0

I want to monitor whole system for FAN_OPEN_PERM | FAN_CLOSE_WRITE events by a multi - threaded program, and ignore some directories (say /home/mydir). I used fanotify_init() and fanotify_mark() in main() as:

//Is there any way to use FAN_GLOBAL_LISTENER?

fd = fanotify_init(FAN_CLOEXEC| FAN_NONBLOCK | FAN_CLASS_CONTENT | FAN_UNLIMITED_QUEUE | FAN_UNLIMITED_MARKS, O_RDONLY | O_LARGEFILE) ...

//Marking "/" (doesn't work as multi-threaded program) or "/home" (works fine)

fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_MOUNT, FAN_OPEN_PERM | FAN_CLOSE_WRITE | FAN_EVENT_ON_CHILD, AT_FDCWD, "/") ....

//Now, to ignore directory

fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_ONLYDIR | FAN_MARK_IGNORED_MASK | FAN_MARK_IGNORED_SURV_MODIFY, FAN_OPEN_PERM | FAN_CLOSE_WRITE | FAN_EVENT_ON_CHILD, AT_FDCWD, "/home/mydir")

In my program, main() reads events and pass it to multiple threads to process further.

Problems : 1) System hangs for this multi-threaded program in case of monitoring "/", but works fine for "/home". 2) Still I am getting notifications for "/home/mydir" (marked "/home" & ignored "/home/mydir").

How to mark entire system without any problem with multi-threaded program?

How to use ignore mask to ignore entire directory (recursively)? (Kernel 2.6.38-8-generic)

Nitinkumar Ambekar
  • 969
  • 20
  • 39

1 Answers1

-1

Read the man page.

the FAN_OPEN_PERM flag fires up an event when privileges are required to open the file. If you open a file, let say in /tmp, it does nothing.

Instead you should use FAN_OPEN.

Raydel Miranda
  • 13,825
  • 3
  • 38
  • 60
  • Using 'FAN_OPEN_PERM' you may 'allow' or 'deny' permission to open a file. With 'FAN_OPEN', you may just watch if specific file is being opened (you can't stop it's access). – Nitinkumar Ambekar Nov 15 '13 at 05:43