binfmt_misc (Miscellaneous Binary Format) is a capability of the Linux kernel which allows arbitrary executable file formats to be recognized and passed to certain user space applications, such as emulators and virtual machines. [1] It is one of a number of binary format handlers in the kernel that are involved in preparing a user-space program to run. [2]
The executable formats are registered through the special purpose file system binfmt_misc
file-system interface (usually mounted under part of /proc). This is either done directly by sending special sequences to the register
procfs file or using a wrapper like Debian-based distributions binfmt-support package [3] or systemd's systemd-binfmt.service
. [4] [5]
The register
file contains lines which define executable types to be handled. Each line is of the form:
:name:type:offset:magic:mask:interpreter:flags
name
is the name of the binary format.type
is either E
or M
E
, the executable file format is identified by its filename extension: magic
is the file extension to be associated with the binary format; offset
and mask
are ignored.M
, the format is identified by magic
number at an absolute offset
(defaults to 0
) in the file and mask
is a bitmask (defaults to all 0xFF
) indicating which bits in the number are significant.interpreter
is a program that is to be run with the matching file as an argument.flags
(optional) is a string of letters, each controlling a certain aspect of interpreter
invocation: P
to preserve the original program name typed by user in command line — by adding that name to argv
; the interpreter
has to be aware of this so it can correctly pass that additional parameter to the interpreted program as its argv[0]
.O
to open the program file and pass its file descriptor to the interpreter
so it could read an otherwise unreadable file (for which the user does not have the "Read" permission).C
to determine new process credentials based on program file rather than interpreter
file (see setuid); implies O
flag.F
to make the kernel open the binary at configuration time instead of lazily at startup time, so that it is available inside other mount namespaces and chroots as well.Each format has a corresponding file entry in the /proc/sys/fs/binfmt_misc
directory which can be read to get information about a given file format.
$ echo-1>/proc/sys/fs/binfmt_misc/status# all entries$ echo-1>/proc/sys/fs/binfmt_misc/qemu-xtensa# single entry
:DOSWin:M::MZ::/usr/bin/wine:
will hand all such files to Wine (thus assuming they are ordinary MS-DOS or Microsoft Windows executable):CLR:M::MZ::/usr/bin/mono:
will hand such files to Mono (thus assuming they are .NET executables) [7] [8] :WSLInterOP:M::MZ::/init:P
.The Filesystem Hierarchy Standard (FHS) is a reference describing the conventions used for the layout of Unix-like systems. It has been made popular by its use in Linux distributions, but it is used by other Unix-like systems as well. It is maintained by the Linux Foundation. The latest version is 3.0, released on 3 June 2015.
In computer programming, a magic number is any of the following:
freedesktop.org (fd.o), formerly X Desktop Group (XDG), is a project to work on interoperability and shared base technology for free-software desktop environments for the X Window System (X11) and Wayland on Linux and other Unix-like operating systems. Although freedesktop.org produces specifications for interoperability, it is not a formal standards body.
vmlinux
is a statically linked executable file that contains the Linux kernel in one of the object file formats supported by Linux, which includes Executable and Linkable Format (ELF) and Common Object File Format (COFF). The vmlinux
file might be required for kernel debugging, symbol table generation or other operations, but must be made bootable before being used as an operating system kernel by adding a multiboot header, bootsector and setup routines.
The file
command is a standard program of Unix and Unix-like operating systems for recognizing the type of data contained in a computer file.
In computer programming, an entry point is the place in a program where the execution of a program begins, and where the program has access to command line arguments.
The proc filesystem (procfs) is a special filesystem in Unix-like operating systems that presents information about processes and other system information in a hierarchical file-like structure, providing a more convenient and standardized method for dynamically accessing process data held in the kernel than traditional tracing methods or direct access to kernel memory. Typically, it is mapped to a mount point named /proc at boot time. The proc file system acts as an interface to internal data structures about running processes in the kernel. In Linux, it can also be used to obtain information about the kernel and to change certain kernel parameters at runtime (sysctl).
In computing, the sticky bit is a user ownership access right flag that can be assigned to files and directories on Unix-like systems.
D-Bus is a message-oriented middleware mechanism that allows communication between multiple processes running concurrently on the same machine. D-Bus was developed as part of the freedesktop.org project, initiated by GNOME developer Havoc Pennington to standardize services provided by Linux desktop environments such as GNOME and KDE.
The Linux kernel provides multiple interfaces to user-space and kernel-mode code that are used for varying purposes and that have varying properties by design. There are two types of application programming interface (API) in the Linux kernel:
The magic SysRq key is a key combination understood by the Linux kernel, which allows the user to perform various low-level commands regardless of the system's state. It is often used to recover from freezes, or to reboot a computer without corrupting the filesystem. Its effect is similar to the computer's hardware reset button but with many more options and much more control.
seccomp is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit
, sigreturn
, read
and write
to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
NetworkManager is a daemon that sits on top of libudev and other Linux kernel interfaces and provides a high-level interface for the configuration of the network interfaces.
AppImage is an open-source format for distributing portable software on Linux. It aims to allow the installation of binary software independently of specific Linux distributions, a concept often referred to as upstream packaging. As a result, one AppImage can be installed and run across Ubuntu, Arch Linux, and Red Hat Enterprise Linux without needing to use different files. It aims to be a format that is self-contained, rootless, and independent of the underlying Linux distribution.
In computing, a shebang is the character sequence #!, consisting of the characters number sign and exclamation mark, at the beginning of a script. It is also called sharp-exclamation, sha-bang, hashbang, pound-bang, or hash-pling.
debugfs is a special file system available in the Linux kernel since version 2.6.10-rc3. It was written by Greg Kroah-Hartman.
The Linux booting process involves multiple stages and is in many ways similar to the BSD and other Unix-style boot processes, from which it derives. Although the Linux booting process depends very much on the computer architecture, those architectures share similar stages and software components, including system startup, bootloader execution, loading and startup of a Linux kernel image, and execution of various startup scripts and daemons. Those are grouped into 4 steps: system startup, bootloader stage, kernel stage, and init process. When a Linux system is powered up or reset, its processor will execute a specific firmware/program for system initialization, such as Power-on self-test, invoking the reset vector to start a program at a known address in flash/ROM, then load the bootloader into RAM for later execution. In personal computer (PC), not only limited to Linux-distro PC, this firmware/program is called BIOS, which is stored in the mainboard. In embedded Linux system, this firmware/program is called boot ROM. After being loaded into RAM, bootloader will execute to load the second-stage bootloader. The second-stage bootloader will load the kernel image into memory, decompress and initialize it then pass control to this kernel image. Second-stage bootloader also performs several operation on the system such as system hardware check, mounting the root device, loading the necessary kernel modules, etc. Finally, the first user-space process starts, and other high-level system initializations are performed.
systemd is a software suite that provides an array of system components for Linux operating systems. The main aim is to unify service configuration and behavior across Linux distributions. Its primary component is a "system and service manager" — an init system used to bootstrap user space and manage user processes. It also provides replacements for various daemons and utilities, including device management, login management, network connection management, and event logging. The name systemd adheres to the Unix convention of naming daemons by appending the letter d. It also plays on the term "System D", which refers to a person's ability to adapt quickly and improvise to solve problems.
Longene is a Linux-based operating system kernel intended to be binary compatible with application software and device drivers made for Microsoft Windows and Linux. As of 1.0-rc2, it consists of a Linux kernel module implementing aspects of the Windows kernel and a modified Wine distribution designed to take advantage of the more native interface. Longene is written in the C programming language and is free and open source software. It is licensed under the terms of the GNU General Public License version 2 (GPLv2).
Windows Subsystem for Linux (WSL) is a feature of Microsoft Windows that allows developers to run a Linux environment without the need for a separate virtual machine or dual booting. There are two versions of WSL: WSL 1 and WSL 2. WSL is not available to all Windows 10 users by default. It can be installed either by joining the Windows Insider program or manually via Microsoft Store or Winget.