- Kernel Architecture
- The Boot Process
- Kernel Modules
- sysctl โ Runtime Kernel Parameters
- initramfs / initrd
- System Calls
- The init System (PID 1)
- Practice Exercises
The Linux kernel is monolithic โ all core services run in kernel space as a single binary.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ USER SPACE โ
โ Applications โ Libraries โ System Call API โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ KERNEL SPACE โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ System Call Interface โ โ
โ โโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโโโโโโโค โ
โ โ VFS โProcess โ Memory โ Network โ โ
โ โ(Virtualโ Sched โ Mgmt โ Stack โ โ
โ โ FS) โ โ โ โ โ
โ โโโโโโโโโโดโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโโโโโโโค โ
โ โ Device Drivers (modules) โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ
โ โ Architecture-Dependent Code (x86, ARM) โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ HARDWARE โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
| Subsystem | Role |
|---|---|
| Process Scheduler | Decides which process runs on which CPU core |
| Memory Manager | Virtual memory, paging, OOM killer |
| VFS | Abstraction layer over all filesystems |
| Network Stack | TCP/IP, sockets, netfilter |
| Device Drivers | Hardware communication (loaded as modules) |
| IPC | Inter-process communication (pipes, signals, sockets) |
# Kernel information
uname -r # Kernel version (e.g., 6.8.0-41-generic)
uname -a # All system info
cat /proc/version # Kernel build details
cat /proc/cmdline # Boot parameters1. BIOS/UEFI
โโ POST (Power-On Self-Test)
โโ Find boot device
2. Bootloader (GRUB)
โโ Load kernel + initramfs into memory
โโ Pass boot parameters to kernel
3. Kernel
โโ Decompress itself
โโ Initialize hardware, memory, CPU
โโ Mount initramfs as temporary root
โโ Execute /init from initramfs
4. initramfs
โโ Load necessary drivers (disk, filesystem)
โโ Find and mount real root filesystem
โโ pivot_root to real filesystem
5. Init System (systemd, PID 1)
โโ Mount filesystems from /etc/fstab
โโ Start services (networking, SSH, etc.)
โโ Reach default target (multi-user or graphical)
โโ Display login prompt
# GRUB config
cat /boot/grub/grub.cfg # Generated config (don't edit!)
cat /etc/default/grub # User settings
# Edit GRUB settings
sudo vim /etc/default/grub
# GRUB_TIMEOUT=5
# GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
# GRUB_CMDLINE_LINUX=""
# Rebuild GRUB config
sudo update-grub # Debian/Ubuntu
sudo grub2-mkconfig -o /boot/grub2/grub.cfg # RHEL/Fedora
# Reinstall GRUB (boot repair)
sudo grub-install /dev/sda
sudo update-grubModules are pieces of kernel code loaded on demand (like drivers).
# List loaded modules
lsmod
lsmod | grep usb
# Module info
modinfo ext4
modinfo nvidia
# Load a module
sudo modprobe vfat # Load FAT filesystem module
sudo modprobe -v snd-hda-intel # Verbose load
# Unload a module
sudo modprobe -r vfat # Remove module
sudo rmmod vfat # Alternative
# Load module at boot โ add to:
echo "vfat" | sudo tee /etc/modules-load.d/vfat.conf
# Blacklist a module (prevent loading)
echo "blacklist nouveau" | sudo tee /etc/modprobe.d/blacklist-nouveau.conf
sudo update-initramfs -u # Rebuild initramfs
# Module parameters
modinfo i915 | grep parm # Show available parameters
echo "options i915 enable_guc=3" | sudo tee /etc/modprobe.d/i915.conf
# Module dependencies
modprobe --show-depends ext4# View all parameters
sysctl -a
# View specific parameter
sysctl net.ipv4.ip_forward
sysctl vm.swappiness
# Set temporarily (until reboot)
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w vm.swappiness=10
# Set permanently
echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p # Reload
# Or use drop-in files
echo "vm.swappiness = 10" | sudo tee /etc/sysctl.d/99-custom.conf
sudo sysctl --system # Reload all| Parameter | Description | Default |
|---|---|---|
vm.swappiness |
How aggressively to use swap | 60 |
net.ipv4.ip_forward |
Enable IP forwarding (routing) | 0 |
net.core.somaxconn |
Max socket connections queue | 4096 |
fs.file-max |
Max open files system-wide | 9223372036854775807 |
fs.inotify.max_user_watches |
Max inotify watches | 8192 |
The initramfs is a temporary root filesystem loaded into RAM during boot, before the real root is mounted.
# View current initramfs
ls -la /boot/initrd.img*
# List contents
lsinitramfs /boot/initrd.img-$(uname -r)
# Rebuild initramfs
sudo update-initramfs -u # Update current kernel
sudo update-initramfs -u -k all # Update all kernels
sudo mkinitramfs -o /boot/initrd.img-$(uname -r) # Manual rebuild
# Dracut (RHEL/Fedora)
sudo dracut --forceSystem calls are the API between user space and kernel space.
# Trace system calls of a command
strace ls /tmp # See all syscalls ls makes
strace -c ls /tmp # Summary statistics
strace -e open,read,write ls # Filter specific syscalls
strace -p 1234 # Attach to running process
strace -f -e trace=network curl https://example.com # Network calls
# Common system calls
# open() โ Open a file
# read() โ Read from file descriptor
# write() โ Write to file descriptor
# close() โ Close file descriptor
# fork() โ Create child process
# exec() โ Execute a program
# mmap() โ Map memory
# stat() โ Get file info
# socket() โ Create network socket# Check your init system
ps -p 1 -o comm= # systemd, init, or others
stat /proc/1/exe # Binary path
# systemd (modern standard)
systemctl list-units # All loaded units
systemctl list-unit-files # All available units
systemctl get-default # Default boot target
systemctl set-default multi-user.target # Boot to CLI
systemctl set-default graphical.target # Boot to GUI
# Boot targets (runlevels)
# multi-user.target = runlevel 3 (CLI)
# graphical.target = runlevel 5 (GUI)
# rescue.target = single user
# emergency.target = minimal shell- Kernel: Check your kernel version and when it was compiled
- Modules: List all loaded modules and find one related to your network
- modinfo: Get detailed info about the
ext4module - sysctl: Check and change the swappiness value
- strace: Trace the system calls of
cat /etc/hostname - Boot: Read
/proc/cmdlineto see your boot parameters - GRUB: Look at
/etc/default/grubsettings - initramfs: List the contents of your current initramfs
โ Previous: Advanced Shell Scripting ยท ๐ Home ยท Next: Systemd & Service Management โ