a new inotify event queue
inotify_init1
Like inotify_init() it initializes a new inotify instance and returns file descriptor that is associated with a new inotify event queue, with additional flags
inotify_rm_watch
Removes a watch with a watch descriptor (wd) from an inotify instance specified by its file descriptor (fd)
io_cancel
Attempts to cancel asynchronous I/O operation that was submitted by io_submit()
io_submit
Submit asynchronous I/O blocks for processing, can be cancelled with io_cancel()

K

kexec_file_load
Similar to kexec_load(), but uses file descriptor for kernel and initrd (initial ram disk)
kexec_load
Load new kernel for later execution
keyctl
Allow user-space programs to take actions on keys, such as updating, revocation, ownership

L

lchown
Like chown(), does not dereference symbolic links
lgetxattr
Retrieves xattr (extended attributes) for symbolic links itself, not the destination it links to
Create new link (hard link) to existing file
linkat
Similar to link(), but deals differently with relative paths
listen
Marks socket as a passive to allow it accepting incoming connections with accept()
listxattr
Retrieves the list of extended attributes (xattr) associated with the path
llistxattr
Like listxattr, it retrieves the list of extended attributes (xattr) associated with the path, but if it is a symbolic link it will give information about the link, not the destination target
lseek
Reposition file offset for read/write
lstat
Similar to stat(), but if pathname is symbolic link, return information about link and not the file that symbolic link points to

M

mkdir
Create directory
mkdirat
Similar to mkdir() but deals differently with relative paths
mknod
Create filesystem node (file, device special file, or named pipe) named pathname
mknodat
Similar to mknod, works slightly different when pathname is relative
mlock
Lock pages in a specified address range, so they are guaranteed to stay in memory instead of being swapped to disk
mlock2
Same as mlock() if flags is 0. With flag MLOCK_ONFAULT is locks the current resident pages, the mark the range so currently nonresident pages are locked later when they are used (page fault)
mlockall
Similar to mlock, but tries to lock all the memory pages of the calling process to prevent swapping
mmap
Create new mapping in the virtual address space of the calling process
mprotect
Sets protection on a defined region of memory
mseal
Provides memory protection by allow developers to mark specific memory regions immutable, which helps with exploit mitigation
munlock
Opposite of mlock() to release lock on memory area, so it can be swapped to disk if needed
munlockall
Unlocks all memory pages of calling process so it can be swapped to disk again by the kernel
munmap
Deletes the mappings for specified address range and marks range to generate invalid memory references

N

nanosleep
Suspends the execution of the thread calling the request
nice
Change process priority, with +19 (lowest priority) up to to -20 (high priority)
ntp_adjtime
Doing same task as adjtimex(), but is a more portable interface

O

open
Opens file specified by pathname to allow reading or writing data
open_by_handle_at
The open_by_handle_at opens a file handle returned by a name_to_handle_at() and returns an open file descriptor.
openat
Similar to open(), but uses dirfd argument and deals differently with path

P

pause
Changes the thread or process that is calling the request to sleep until the moment a signal is received
personality
Set or get the personality for a process, a kernel execution domain
pidfd_open
Obtain a file descriptor referring to a process
pipe
Create a pipe that allows unidirectional communication between processes
pipe2
Similar to pipe(), to create a channel between two processes. With flag O_DIRECT it will use packet-style communication instead of a stream
poll
Similar task to select(2), which is waiting for a set of file descriptors to become available for I/O.
ppol
Let an application wait until file descriptor is available or signal is caught
prctl
Perform operations on a process or thread, such as changing its capabilities, set name of the calling thread, set the secure computing mode (seccomp), and more.
pread64
Similar to pread() but with an offtype of type off64_t that allows changing file positions in files larger than two gigabytes
preadv
Reads data into multiple buffers as readv(), with option to set an offset where in the file the read operation is to be performed.
preadv2
Reads data into multiple buffers like preadv(), with additional flags
prlimit
Get and sets resource limit, combines getrlimit() and setrlimit()
ptrace
Process tracing; usually for breakpoint debugging and system call tracing
pwrite64
Similar to pwrite() but with an offtype of type off64_t that allows changing file positions in files larger than two gigabytes
pwritev
Write to file description like writev(), except that multiple buffers are written
pwritev2
Write to file description like pwritev() with multiple buffers, additionally has extra flags

R

read
Read from file descriptor
readdir
Read a directory
Places a copy of the symbolic link referenced by its path into a buffer
readlinkat
Like readlinkat() it places a copy of the symbolic link referenced by its path into a buffer, but can use relative path
readv
Read buffers from file
reboot
Reboots the system, or enables/disables reboot keystroke (default: Ctrl+Alt+Delete; changed using loadkeys(1))
recv
Like read(), but normally only used on a socket and has additional flags that can be set
recvfrom
Receives a message on a socket, close to recv(), but with additional flags related to receiving source
recvmsg
Receives a message on a socket with a predefined structure to minimize the number of arguments
rename
Rename a file, move it between directories if required
renameat
Similar to rename(), with deals differently with relative paths
renameat2
Similar to renameat() when no flags are provided, otherwise it has additional options
request_key
Request a key from kernel key management facility
rmdir
Delete directory

S

sbrk
Change the location of program break, specifically it increments the program's data space
sched_getaffinity
Retrieves the mask on which CPUs the process thread can run
sched_setaffinity
Defines by using a mask on which CPUs the process thread can run
sched_yield
Request by the calling thread to free up itself from the CPU and move it to the very end of the queue, so the next thread can run
seccomp
Perform operations on the secure computing (seccomp) state of a process
select
Let a program monitor multiple file descriptors until one or more become available for I/O actions. This system call has limitations and typically poll or epoll is used.
sendfile
Copies data between one file descriptor and another
sendto
Transmits a message to another socket
setdomainname
Sets the NIS domain name to the defined value
setfsgid
Sets the group identity used for performing file system checks
setgid
Set effective group ID of calling process, with CAP_SETGID capability it also sets real GID and saved set-group-ID
setgroups
Defines supplementary group IDs of calling process
sethostname
Sets the hostname to the defined value
setns
Allows calling thread to switch to a different namespace
setpgid
Sets the process group ID (PGID) of the process
setrlimit
Set resource limits
setsockopt
Set options on socket
settimeofday
Set time or timezone
setuid
Set effective user ID of calling process, with CAP_SETUID capability it also sets real UID and saved set-user-ID
sigreturn
Allow implementation of signal handlers
socket
Create endpoint for communication and return file descriptor
socketpair
Create a pair of connected sockets, for example for communication between parent and child process
stat
Get information about file
statfs
Returns information about mounted file system
Create symbolic link
symlinkat
Similar to symlink() but deals differently with relative paths

T

tee
Duplicate pipe content, does not consume the data
time
Return time; as number of seconds since the Epoch (1970-01-01 00:00:00 +0000 (UTC))
times
Get process and child process times, including CPU time in userspace and by the system for the calling process, and similar for the child processes
truncate
Truncate a writable file to specified number of bytes, which may fill it with null bytes (\0) or decrease its size and losing data

U

umask
Set file mode creation mask
uname
Retrieve name and information about the current kernel
Delete name from filesystem
unlinkat
Similar to unlink() but deals differently with relative paths
unshare
Allows a process to unshare parts of its execution context, such as mount namespace, from other processes. Parts of the execution context are automatically shared with other processes when fork(2), vfork(2) or clone(2) are used. With this syscall it does not have not to create a new process.
utime
Change access and modification times of inode
utimes
Similar to utime(), but uses array instead of a structure

W

wait
Suspend the execution of the calling process thread until one of its child processes terminates.
waitpid
Suspend the execution of the calling process thread until one of the specified child processes (by PID) terminates. By using specific options, also other actions like termination can be waited for. The functionality of this system call is similar to wait(), yet with more control over the children and states.
write
Write to file descriptor
writev
Writes buffers to file