From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jon Masters Subject: Re: fanotify - overall design before I start sending patches Date: Tue, 28 Jul 2009 07:48:28 -0400 Message-ID: <1248781708.14145.21.camel@localhost.localdomain> References: <1248466429.3567.82.camel@localhost> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, malware-list@dmesg.printk.net, Valdis.Kletnieks@vt.edu, greg@kroah.com, douglas.leeder@sophos.com, tytso@mit.edu, arjan@infradead.org, david@lang.hm, jengelh@medozas.de, aviro@redhat.com, mrkafk@gmail.com, alexl@redhat.com, jack@suse.cz, tvrtko.ursulin@sophos.com, a.p.zijlstra@chello.nl, hch@infradead.org, alan@lxorguk.ukuu.org.uk, mmorley@hcl.in, pavel@suse.cz To: Eric Paris Return-path: Received: from dallas.jonmasters.org ([72.29.103.172]:44140 "EHLO dallas.jonmasters.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752639AbZG1Lsj (ORCPT ); Tue, 28 Jul 2009 07:48:39 -0400 In-Reply-To: <1248466429.3567.82.camel@localhost> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Fri, 2009-07-24 at 16:13 -0400, Eric Paris wrote: > I plan to start sending patches for fanotify in the next week or two. Generally, I appreciate your effort (as I'm sure does everyone else). I agree with Jamie that it's good to consider extending inotify and also that the special socket idea probably won't work for mainline. Also: 1). Ability to watch only certain mount-points, not just directories. Or directories and block on mount operations as Jamie suggested. Or both :) 2). Add event on mmap perhaps. Future theoretical cloud cuckoo land ideas include forcing all mmap operations to be read-only and then having the page fault handler fire an event for every write so that the anti-malware thing can monitor every single touched page...joke. 3). Sounds a lot like netlink could be close enough. Kay and others have been playing with in-kernel multiplexing and re-broadcasting of netlink events, and I'm pretty sure most of the rest is doable. I'm looking forward to updatedb using this. Let's try up-playing the use cases outside malware for this stuff. I think the average person is going to get more excited to see "Beagle done right" or "something like Microsoft indexer service"[0] than 1970s updatedb. It's certainly a nice and compelling reason to get this into mainline IMO. Jon. [0] Except anything but as crap as their version. Seriously, the last time I used a Windows system and looked at it, the indexer was consuming more CPU than Beagle ever did. And I liked the Beagle concept.