These docs are under active development and cover the v0.20 Kobicha security model.
Peios Learn
On this page
Print Full Specification
§13.4

Inspection Interfaces

§13.4.1 procfs

/proc/<pid>/token — displays the primary token of process <pid>. Gated by PROCESS_QUERY_INFORMATION on the target process's SD, plus PIP dominance check for protected processes. Reading /proc/self/token is always allowed.

/proc/<pid>/task/<tid>/token — displays the effective token of thread <tid>. Shows the impersonated token if the thread is impersonating. Same access requirements as /proc/<pid>/token (PROCESS_QUERY_INFORMATION + PIP dominance).

§13.4.2 securityfs

/sys/kernel/security/kacs/self — the calling thread's effective token. Protected by an SD granting Everyone FILE_READ_DATA. Always readable.

/sys/kernel/security/kacs/sessions — lists active logon sessions with session ID, user SID, logon type, auth package, and logon time. Protected by an SD granting BUILTIN\Administrators and SYSTEM FILE_READ_DATA. Access is enforced via normal AccessCheck against this SD — no special privilege check.