This has nothing to do with foreground and background processes; it only has to do with the currently running process. When the kernel has to answer the question “What does /proc/self point to?”, it simply picks the currently-scheduled pid, i.e. the currently running process (on the current logical CPU). The effect is that /proc/self always points to the asking program's pid; if you run
ls -l /proc/self
you'll see ls's pid, if you write code which uses /proc/self that code will see its own pid, etc.
This has nothing to do with foreground and background processes; it only has to do with the currently running process. When the kernel has to answer the question “What does /proc/self point to?”, it simply picks the currently-scheduled pid, i.e. the currently running process (on the current logical CPU). The effect is that /proc/self always points to the asking program's pid; if you run
ls -l /proc/self
you'll see ls's pid, if you write code which uses /proc/self that code will see its own pid, etc.
The one that accesses the symlink (calls readlink() on it, or open() on a path through it). It would be running on the CPU at the time, but that's not relevant. A multiprocessor system could have several processes on the CPU simultaneously.
Foreground and background processes are mostly a shell construct, and there's no unique foreground process either, since all shell sessions on the system will have one.
linux - what's the difference between /proc/self and /proc/$$? - Stack Overflow
linux - What does 'self' mean in /proc? - Unix & Linux Stack Exchange
process - How is /proc/self implemented in Linux? - Unix & Linux Stack Exchange
A cool trick with /proc/self/fd
Sorry for the bad pic. The covered text is my first name lol.
For reference, this is on a nearly fresh install of Linux Mint. All I've installed at this point is steam (from their website), nethogs (from the software manager) and ClamAV, its dependencies, as well as ClamTK (also all from the software manager.) ClamAV doesn't seem to be working for some reason, so I can't scan for viruses right now, so this weird process has me paranoid.
Anyways, to my understanding, something only shows up like this when nethogs isn't run with sudo privileges... but I am running it with such privileges. I occasionally see it send and receive tiny amounts of data (like, 0.020 KB/sec). Could I have somehow been infected by a virus, or is this just nothing to worry about?
Also, for the "unknown TCP" thing... I've only seen it send and receive data once, for a fraction of a second (it was also a very tiny amount. About 0.020 KB/sec.). From what I've gathered by looking it up online, this normally shows up in nethogs. I just wanted to confirm that, as well.
Sorry if this sounds like unhinged rambling. This whole thing has me quite paranoid. Plus, I'm a total noob to Linux, so there's a lot of things I don't understand very well, if at all.
http://lxr.linux.no/linux+v3.2.9/fs/proc/base.c#L2482 is the current implementation.
The proc filesystem is entirely virtual, and is implemented so the internal VFS readlink delegates to the right place for special symlinks. So, it calculates what self points to when it is read / traversed, not every context switch.
Files in /proc are not stored on a disk, they are generated on the fly by the kernel. See What happens when I open and read from /proc?
If you're programmatically inclined, you can read the implementation of /proc in the kernel source code. The contents of the /proc/self symbolic link is generated by a function that fills a buffer with the pid of the calling process.