Linux Operating System Architecture
Linux uses a layered/modular architecture where each layer communicates with adjacent layers. Think of it as a stack:
│ User Applications │ ← Top Layer
│ System Libraries │
│ System Calls Interface │
│ Linux Kernel (Core) │
│ Hardware │ ← Bottom Layer
The 5 Main Layers
1. Hardware Layer (Bottom)
Physical components: CPU, RAM, hard drives, network cards, etc.
Linux supports wide variety of hardware architectures
Hardware communicates with kernel through drivers
2. Kernel Layer (Core/Heart)
The kernel is the core of Linux - it manages everything between hardware and applications.
Kernel Components:
A) Process Management
Creates, schedules, and terminates processes
Handles multitasking (running multiple programs)
Manages process priorities and CPU time allocation
Handles inter-process communication (IPC)
B) Memory Management
Allocates and deallocates memory for processes
Manages virtual memory (RAM + swap space)
Handles paging and segmentation
Protects memory spaces between processes
C) File System Management
Provides unified interface to different file systems (ext4, XFS, Btrfs, etc.)
Manages files, directories, and permissions
Handles file I/O operations
Supports Virtual File System (VFS) layer
D) Device Drivers
Software that communicates with hardware devices
Character devices (keyboards, mice)
Block devices (hard drives, USB)
Network devices
E) Network Stack
Manages network protocols (TCP/IP, UDP, etc.)
Handles network connections and data transmission
Manages network interfaces
F) Security & Access Control
User authentication and authorization
File permissions and ownership
Security modules (SELinux, AppArmor)
3. System Call Interface
Bridge between user space and kernel space
Provides controlled way for programs to request kernel services
Examples of system calls:
open() - open a file
open()
read() - read data
read()
write() - write data
write()
fork() - create new process
fork()
exec() - execute program
exec()
User Application ↓ System Call (e.g., read()) ↓ Kernel executes request ↓ Returns result to application
4. System Libraries (GNU C Library - glibc)
Pre-written code that applications can use
Provides standard functions (printf, malloc, etc.)
Wraps system calls into easier-to-use functions
Examples:
glibc - GNU C Library (most common)
Standard C Library functions
Math libraries
Threading libraries (pthreads)
5. User Space / Application Layer (Top)
Everything that runs in user mode:
A) System Utilities
Command-line tools: ls, cp, mv, grep, cat
ls
cp
mv
grep
cat
System administration tools
Shell (bash, zsh, fish)
B) User Applications
Web browsers (Firefox, Chrome)
Text editors (vim, nano, gedit)
Office applications
Media players
Games
C) System Services/Daemons
Background processes
Examples: sshd, httpd, systemd
sshd
httpd
systemd
D) Desktop Environment (if GUI)
GNOME, KDE, XFCE
Window managers
Graphical interface
Detailed Architecture Diagram
┌───────────────────────────────────────────────────────────┐
│ USER SPACE │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Shell │ │Applications │ │ Daemons │ │
│ │ (bash, zsh) │ │ (Firefox, │ │ (sshd, │ │
│ │ │ │ vim, etc) │ │ httpd) │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ ↓ ↓ ↓ │
│ ┌───────────────────────────────────────────────┐ │
│ │ System Libraries (glibc, etc) │ │
│ └───────────────────────────────────────────────┘ │
└───────────────────────────────────────────────────────────┘
↓
═══════════════════════════════════════
System Call Interface (API)
│ KERNEL SPACE │
│ ┌──────────────────────────────────────────────────┐ │
│ │ Process Scheduler │ │
│ └──────────────────────────────────────────────────┘ │
│ ┌──────────┐ ┌──────────┐ ┌─────────────────────┐ │
│ │ Memory │ │ File │ │ Network │ │
│ │ Manager │ │ System │ │ Stack │ │
│ └──────────┘ └──────────┘ └─────────────────────┘ │
│ ┌───────────────────────────────────────────────────┐ │
│ │ Device Drivers │ │
│ │ (Disk, Network, USB, Graphics, etc) │ │
│ └───────────────────────────────────────────────────┘ │
│ HARDWARE │
│ CPU │ RAM │ Hard Disk │ Network Card │ USB │ etc. │
Key Concepts
Kernel Space vs User Space
Kernel Space:
Privileged mode with full hardware access
Runs kernel code and drivers
Protected memory area
Can execute any CPU instruction
User Space:
Restricted mode with limited access
Runs applications and user programs
Cannot directly access hardware
Must use system calls to request kernel services
Why This Separation?
Security: Prevents applications from crashing the system
Stability: Bugs in applications don't affect kernel
Protection: Applications can't interfere with each other
Monolithic vs Microkernel
Linux uses a Monolithic Kernel:
Characteristics:
All kernel services run in kernel space
Single large process
Fast performance (no context switching)
Device drivers run in kernel space
Advantages:
✅ Fast performance
✅ Efficient communication between components
✅ Direct hardware access
Disadvantages:
❌ Larger kernel size
❌ Driver bug can crash entire system
❌ More difficult to maintain
However, Linux has modular features:
Can load/unload kernel modules dynamically
Loadable Kernel Modules (LKM)
Best of both worlds approach
Important Kernel Subsystems
1. Virtual File System (VFS)
Applications
VFS Layer (abstraction)
┌────┴────┬────┬─────┬─────┐ ext4 XFS Btrfs NFS FAT32
Provides unified interface for different file systems
Applications don't need to know underlying file system
2. Process Scheduler
Decides which process runs when
Scheduling algorithms:
CFS (Completely Fair Scheduler) - default
Real-time scheduling
Priority-based scheduling
3. Inter-Process Communication (IPC)
Methods processes communicate:
Pipes: Connect output of one process to input of another
Signals: Notify processes of events
Shared Memory: Multiple processes access same memory
Message Queues: Processes send/receive messages
Sockets: Network communication
Boot Process Integration
How architecture comes together during boot:
BIOS/UEFI (Hardware firmware)
Bootloader (GRUB) loads kernel
Kernel initializes:
Memory management
Process scheduler
Device drivers
File systems
Systemd (first user-space process)
System services start
User applications launch
Key Directories in Linux Architecture
/ Root of file system
├── /bin Essential user binaries
├── /boot Kernel and boot files
├── /dev Device files
├── /etc Configuration files
├── /home User home directories
├── /lib System libraries
├── /proc Virtual filesystem (process info)
├── /sys Virtual filesystem (kernel/hardware info)
├── /usr User programs and data
└── /var Variable data (logs, caches)
What are the 5 main layers of Linux architecture from bottom to top?
Hardware Layer
Kernel Layer
System Call Interface
System Libraries
User Space/Application Layer
What is the kernel in Linux?
The core of the Linux OS that manages everything between hardware and applications. It's the heart of the system.
Draw/describe the basic Linux architecture stack.
User Applications (Top)
Linux Kernel ↓ Hardware (Bottom)
What does the Hardware Layer consist of?
Physical components like CPU, RAM, hard drives, network cards, and other peripherals.
How does hardware communicate with the kernel?
Through device drivers
What are the 6 main components of the Linux kernel?
Process Management
Memory Management
File System Management
Device Drivers
Network Stack
Security & Access Control
What does Process Management in the kernel do?
Handles multitasking
Manages process priorities and CPU time
What does Memory Management in the kernel handle?
Allocates/deallocates memory for processes
Manages virtual memory (RAM + swap)
What does File System Management in the kernel do?
Provides unified interface to different file systems
What are device drivers?
Software that communicates with hardware devices (keyboards, hard drives, network cards, etc.)
Name the 3 types of device drivers.
What does the Network Stack in the kernel manage?
Network protocols (TCP/IP, UDP)
Network connections and data transmission
Network interfaces
What security functions does the kernel provide?
What is the System Call Interface?
A bridge between user space and kernel space that provides a controlled way for programs to request kernel services.
Give 5 examples of system calls.
describe the flow when an application makes a system call.
User Application makes system call
System Call (e.g., read())
Kernel executes request
Returns result to application
What are system libraries?
Pre-written code that applications can use, providing standard functions and wrapping system calls into easier-to-use functions.
What is glibc?
GNU C Library - the most common system library in Linux that provides standard C functions.
Give examples of what system libraries provide.
Standard C functions (printf, malloc)
Wrapper functions for system calls
What are the 4 main components of User Space?
System Utilities (command-line tools)
User Applications
System Services/Daemons
Desktop Environment (if GUI)
Give examples of system utilities.
Command-line tools like ls, cp, mv, grep, cat, and shells (bash, zsh, fish)
Give examples of user applications.
Firefox, Chrome, vim, nano, office applications, media players, games
What are daemons? Give examples.
Background processes/services. Examples: sshd (SSH server), httpd (web server), systemd (init system)
Name 3 popular Linux desktop environments.
What is Kernel Space?
What is User Space?
Why do we separate Kernel Space and User Space?
What type of kernel does Linux use?
Monolithic kernel (with modular features)
What are characteristics of a monolithic kernel?
What are 3 advantages of Linux's monolithic kernel?
Fast performance
Efficient communication between components
Direct hardware access
What are 3 disadvantages of a monolithic kernel?
Larger kernel size
Driver bug can crash entire system
More difficult to maintain
What modular features does Linux have despite being monolithic?
What is VFS (Virtual File System)?
A kernel layer that provides a unified interface for different file systems, so applications don't need to know the underlying file system type.
Name 5 file systems that VFS supports.
ext4, XFS, Btrfs, NFS, FAT32
What is the Process Scheduler?
A kernel component that decides which process runs when, using various scheduling algorithms.
What is CFS in Linux?
Completely Fair Scheduler - the default process scheduling algorithm in Linux
What is IPC (Inter-Process Communication)?
Methods that allow processes to communicate with each other
Name 5 IPC methods in Linux)
Pipes
Signals
Shared Memory
Message Queues
Sockets
What are Pipes in IPC?
A method to connect the output of one process to the input of another
What are Signals in IPC?
A method to notify processes of events
What is Shared Memory in IPC?
A method where multiple processes can access the same memory region
What are Sockets in IPC?
A method for network communication between processes
What is stored in /bin?
/bin
Essential user binaries (basic commands)
What is stored in /boot?
/boot
Kernel and boot files
What is stored in /dev?
/dev
Device files (representing hardware devices)
What is stored in /etc?
/etc
Configuration files for the system and applications
What is stored in /home?
/home
User home directories
What is stored in /lib?
/lib
System libraries needed by binaries
What is /proc?
/proc
A virtual filesystem containing process and system information
What is /sys?
/sys
A virtual filesystem containing kernel and hardware information
What is stored in /usr?
/usr
User programs and data (secondary hierarchy)
What is stored in /var?
/var
Variable data like logs, caches, and temporary files
Describe the complete flow when a user application saves a file (all 9 steps).
User runs application
Application needs to save file
System library provides write function
System call (write()) requests kernel service
Kernel receives request and checks permissions
File system driver translates to disk operations
Device driver communicates with hardware
Hardware (disk) performs physical write
Result travels back up to application
What happens when the kernel receives a system call request?
Checks permissions
Allocates resources
Calls appropriate driver (e.g., file system driver)
Returns result
Describe how Linux architecture comes together during boot (6 steps).
BIOS/UEFI (hardware firmware)
Kernel initializes (memory, scheduler, drivers, file systems)
What does the kernel initialize during boot? (4 things)
List 7 advantages of Linux architecture.
Modular - easy to add/remove components
Portable - runs on many hardware platforms
Secure - user/kernel space separation
Stable - isolation prevents system crashes
Efficient - direct communication in kernel
Flexible - supports various file systems, hardware
Scalable - from embedded devices to supercomputers
Why is Linux architecture considered modular?
Easy to add or remove components, especially with Loadable Kernel Modules (LKM)
Why is Linux architecture considered portable?
It can run on many different hardware platforms (x86, ARM, PowerPC, etc.)
How does Linux architecture provide security?
Through user/kernel space separation, which prevents applications from accessing restricted resources directly
How does Linux architecture provide stability?
Isolation between processes and between user/kernel space prevents bugs in one component from crashing the entire system
What makes Linux architecture scalable?
It can run on devices ranging from tiny embedded systems (routers, IoT) to massive supercomputers
What is the primary role of the kernel in Linux architecture?
To act as a bridge between hardware and applications, providing essential services while maintaining security and stability
Why can't user applications directly access hardware?
For security and stability - they must go through the kernel via system calls to prevent unauthorized access and system crashes
What does "layered architecture" mean in Linux?
Each layer communicates only with adjacent layers, creating clear separation of concerns and responsibilities
What is the difference between a system call and a library function?
System call: Direct request to kernel (e.g., write())
Library function: User-space function that may or may not use system calls (e.g., printf() which uses write())
printf()
Why does Linux use virtual memory?
Allows programs to use more memory than physically available
Provides memory protection between processes
Enables efficient memory management with paging/swapping
What is a kernel module?
Code that can be loaded into or unloaded from the kernel at runtime without rebooting (like device drivers)
What does "context switching" mean?
The process of storing and restoring the state of a process so that execution can be resumed later - allows multitasking
Why is the VFS layer important?
It allows applications to work with any file system without knowing the specific implementation details - provides abstraction
What happens in kernel space that cannot happen in user space?
Memory management operations
Process scheduling
Execution of privileged CPU instructions
What is the relationship between kernel modules and device drivers?
Device drivers are often implemented as kernel modules that can be dynamically loaded/unloaded as hardware is connected/disconnected
How does Linux achieve multitasking?
Through the process scheduler which rapidly switches between processes (context switching), giving the illusion of simultaneous execution
What is the purpose of swap space?
Extended virtual memory on disk that allows the system to move inactive memory pages from RAM to disk, freeing up RAM for active processes
Why is Linux architecture considered efficient?
Because all kernel components run in the same address space (monolithic), allowing fast, direct communication without context switching overhead
Compare: Monolithic kernel vs Microkernel
Monolithic: All services in kernel space, faster but larger Microkernel: Minimal kernel, services in user space, more stable but slower
What makes Linux a "hybrid" of monolithic and modular design?
Core is monolithic (all in kernel space) but supports loadable modules (can add/remove features dynamically)
In one sentence, summarize Linux architecture.
Linux architecture is a layered system where the kernel acts as the bridge between hardware and applications, providing essential services while maintaining security and stability through user/kernel space separation.
What are the two main "spaces" in Linux and what runs in each?
Kernel Space: Kernel, drivers, core system functions
User Space: Applications, utilities, shells, daemons, GUI
What is the journey of a simple command like ls through the Linux architecture?
User types ls in shell (user space)
Shell calls executable from /bin
ls needs to read directory (uses library function)
Library makes system call to kernel
Kernel accesses file system
File system driver reads from disk
Data returns through layers back to ls
ls displays output to terminal
Create a mnemonic for the 5 layers (bottom to top).
"Happy Kids Sing Silly Unicorn songs"
Hardware
Kernel
User Space
Create a mnemonic for 6 kernel components.
Please Make Fresh Delicious Noodle Soup"
Security & Access Contro
Scenario: A program crashes. Does it affect the kernel? Why or why not?
No, because the program runs in user space which is isolated from kernel space. The kernel's memory protection prevents user programs from affecting kernel stability.
Scenario: You need to add support for a new graphics card. Which layer/component is involved?
Device drivers in the kernel layer. You would load a new kernel module (driver) for the graphics card.
Scenario: An application needs to allocate 1GB of RAM. Trace this through the architecture.
Application calls malloc() (library function)
malloc()
Library makes system calls (e.g., brk() or mmap())
brk()
mmap()
Kernel's memory management allocates virtual memory
Kernel maps virtual to physical memory
Returns memory address to application
Zuletzt geändertvor 22 Tagen
