Re: Fanotify Ignore mask

Re: Fanotify Ignore mask

[Jan Kara]

Hello Nilesh!

On Sun 22-03-20 17:50:50, Nilesh Awate wrote:
> I'm new to Fanotify. I'm approaching you because I see that you have done great work in Fanotify subsystem.
> 
> I've a trivial query. How can we ignore events from a directory, If we have mark "/" as mount.
> 
> fd = fanotify_init(FAN_CLOEXEC | FAN_CLASS_CONTENT | FAN_NONBLOCK,
>                        O_RDONLY | O_LARGEFILE);
> 
> ret = fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_MOUNT,  FAN_OPEN_PERM | FAN_CLOSE_WRITE,
>                                    AT_FDCWD, "/") ;
> 
> Now I don't want events from "/opt" directory is it possible to ignore all events from /opt directory.
> 
> I see examples from https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/fanotify/fanotify01.c
> But they all taking about a file. Could you pls help me here.

There's no way how you could 'ignore' events in the whole directory, let
alone even the whole subtree under a directory which you seem to imply.
Ignore mask really only work for avoiding generating events from individual
files. Any more sophisticated filtering needs to happen in userspace after
getting the events from the kernel.

									Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: Fanotify Ignore mask

[Amir Goldstein]

On Mon, Mar 23, 2020 at 1:57 PM Jan Kara <jack@suse.cz> wrote:
>
>
> Hello Nilesh!
>
> On Sun 22-03-20 17:50:50, Nilesh Awate wrote:
> > I'm new to Fanotify. I'm approaching you because I see that you have done great work in Fanotify subsystem.
> >
> > I've a trivial query. How can we ignore events from a directory, If we have mark "/" as mount.
> >
> > fd = fanotify_init(FAN_CLOEXEC | FAN_CLASS_CONTENT | FAN_NONBLOCK,
> >                        O_RDONLY | O_LARGEFILE);
> >
> > ret = fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_MOUNT,  FAN_OPEN_PERM | FAN_CLOSE_WRITE,
> >                                    AT_FDCWD, "/") ;
> >
> > Now I don't want events from "/opt" directory is it possible to ignore all events from /opt directory.
> >
> > I see examples from https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/fanotify/fanotify01.c
> > But they all taking about a file. Could you pls help me here.
>
> There's no way how you could 'ignore' events in the whole directory, let
> alone even the whole subtree under a directory which you seem to imply.
> Ignore mask really only work for avoiding generating events from individual
> files. Any more sophisticated filtering needs to happen in userspace after
> getting the events from the kernel.

There is no way so set an 'ignore' mask, but it is possible to use the fact that
the mark is a 'mount' mark.
By mounting a bind mount over /opt (mount -o bind /opt /opt) operations within
the /opt subtree (if performed from this mount ns and with path lookup
done after
mounting the bind mount), will not generate events to the mount mark on /.

Thanks,
Amir.

RE: [EXTERNAL] Re: Fanotify Ignore mask

[Nilesh Awate]

Hi Jan, Amir -

Thank you for quick respond!

Yes with mount --bind /opt /opt and then adding ignore mask it works as expected. 

Regards,
Nilesh

-----Original Message-----
From: Amir Goldstein <amir73il@gmail.com> 
Sent: Monday, March 23, 2020 6:34 PM
To: Jan Kara <jack@suse.cz>
Cc: Nilesh Awate <Nilesh.Awate@microsoft.com>; linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: [EXTERNAL] Re: Fanotify Ignore mask

On Mon, Mar 23, 2020 at 1:57 PM Jan Kara <jack@suse.cz> wrote:
>
>
> Hello Nilesh!
>
> On Sun 22-03-20 17:50:50, Nilesh Awate wrote:
> > I'm new to Fanotify. I'm approaching you because I see that you have done great work in Fanotify subsystem.
> >
> > I've a trivial query. How can we ignore events from a directory, If we have mark "/" as mount.
> >
> > fd = fanotify_init(FAN_CLOEXEC | FAN_CLASS_CONTENT | FAN_NONBLOCK,
> >                        O_RDONLY | O_LARGEFILE);
> >
> > ret = fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_MOUNT,  FAN_OPEN_PERM | FAN_CLOSE_WRITE,
> >                                    AT_FDCWD, "/") ;
> >
> > Now I don't want events from "/opt" directory is it possible to ignore all events from /opt directory.
> >
> > I see examples from 
> > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi
> > thub.com%2Flinux-test-project%2Fltp%2Fblob%2Fmaster%2Ftestcases%2Fke
> > rnel%2Fsyscalls%2Ffanotify%2Ffanotify01.c&amp;data=02%7C01%7CNilesh.
> > Awate%40microsoft.com%7C6393ffac541a4e2ce0db08d7cf2aba87%7C72f988bf8
> > 6f141af91ab2d7cd011db47%7C1%7C0%7C637205655195489406&amp;sdata=z8TmM
> > 5yVBC5hd%2FegNkxu%2FVaTqJ9kTEoflyXdEmFo0nc%3D&amp;reserved=0
> > But they all taking about a file. Could you pls help me here.
>
> There's no way how you could 'ignore' events in the whole directory, 
> let alone even the whole subtree under a directory which you seem to imply.
> Ignore mask really only work for avoiding generating events from 
> individual files. Any more sophisticated filtering needs to happen in 
> userspace after getting the events from the kernel.

There is no way so set an 'ignore' mask, but it is possible to use the fact that the mark is a 'mount' mark.
By mounting a bind mount over /opt (mount -o bind /opt /opt) operations within the /opt subtree (if performed from this mount ns and with path lookup done after mounting the bind mount), will not generate events to the mount mark on /.

Thanks,
Amir.

Re: [EXTERNAL] Re: Fanotify Ignore mask

[Amir Goldstein]

On Mon, Mar 23, 2020 at 3:34 PM Nilesh Awate <Nilesh.Awate@microsoft.com> wrote:
>
> Hi Jan, Amir -
>
> Thank you for quick respond!
>
> Yes with mount --bind /opt /opt and then adding ignore mask it works as expected.
>

You shouldn't need an ignore mask if you did not set a mark on the /opt mount.
The mark on / does not 'recursively' apply to sub mounts.

Thanks,
Amir.

RE: [EXTERNAL] Re: Fanotify Ignore mask

[Nilesh Awate]

Yes makes sense.

Thank You!

-----Original Message-----
From: Amir Goldstein <amir73il@gmail.com> 
Sent: Monday, March 23, 2020 8:57 PM
To: Nilesh Awate <Nilesh.Awate@microsoft.com>
Cc: Jan Kara <jack@suse.cz>; linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [EXTERNAL] Re: Fanotify Ignore mask

On Mon, Mar 23, 2020 at 3:34 PM Nilesh Awate <Nilesh.Awate@microsoft.com> wrote:
>
> Hi Jan, Amir -
>
> Thank you for quick respond!
>
> Yes with mount --bind /opt /opt and then adding ignore mask it works as expected.
>

You shouldn't need an ignore mask if you did not set a mark on the /opt mount.
The mark on / does not 'recursively' apply to sub mounts.

Thanks,
Amir.