It seems that it is impossible to backup the whole '/sys' for Security Comparisons afterwards?! AKA the Invention of a Firmware Malware IDS!

Hello everyone, I'm new here, but as you may guess from the Topic not really new to Linux!

I'm basically a Refugee from a sadly too popular Q&A Site which turned into a tyrannous Dictatorship of pedantic nitpicking, Power abusing, probably totally incompetent little fluffy Unicorn Nerd "Children" as Mods, which just lacked the Knowledge to grok this very big but very well defined, and seemingly important Question which I'm now about to test on you, in an acceptable Manner, it even got destroyed by Downvotes in Minutes and Deleted as --you don't believe it-- "Spam", even though it was my first Post there and had not one Link or Product Advertisement in it... No Moderator Advice/Guiding, no Discussion, nothing, just BAM Hours of Work destroyed, so i hope you Folks here are not like those Fools!

I tried to reformat it for here and stripped out some Critiques of the Other mentioned "Q&A" Site, which summed up during the hopeless Process to Reinstate it, but maybe I've not caught all of it, so any still left Critique is not meant against LQ, at least for now, who knows what awaits me here --since it is probably not the smartest Thing to do, to one Day wake up in a Cult after 20Years of passionate Membership and then to proceed to question openly our Believes Foundation, that Linux is perfect...--.

It has a legit and well defined Purpose compared to all the other '/sys' "Backup" Questions which falsely got laughed at with the counter Question "Why do you want to do this anyway?!"...

It also points out, that there seems to be an extreme Problem in our Linux World, since either '/sys' should no longer be designed as pseudo FS, or the Admin Tools must be able to handle it correctly, but as it is, it seems unacceptable to me, so if no High-End Guru here could point me to a standard *nix Tool or relatively acceptable Method with many of them piped, which can reliably and uniformly(No shitty Hacks for each Subcategory in '/sys'!) operate in the Security critical '/sys'(And optionally also in '/proc' and '/dev'), i then want to use the Pro Answers/Comments to this Question/Problem here for a BUG Report either on the Kernel, or the Toolset, therefore please give it your best Shot!(The UNIX Philosophy should have been "Every thing is a File AND ONE ALSO MUST BE ABLE TO PROPERLY HANDLE IT AS SUCH WITH THE SYSTEM UTILITIES", and the '/sys' pseudo FS clearly contradicts with that if there is no Tool which can handle it properly in a global Scale, just like One would Backup a FS with `rsync` or the complete Blockdevice with `dd` in one easy Step, even a `find` Search for Something can fail, that's pure Misery IMHO!)

What i have in Mind and tested so far:

After falling deep down into the Rabbit Hole of Firmware Malware "Paranoia"(If i provide no Links, I probably just get stamped as only "Opinion" based, if i would do provide a Ton of them, I'll probably could get deleted for "spamming" as new User, so i just hope most of you which clicked on such a Topic already know about the Subject and yes, it might be a little hypothetical that one becomes a Victim of such an sophisticated Attack, but i have my Reasons to asses my Risk Profile this way, therefore i desire to expand my Knowledge in this Direction, especially since i had a little Journey in Android "Security" Affairs, which freaked the Hell out of me, how vulnerable our Linux "Castle" actually is...), i tried to devise me a Way, which probably at least could monitor if any potential Malware would luckily be too stupid to hide its Traces, and AFAIK the '/sys' Path lets us read out Portions(Or even Everything?) of some EEPROMs(Maybe other Chips too, i don't know, therefore i ask... And yes, I'm sadly well aware, that the only serious Way to do such Things is by desoldering the Chips and reading them out in a Chip Flasher, but surely no one does this as often as he probably should, so therefore i think it is Time for Firmware IDS Tools which would point out, that it may be needed to have a good Look at some Components!) like for Example if the Motherboard has ever been "infected" with an Windoze License Key, which can be read out with

Code:

`sudo strings -- '/sys/firmware/acpi/tables/MSDM' | tail -n1`

(Probably good for Installs of it in a VM, if one has to, but "strangely" didn't found the License Keys anywhere anymore), so my Idea was to initially backup the whole '/sys'(Maybe the interesting Parts of '/proc' and '/dev' too) Path and its Contents from my newly bought Machine with

Code:

`sudo rsync -HAXhaxSW -- '/sys' '/mnt/Backup/'`

which i always use to successfully copy whole Systems with all their Sockets, Pipes, Sparse Files and what not, but since '/sys' is just a pseudo FS, `rsync` seems to fail miserably on these Files...(I know why, don't waste your Time on this One, it's discussed here already)

So i resorted to use

Code:

`sudo cp -av -- '/sys' '/mnt/Backup/'`

which surprisingly worked for a While as expected, but then it of course chocked on a '/sys/kernel/debug/tracing/trace_pipe' Pipe... `cp -a` also seems to not have any exclude Functionality for such Cases...

Then i thought I'll couple it with `find '/sys/' -not -type p,s`, but that of course would not preserve me the Folder Hierarchy in the Target Directory --which it should of course if one wants to compare it afterwards with `meld` or some other Diff GUI--, and the recursively operating `cp -a` which had this Functionality, would not be a very good Idea to be fired by `find`'s '-exec', namely because of its recursive working Nature...

Last but not least i hacked me

Code:

`sudo find '/sys/' -not -type d,p,s -not -iname '*pipe' -exec cp --parents --preserve=all -d -v -- '{}' '/mnt/Backup/' \;`

together just to realize, that it is truly so, that `find` simply can not detect and therefore exclude Pipes on a pseudo FS like the '/sys' Path, and the '-exec' Execution of `cp` again chocked somewhere on a damn Pipe, so in Despair i resorted to the "-iname '*pipe'" Approach you already saw in my Oneliner, but guess what, not every Pipe is of course named "Pipe" in the '/sys' FS, and there comes One after the Other, and we would had to catch and exclude them all manually or with some ultra psychotic arcane Terminal Witchcraft Hack i no longer wanted to invent, since i very hardly believe it just should not be so problematic and the Kernel Folks should just change that stupid Behavior if no *nix Tool can handle that pseudo FS properly!!!

With `tar` i guess it would have been the same Problem, that One has to exclude all the Pipes and other blocking Stuff manually...

One can also not just make an complete Image of '/sys' with `dd` since it is not a Mountpoint from a Blockdevice, because it is so pseudo...


So finally my ultimate Questions are(Don't get triggered about the plural Word Questions, it's all basically in the Bounds of one Question Direction if one understands the Subject to it's full Extend, what the ranted about Mods of the other "Q&A" Site probably didn't, since they even just deleted my Work in under the Time it would took to read that all...):
1. Has anyone a reliable Shell Way to achieve what i wanted? (If it was somehow not clear till now, i want to Backup the whole --or as much as i can get of it at least-- '/sys' to real Files so that i later always can compare it against the actual System State, in the probably just naive Hope of maybe one Day finding not legit Changes in the Parts of the BIOS --or other Firmware-- which seem to be "stored"/exposed --to some Extent-- in '/sys' and maybe other EEPROM Dumps one can seemingly find there --I'm no Pro yet in such Things, but if i can diff it, i can one fine Day understand it all, but my new Machine is of course not forever new/"clean", so i must gather all the HW Data now, and then i can later on still learn what would have been relevant of this Dump and what not--, or just any Device that after a Corruption with Malware maybe changes Something obvious One could monitor if he had collected all Hardware/Firmware Data right from the Start after he bought his new Machine(And yes, i sadly know, that a new Machine hasn't to be a clean Machine, because it could very well already had a little Excursion to a "TAO Implant Station", so as a probably laughable best Effort i reflash any Chip i can, and that is sadly all i can do for now, until we globally start a Revolution against such Grievances, just like the Guys from Purism already started with their "as free and well sealed/secured delivered as possible" Hardware). In other Words, i just want total Control over any Data all my Devices could spit out about them self in order to detect potentially dubious Changes(I guess since such Firmware Attacks on a broader Scale would be utterly complicated anyways, they maybe not copy and include the previous Hardware Info perfectly, so One eventually would have the Chance to detect that something goes on, if perhaps the Serial Number, MAC Address, Vendor ID, or whatever changes suddenly, so that's what i --apart from eventually dumpable Firmware Binary Data-- plan to Monitor as a best Effort), so if there is a better Way than dumping the whole '/sys' pseudo "FS", then i like to hear about that too of course! And with i want to log it all, i mean all, even the EDID of the Display via I2C, SPI, whatever, just simply EVERYTHING One can get about his Machine, and if anyhow possible, preferably in one easy Rush, like we could have done with `rsync` or `cp -a` if '/sys' wouldn't have been designed so pseudo as it sadly is!)

2. Is there maybe already any finished Free Software Tool which does all that --or even more, something like a sophisticated IDS for Firmware on Chips which would do this initial Logging of any Hardware Info for later Comparisons?-- and preferably comes from the regular Distro Repository, which is Debian in my Case? Chipsec? If Chipsec would be the right Tool for the Job, then I'll had a little Bonus Question --if allowed--, namely, is it secure to use this on a Production Server, since i for Example don't like to fire Pen Testing Suits on them, because to my Understanding they mostly just demonstrate that a Hack is possible, but maybe not in the safest Way i guess... Therefore I'd mostly like to do it all by my self with basic Sys Tools, since i somewhat hate studying other --potentially dubious non Distro Repository-- Peoples Code just to be sure, especially if their Projects are way too big or in Languages i don't understand very well(Almost any besides of Bash, but maybe my Criteria for calling my self knowledgeable of Something is just set really high, of course i could read C,C++,Python,Java Script and so on, to analyze if some fishy Installment of Malware goes on, but judging if subtle Traps are built in, is always another Story)!

3. Am i right in the Assumption, that there is no regular *nix Tool which could handle '/sys' properly or that it at least should not be so hard to be able to achieve such a legit and Security important Task like backing up any Hardware related Information?! If so, where must we conspire in order to make them change this bad Behavior in the Kernel and make '/sys' less pseudo or the Linux *utils Toolset more capable?!

Thanks in Advance for your Time and thoroughly Answers(You can write a Bible about the Topic if you are a Monster Mutant Guru in this Sector and wish to do so, it doesn't have to be short, i like Details, especially in this horrible "How do we fight the closet(No Typo!) Source Firmware Dangers which undermines all our free Software Security Measures and Efforts..." Topic)!

No cowardly Downvotes/Deletes of my Post without clear Explanation of the Reasons why please, be a Man!

PS: Wintertime is Hackfest Days, ergo i might be off for some Time, so please all you Bounty Hunters be patient, i will not accept any Answer ASAP, Quality matters and I'd like to see many Answers/Methods to that ugly Problem --so that we can forward them to Kernel Devs if needed--!

Very few (if any) people here want to read over two thousand words of waffle.

http://www.catb.org/%7Eesr/faqs/smart-questions.html#beprecise

Quote:

Originally Posted by High-Tech-Caveman Hello everyone, I'm new here, but as you may guess from the Topic not really new to Linux! I'm basically a Refugee from a sadly too popular Q&A Site which turned into a tyrannous Dictatorship of pedantic nitpicking, Power abusing, probably totally incompetent little fluffy Unicorn Nerd "Children" as Mods, which just lacked the Knowledge to grok this very big but very well defined, and seemingly important Question which I'm now about to test on you, in an acceptable Manner, it even got destroyed by Downvotes in Minutes and Deleted as --you don't believe it-- "Spam", even though it was my first Post there and had not one Link or Product Advertisement in it... No Moderator Advice/Guiding, no Discussion, nothing, just BAM Hours of Work destroyed, so i hope you Folks here are not like those Fools! I tried to reformat it for here and stripped out some Critiques of the Other mentioned "Q&A" Site, which summed up during the hopeless Process to Reinstate it, but maybe I've not caught all of it, so any still left Critique is not meant against LQ, at least for now, who knows what awaits me here --since it is probably not the smartest Thing to do, to one Day wake up in a Cult after 20Years of passionate Membership and then to proceed to question openly our Believes Foundation, that Linux is perfect...--.

So you got banned from StackExchange for (most likely) not following the rules of the site, and choose to blame them instead of yourself? Because this:

Quote:

It has a legit and well defined Purpose compared to all the other '/sys' "Backup" Questions which falsely got laughed at with the counter Question "Why do you want to do this anyway?!"...

..coupled with "destroyed by downvotes", etc., is fairly telling. Seems to say that you asked a question of people, and got answers you didn't like. So if you're not willing to discuss things or try to see other points of view/hear new information, there doesn't seem to be much point in posting on any forum, anywhere.

Quote:

Thanks in Advance for your Time and thoroughly Answers(You can write a Bible about the Topic if you are a Monster Mutant Guru in this Sector and wish to do so, it doesn't have to be short, i like Details, especially in this horrible "How do we fight the closet(No Typo!) Source Firmware Dangers which undermines all our free Software Security Measures and Efforts..." Topic)!

If you like details, then what is stopping you from researching every bit of firmware on whatever you're running? Downloading updates and examining them?

Quote:

No cowardly Downvotes/Deletes of my Post without clear Explanation of the Reasons why please, be a Man! PS: Wintertime is Hackfest Days, ergo i might be off for some Time, so please all you Bounty Hunters be patient, i will not accept any Answer ASAP, Quality matters and I'd like to see many Answers/Methods to that ugly Problem --so that we can forward them to Kernel Devs if needed--!

And now you're TELLING PEOPLE what kind of answers you want, and in the manner you want them?? Good luck.

Quote:

Originally Posted by boughtonp Very few (if any) people here want to read over two thousand words of waffle. http://www.catb.org/%7Eesr/faqs/smart-questions.html#beprecise

Did you mean that to my Post or the Link you just gave me? Just kidding, had some use able Points but was even for my extensive Gusto TL;DR, since i don't desire to become the most professional Questioner, in Fact i even hate Questions like the Pest...

I'm sorry for the Inconveniences, but also this Site here states quite clearly that:

Quote:

Message: You should include as much detail as possible in your message, including exact error messages (where applicable) and what you have done so far. The more detail you include the more we can help. You should also use the board's search feature to ensure that the question has not already been asked.

when you start to write a new Thread, and so i did, especially when one comes from Shit Overflow, where you almost have to write a damn PhD Master Thesis for your simple Question, just to bring it through those pedantic Psycho Mods there...

Nice Definition you used there Sir, as Swiss German Speaker i know Waffle of course in a more positive Context, but anyway, may i encourage you to show of, that you know enough about the Topic to so clearly define it as Waffle, since i wouldn't like People to describe it as such if they have no Idea --not that i would have much more-- and are just too lazy to read more than their Brain damaging short Dose of their daily --280Chars Max-- Twitter Bubble. This was clearly not an Insult/Accusation, it just happens that the Internet is Full of such Zombies, and I'm new here, so i don't know what kind of Wizard you may be, or not be, and if I should listen to your Advice and reedit it for the 1000 Time ad nauseam...

Of course i for my Liking would just have stated "Ey, all the Linux Tools miserably fail on pseudo FS like '/sys' which i want to fully backup on my new Machine to devise me some sort of Firmware IDS for later Inspection, is here any Wizard that has a Free Software Tool for it(And maybe some in depth Knowledge of how much of the Firmwares one could get out of EEPROMS trough this Path, if any), which i missed in my +20Years on Linux, and is there perhaps a Reason why this would be doomed to Failure --that it is, because we don't seem to have Tools which work there properly, i don't accept as a "doomed to Failure" Reason as one could take away from my Question(At least not without a really good Explanation of why the Kernel could just absolutely don't come up with something more *nix Tool compatible than this defective Pseudo FS Approach, but that would have been the next Question)--?" and then the Teufelskreis(If Waffle was OK i hope this precise German word is too) which initially led to this length of Text, begins a new with some fluffy Unicorn and Pokemon Nerd Mods, that come at you with Stuff which is in the felt Realms of "That can not be!!!", "Why would you even want to do this anyway???", "Be more precise...", "Say what you have done and failed at already!!!", or in my Case a direct Closure of the Post...

Quote:

Originally Posted by TB0ne So you got banned from StackExchange for (most likely) not following the rules of the site, and choose to blame them instead of yourself? Because this: ..coupled with "destroyed by downvotes", etc., is fairly telling. Seems to say that you asked a question of people, and got answers you didn't like. So if you're not willing to discuss things or try to see other points of view/hear new information, there doesn't seem to be much point in posting on any forum, anywhere. If you like details, then what is stopping you from researching every bit of firmware on whatever you're running? Downloading updates and examining them? And now you're TELLING PEOPLE what kind of answers you want, and in the manner you want them?? Good luck.

Listen grande Maestro, I have no Problems with getting roasted, but TECHNICALLY!!!, not this pseudo ad hominem Bullshit you're trying, since I'm almost not a Human anymore and the most Misanthropic [removed] you probably can imagine --after yourself i guess--, so one can simply not provoke me this Way!

And as already often enough, you made up [removed], since when i state, that i was right away downvoted and deleted, there logically was no Discussion at all from those [removed] as you Accuse me there was and all your non technically Blabla!

My dear Friend, even your Question what hinders me to do such things with Firmware my Question had pre-answered for you in about Thousend Words, maybe you should focus on the technical Part of it, not just my personal Intro! And yes i know what comes next.
First i want just to be able to Backup any Information i can via Software Means, and for that i guess could the '/sys' Path be --and if this Kernel Shithole would have worked as it should i wouldn't even be here--, and i don't plan to become an ultra reverse Engineerer of whole BIOS/Firmware, even though I'm probably already with one Foot in the Grave, since i realized the Danger that comes of this Shit and all those Flashrom Sites very strangely attracted me, so that i already have an SOIC Clip, many Raspberry Pis or Arduinos as Flasher and since i now have a new Machine, my good ol' 7Yeahr old shitty Intel Machine could very well act as an Lab Rat, which probably only waits to get Coreboot or sadly utopical even Libreboot with no more IntelME+AMT Ghost in the Shell Backdoor flashed one fine Day...
But sadly "real" "Life" slows down all Fun, and Information Gathering is too painstakingly boring if all Gurus think they must first come with this Devotion Voodoo Ceremony... I'm Generalist man, i can't be devote to every damn Guru out there for all my Interests, Life is simply and sadly to short...

[removed]

Moderator note: this type of language/behavior is not acceptable at LQ. Please refrain if you'd like to continue participating.

So you want to make a copy of what's in /sys to examine at a later time, on a different machine?

If it's a VM, just take a snapshot.

The other option I see is to just not back up the specific individual files that you can't.

Quote:

Originally Posted by High-Tech-Caveman Listen grande Maestro, I have no Problems with getting roasted, but TECHNICALLY!!!, not this pseudo ad hominem Bullshit you're trying, since I'm almost not a Human anymore and the most Misanthropic Asshole you probably can imagine --after yourself i guess--, so one can simply not provoke me this Way! And as already often enough, you made up Shit of my Texts, since when i state, that i was right away downvoted and deleted, there logically was no Discussion at all from those Assholes as you Accuse me there was and all your non technically Blabla!

Right; it was obviously so on topic that the thread was deleted. And your nonsense third-grade threats are meaningless.

Quote:

My dear Friend, even your Question what hinders me to do such things with Firmware my Question had pre-answered for you in about Thousend Words, maybe you should focus on the technical Part of it, not just my personal Intro! And yes i know what comes next.

Certainly not your friend, and wouldn't be too happy if I was.

Quote:

First i want just to be able to Backup any Information i can via Software Means, and for that i guess could the '/sys' Path be --and if this Kernel Shithole would have worked as it should i wouldn't even be here--, and i don't plan to become an ultra reverse Engineerer of whole BIOS/Firmware, even though I'm probably already with one Foot in the Grave, since i realized the Danger that comes of this Shit and all those Flashrom Sites very strangely attracted me, so that i already have an SOIC Clip, many Raspberry Pis or Arduinos as Flasher and since i now have a new Machine, my good ol' 7Yeahr old shitty Intel Machine could very well act as an Lab Rat, which probably only waits to get Coreboot or sadly utopical even Libreboot with no more IntelME+AMT Ghost in the Shell Backdoor flashed one fine Day... But sadly "real" "Life" slows down all Fun, and Information Gathering is too painstakingly boring if all Gurus think they must first come with this Devotion Voodoo Ceremony... I'm Generalist man, i can't be devote to every damn Guru out there for all my Interests, Life is simply and sadly to short... Ov course i do that, and now better spit it out Bitch before i prepare the Waterboarding Session and the Electrocuters!!! Jokes aside, have you now something useful technical to say or not?

Nothing that would make sense to you, obviously. Seems like only you need this particular tool....so quit wasting everyones time and go write it. Since you (seemingly) know so much better than everyone else, what's stopping you?

Quote:

Originally Posted by High-Tech-Caveman 3. Am i right in the Assumption, that there is no regular *nix Tool which could handle '/sys' properly or that it at least should not be so hard to be able to achieve such a legit and Security important Task like backing up any Hardware related Information?! If so, where must we conspire in order to make them change this bad Behavior in the Kernel and make '/sys' less pseudo or the Linux *utils Toolset more capable?!

There is never a reason to restore /proc or /sys so there is never any reason to back them up. Therefore no developer has wasted their time by writing backup and restore programs for /sys and /proc.

Quote:

Originally Posted by dugan So you want to make a copy of what's in /sys to examine at a later time, on a different machine? If it's a VM, just take a snapshot. The other option I see is to just not back up the specific individual files that you can't.

Hello dugan

I can not express how thankful i am to see, that the Internet isn't just full of ignorant Linux Cult Groupies in Troll Mode and that you as the first One in the Internet seemingly have gotten my Point, that it's a legit Demand to backup '/sys' in order to make Comparisons for security analysis Purposes or for Troubleshooting Boot Problems after for Example wrong 'efivar' Changes(Yes you Trolls reading this, One can backup them separately i know, but what's the fucking Point of doing 1000 Things separately with non uniformly Tools, and when the Problems then one Day arise, maybe had forgotten something, if you could just make a Backup of Everything in one Rush with `cp -a` or `rsync` if they would fix that Pseudo FS Behavior, and yes i know, it's probably for Performance Reasons as it is, but a "Hey Kernel i shit for a Second on max Performance and rather want all my Hardware and Firmware Data and Configurations backuped" Switch wont hurt or should even have been invented a long Time ago i think!) and of course NOT for the Purpose to "restore" it one Day as many that don't want to understand laugh at, what i certainly do too --to some extent, since not Everything is 'read only' in '/sys' and one may even come up with a good Reason why he thinks he wants to attempt a Restore of it "all"--!

I was really relieved for a Second, that your primary Idea would be relatively survivable to do, but then it came to my Mind, that whatever I'll dump/snapshot in a VM from "my" Machine, will probably even with Hardware Passtrough Options then be infested with some virtualized Hardware Infos instead of the Bare Metal Ones i want, but I'm no VM Pro, are you perhaps and am I right with that Assumption? But the Idea was of course very creative from you, so i thank for your Efforts.

Your second Solution would be very hard to achieve, since as my Question states, no to me known Tool can handle the '/sys/' Pseudo FS properly, ergo you can't for Example use `find '/sys/' -type p` to find all the Pipes which are problematic...
Only `lsof -b -- '/sys'` showed some Signs of that it probably could at least find Pipes there somewhat, but the "Output Information may be incomplete" it states it self all the Time, and i didn't seem to find all the Pipes in the List, which my manual exclude Run let `cp` choke on, so the Criteria for my Question to reliably Work in '/sys' would also not be met at all I'd like to state!
I came to the Conclusion, that I would probably had to cast some arcane Terminal Witchcraft Spell, which scans `cp`s blocking on a Pipe and writes it to a exclude List and then kills `cp` and restarts the Copy Process on a previous Position(Which is all doable in Bash of course or at least probably, but i think we all can argue, that these are all Tasks which shouldn't be necessary to do in the first Place in a presumingly well defined OS like Linux, and secondly not necessarily in a slow Shell Language), or to `grep` through the Sourcecode for the Location of the Pipes, if that would be even possible, since those Kernel Devs did not accurately/uniformly named all the Pipes "*pipe*", but anyway, therefore my Question also likes to point out, that it should NOT be so overly complicated for us Admins to manage this whole '/sys' Path, if we for said legit Reasons had to somehow!

I think you have a fundamental misunderstanding of what "everything is a file" means. It means that "everything" responds to requests to do the common file operations on them (read, write, stat, etc). It does not mean that everything is stored on disk. It does not mean that everything supports all those operations, and it does not mean that all of those files have a length.

When you read (that's a technical word) a file in /sys, or /dev, or /proc, you're literally getting information from the running kernel. The kernel is a running program. You're not reading from the disk.

A keyboard might be represented by a file called /dev/input/event12. A program that wants to get input from the keyboard would open that file and just keep reading from it. How do copy and rsync operations work? They read from the source file until they get an EOF (end-of-file) character, and they write to the destination file. If you try to copy /dev/input/event12, then the operation would never end because you would never get an EOF.

See the problem?

Quote:

Originally Posted by jailbait There is never a reason to restore /proc or /sys so there is never any reason to back them up. Therefore no developer has wasted their time by writing backup and restore programs for /sys and /proc.

Do you perhaps know the always truthful Statement of the wise Mahatma Gandhi: "First they laugh at you, then they fight you, and then you win --and after that you all just shut up and constructively help me to bring the Kernel Devs our newly gained Wisdom, that it absolutely must be possible to handle PseudoFS Data just like we're used to on any other FS with standard *nix Tools!--" ;D

Sorry if i just got your Intentions wrong, it's after all the Trolls hard to judge if you just wanted to point out the till now Reasons why --which i would of course just had absorbed instead of writing this Message--, or to call out that what i propose in my Question is Bullshit without having it even read obviously in this Case?

Quote:

Originally Posted by High-Tech-Caveman Do you perhaps know the always truthful Statement of the wise Mahatma Gandhi: "First they laugh at you, then they fight you, and then you win --and after that you all just shut up and constructively help me to bring the Kernel Devs our newly gained Wisdom, that it absolutely must be possible to handle PseudoFS Data just like we're used to on any other FS with standard *nix Tools!--" ;D Sorry if i just got your Intentions wrong, it's after all the Trolls hard to judge if you just wanted to point out the till now Reasons why --which i would of course just had absorbed instead of writing this Message--, or to call out that what i propose in my Question is Bullshit without having it even read obviously in this Case?

I read your post in its entirety. I have no intention of insulting you. I have no interest in either writing such programs as you describe or in badgering other people to write them. I will repeat TBOne's advice on the subject:

"Seems like only you need this particular tool....so quit wasting everyones time and go write it."

Quote:

Originally Posted by dugan I think you have a fundamental misunderstanding of what "everything is a file" means. It means that "everything" responds to requests to do the common file operations on them (read, write, stat, etc). It does not mean that everything is stored on disk. It does not mean that everything supports all those operations, and it does not mean that all of those files have a length. When you read (that's a technical word) a file in /sys, or /dev, or /proc, you're literally getting information from the running kernel. The kernel is a running program. You're not reading from the disk. A keyboard might be represented by a file called /dev/input/event12. A program that wants to get input from the keyboard would open that file and just keep reading from it. How do copy and rsync operations work? They read from the source file until they get an EOF (end-of-file) character, and they write to the destination file. If you try to copy /dev/input/event12, then the operation would never end because you would never get an EOF. See the problem?

Thanks again dugan, but most of what you said is absolutely clear to me --don't get irritated that the Site states I'm a Noobie, I'm just new here because my previous +20Years of Linux till this Found of Imperfection in Linux went flawlessly--.
I'm as i always say no Pro, but I think if you say, that normal Function even for you includes Stat, we're exactly at the Problem i Point out here all the Time, in '/sys' all the Tools fail, because Stat doesn't seem to work there, ergo is as i also stated `lsof -b` the only Thing, that somewhat works there, but seemingly not perfect, as it states it self, that one should not rely on its Output in -b Mode, so yeah Huston, i think we have a Problem here as Admins and it shouldn't be so, and would probably be fixable from Kernel Folks, that's what i try to bring to your Minds all Day long!

I believe `rsync` has a Flag to not get stuck on such Things, or does not by default --don't remember exactly, but Live System Copies work--, the Problem in '/sys' --and probably any PseudoFS-- is a complete other one, namely that everything there is RAM Pagesize at first Glance and not the Actual Size it becomes when reading it, and `rsync` allegedly cant have that because of his special Algorithms and therefore as i stated in my Question, `cp -a` worked a little bit better till it choked on a Pipe, what is near to that which you explained, but could only be circumvented when `find '/sys' -type p,s` would work, but again, it doesn't since it probably cant stat if it's a Pipe, a Socket, a File or what not, ergo no, UNIX Philosophy not granted in Kernel '/sys' Shithole!

You're getting close to understand what I'm talking about, please continue the Path to Enlightenment.

What about my Question to your VM Idea, was i right that such a Backup would not be Bare Metal clean even with HW Passtrough on?

@High-Tech-Caveman,

This is a second situation where you are using profanities and attacking fellow LQ members.

Kindly refrain from this behavior moving forwards or your posting privileges may be revoked versus a one day ban. If you have any questions please see our rules and especially:

Quote:

Challenge others' points of view and opinions, but do so respectfully and thoughtfully ... without insult and personal attack. Differing opinions is one of the things that make this site great.

https://www.linuxquestions.org/linux/rules.html

Remember some options are to ignore advice you do not agree with, or respond politely.