From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf0-f66.google.com ([209.85.215.66]:34392 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756072AbcJMTmL (ORCPT ); Thu, 13 Oct 2016 15:42:11 -0400 Received: by mail-lf0-f66.google.com with SMTP id x23so8551387lfi.1 for ; Thu, 13 Oct 2016 12:41:32 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <87inswm9sg.fsf@drapion.f-secure.com> References: <87inswm9sg.fsf@drapion.f-secure.com> From: Amir Goldstein Date: Thu, 13 Oct 2016 21:42:10 +0300 Message-ID: Subject: Re: [RFC][PATCH 0/7] fanotify: add support for more events To: Marko Rauhamaa Cc: linux-fsdevel Content-Type: text/plain; charset=UTF-8 Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Thu, Oct 13, 2016 at 8:35 PM, Marko Rauhamaa wrote: > > Amir Goldstein: >> This series is a prep work for using fanotify to monitor all events in >> a file system with a single watch. >> >> [...] >> >> I am posting this WIP to get feedback on the idea and to find out if >> there are any users out there interested in the improved fanotify >> capabilities and/or in the super block monitoring use case. > > My employer certainly is in need of monitoring a whole filesystem. We > have noticed that namespaces evade monitoring via FAN_MARK_MOUNT. I was > thinking something like a FAN_MARK_FILESYSTEM would be needed. > I have a POC of monitoring entire file system, while filtering to namespace only the events that should be visible to its mounts. I need to get the patches into shape and shake them a bit, then I will post them and I am hoping that others could test them for their use case as well. I keep hearing about people that wanted that feature, but those people will need to come forward and voice their use cases. > (There are some other needed features but filesystem monitoring is the > most pressing one.) > > > Jan Kara: >> Careful here. In the world of user namespaces and containers you have >> to be really careful so that events from one container don't leak into >> another container despite they live in the same physical filesystem, >> just a different bind mount. > > Obviously, proper care needs to be taken, but a namespace should not be > able smuggle filesystem events past fanotify monitoring. > I agree. Cheers, Amir.