Stack Overflow
Stack Overflow

Questions tagged [fanotify]

fanotify is intended to provide an interface for on access file scanning and permissions gating based on the results of those scans. fanotify does not prevent, nor does it attempt to prevent, malicious code running on the Linux machine.

fanotify provides two things:

  1. A new notification system, similar to inotify, only instead of an arbitrary 'watch descriptor' which userspace has to know how to map back to an object on the filesystem, fanotify provides an open read-only fd back to the original object. It should be noted that the set of fanotify events is much smaller than the set of inotify events.

  2. An access system in which processes may be blocked until the fanotify userspace listener has decided if the operation should be allowed.

36 questions
1
vote
0 answers

Distinction between open file modes with fanotify

I find it very very unclear what fanotify flags stand for. Im using it for access control and would like to identify files opened for read and for write. Taken from man: FAN_OPEN_PERM An application wants to open a file or directory. The reader…
buddy123
  • 5,679
  • 10
  • 47
  • 73
1
vote
0 answers

Determine the offset and the size of another process write

I'm working on a backup service. It tracks changes of the files in a the directory to backup. It does that by setting a watch (using inotify with Linux) and comparing the modification time and size after a file has been changed. When it is, the…
user1388973
  • 119
  • 1
  • 11
1
vote
2 answers

What's the difference between access a file and opening a file

I have this doubt: ¿Wich are the differences between: open a file and access a file? I'm working with fanotify, and I'm only interested on FAN_ACCESS events. I start my program and when I try to edit some file, the program does what it has to do.…
Raydel Miranda
  • 13,825
  • 3
  • 38
  • 60
1
vote
1 answer

fanotify: What I'm doing wrong?

I want to monitor a single directory using fanotify, but what I got is monitoring the whole filesystem. This is the code: fa_fd = fanotify_init(FAN_CLOEXEC | FAN_CLASS_CONTENT, O_RDONLY | O_LARGEFILE | O_CLOEXEC); static uint64_t event_mask =…
Raydel Miranda
  • 13,825
  • 3
  • 38
  • 60
0
votes
0 answers

fanotify reports a root directory attribute change upon any file's deletion

On subsequent file deletions (anywhere in the filesystem) fanotify reports the root directory as having its attributes modified. This seems an anomalous bug. The test code at the end of this question (tested using Ubuntu 23 and an ext4 filesystem)…
Jonathan
  • 1,007
  • 16
  • 12
0
votes
0 answers

I'm writing a code for fanotify to listen a filesystem

I'm writing a code for fanotify to listen a filesystem, but I'm having trouble writing a file move-in and move-out event, and I'd like to ask if a file is moved in a file system that's being listened to. Do their MOVED_FROM and MOVED_TO match? That…
xzq
  • 21
  • 1
0
votes
1 answer

Fanotify access permission event for all files in a directory

I want to get notify for each time a file is accessed in a certain directory using fanotify. I'm familiar with fanotify and generally know how to do it, my problem is with fanotify_mark function and what flags and mask should I use for this? I must…
Mostafa Sarmad
  • 21
  • 2
  • 5
0
votes
0 answers

Linux snap application

I want to monitor by FANOTIFY the Linux applications installed by snap but I was not able to do this, just applications installed by "apt-get" or "yum". The documentation is very weak and this task is a must to make my application suitable for all…
Constantin A
  • 1
  • 2
0
votes
0 answers

fanotify: How to check if fanotify API is enabled or disabled by kernel

I want to write a functionality which will check whether fanotify API is enabled or disabled by kernel. If it is enabled then only my program should proceed further otherwise it should return FALSE. I want write a generic function which will work on…
Suyog
  • 21
  • 3
0
votes
0 answers

using popen in fanotify, system hangs while handling fanotify events

i am use Fanotify sample code to handle file open and close events. In handle_events() function i am called my function checkFileIsExecutable(). after calling function my system is hang and need to hard restart. i am providing my function which is…
Dhiraj
  • 13
  • 7
0
votes
0 answers

Make a minifilter like driver for linux

I'm new to the Linux file system. I wanted to use a mini filter like the driver for Linux, I came across various options like Hooks,DazukoFS(not used nowadays) fanotify. So I chose fanotify. I want to modify a file before opening it. The similar…
Vishwas
  • 1
0
votes
0 answers

how to get notified when a process wants to open a file?

I want to write a program that will be notified and do a certain event each time a process wants to open a file, and will we able to allow the process access to a new file or disallow it. For example: I want it to work like the fanotify API in…
shaked nissanov
  • 61
  • 7
0
votes
1 answer

Android fanotify_init: Function not implemented

I'm trying to use fanotify on Android and like to archive that with an executable file (compiled with the ndk). I'm using fsmon (small application which calls the fanotify systemcall) to start the monitor. But on executing the file (on a rooted…
Fabman22
  • 183
  • 12
0
votes
1 answer

Android kernel run fanotify without rooting?

I would like to implement a fanotify (supported by kernel > 2.6.37 - shipped in Android 5+) interface for the Android x86 - at first for goldfish emulator. I like to use the tool fsmon to start the filesystem monitor (a C program with basic…
Fabman22
  • 183
  • 12
0
votes
2 answers

Opening a file cause system hangs while handling fanotify events

I'm newbie to fanotify. I used the example of the fanotify manpage to write any information to a file, while handling events of file open and close. A system call to 'fopen' cause system hangs. When I changed 'FAN_OPEN_PERM' to 'FAN_OPEN', it's all…
Taesung
  • 1
  • 2
1
2
3