Stack Overflow
Stack Overflow

Questions tagged [fanotify]

fanotify is intended to provide an interface for on access file scanning and permissions gating based on the results of those scans. fanotify does not prevent, nor does it attempt to prevent, malicious code running on the Linux machine.

fanotify provides two things:

  1. A new notification system, similar to inotify, only instead of an arbitrary 'watch descriptor' which userspace has to know how to map back to an object on the filesystem, fanotify provides an open read-only fd back to the original object. It should be noted that the set of fanotify events is much smaller than the set of inotify events.

  2. An access system in which processes may be blocked until the fanotify userspace listener has decided if the operation should be allowed.

36 questions
0
votes
1 answer

fanotify FAN_OPEN read vs. write access?

dear linux C programmers: in the linux fanotify facility, I know how to monitor for file opens (FAN_OPEN). I can also learn whether the open was a 'read' or 'write' if I monitor until the close, because there is a FAN_CLOSE_WRITE and a…
ivo Welch
  • 2,427
  • 2
  • 23
  • 31
0
votes
1 answer

fanotify gremlin---hard no-return fail (under gdb)

this is almost the same example as in the man page. everything is updated to recent versions. gcc is 4.9.2. gdb is 7.8.1. linux kernel is 3.17.6-1 (64bit). the install is a recent arch bootstrap. here is the whittled down case: #define…
ivo Welch
  • 2,427
  • 2
  • 23
  • 31
0
votes
1 answer

How to use FAN_DENY? (Fanotify)

I have read the manpages for Fanotify and flag FAN_DENY I wonder about. I have not found any examples that use FAN_DENY. Manpage: http://www.xypron.de/projects/fanotify-manpages/man7/fanotify.7.html
user2823960
0
votes
1 answer

System freezes if I reboot or shutdown with a running daemon that controls access to files using fanotify

I made my daemon use fanotify API to control access to files. Here is the working thread: void * threadProc( void * data ) { if( data == NULL ) return 0; RealTimeDrvrImp & _this = *( ( RealTimeDrvrImp * )data ); const unsigned int…
kopalvich
  • 434
  • 5
  • 14
0
votes
1 answer

fanotify: monitor one specific folder - not the whole filesystem

I used the example of the fanotify manpage to get all paths, where an file-access occured. But i only want the file-access monitored from one specific folder e.g. /tmp/myfolder. For that i add my specific folder "/tmp/myfolder": fanotify_mark(fd, …
imizeropt
  • 176
  • 1
  • 13
0
votes
1 answer

fanotify unable monitor entire system for FAN_OPEN_PERM event by multi-threaded program, and to ignore directories

I want to monitor whole system for FAN_OPEN_PERM | FAN_CLOSE_WRITE events by a multi - threaded program, and ignore some directories (say /home/mydir). I used fanotify_init() and fanotify_mark() in main() as: //Is there any way to use…
Nitinkumar Ambekar
  • 969
  • 20
  • 39
1 2
3