What is the file /proc/kallsyms on Linux?
What is the file /proc/kallsyms on Linux?
The /proc/kallsyms is a file containing the symbol table from the Linux kernel and provides available function and variable names. It may be used by developers and system administrators to troubleshoot kernel issues.
What information does /proc/kallsyms contain?
The file has three columns of information:
- Memory address of the symbol
- Symbol type
- Symbol name
Purpose
By using the information from the /proc/kallsyms file, a developer or system administrator may troubleshoot issues, such as kernel panics. When a kernel panic happened, a so-called core dump is generated. This file contains in-depth details, such as memory addresses where the error happened. The information from the core dump can be compared with the addresses in /proc/kallsyms to identify the function or variable which caused the issue.
Another purpose of the information in /proc/kallsyms is for finding memory leaks. The stored symbols can be inspected and may give developers a clue if a particular piece of code is not correctly handing memory, which may result in a memory leak.
Security considerations to take in account
Providing access to /proc/kallsyms may result in exposing sensitive information about the kernel. This is due to its content and in particular the internals of the kernel, such as memory information. Typically only superusers should have access. For most services and users it is better to deny access to this file.