From: Eric Paris <eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Jon Masters <jonathan-Zp4isUonpHBD60Wz+7aTrA@public.gmane.org>
Cc: david-gFPdbfVZQbY@public.gmane.org,
a.p.zijlstra-/NLkJaSkS4VmR6Xm/wNWPw@public.gmane.org,
Valdis.Kletnieks-PjAqaU27lzQ@public.gmane.org,
malware-list-h+Im9A44IAFcMpApZELgcQ@public.gmane.org,
douglas.leeder-j34lQMj1tz/QT0dZR+AlfA@public.gmane.org,
mrkafk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
aviro-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
jack-AlSwsSmVLrQ@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
jengelh-nopoi9nDyk+ELgA04lAiVw@public.gmane.org,
hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org,
pavel-AlSwsSmVLrQ@public.gmane.org,
alexl-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org,
arjan-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org
Subject: Re: fanotify - overall design before I start sending patches
Date: Wed, 29 Jul 2009 16:20:33 -0400 [thread overview]
Message-ID: <1248898833.2597.66.camel@localhost> (raw)
In-Reply-To: <1248781708.14145.21.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
On Tue, 2009-07-28 at 07:48 -0400, Jon Masters wrote:
> On Fri, 2009-07-24 at 16:13 -0400, Eric Paris wrote:
>
> > I plan to start sending patches for fanotify in the next week or two.
>
> Generally, I appreciate your effort (as I'm sure does everyone else).
>
> I agree with Jamie that it's good to consider extending inotify and also
> that the special socket idea probably won't work for mainline. Also:
The special socket idea was Alan Cox's idea and I haven't heard a usable
alternative.
> 1). Ability to watch only certain mount-points, not just directories. Or
> directories and block on mount operations as Jamie suggested. Or both :)
Show me the user and I'll consider it.
> 2). Add event on mmap perhaps. Future theoretical cloud cuckoo land
> ideas include forcing all mmap operations to be read-only and then
> having the page fault handler fire an event for every write so that the
> anti-malware thing can monitor every single touched page...joke.
>
> 3). Sounds a lot like netlink could be close enough. Kay and others have
> been playing with in-kernel multiplexing and re-broadcasting of netlink
> events, and I'm pretty sure most of the rest is doable.
Jeez, about the 50th time someone has said netlink. I need to do the fd
open in the context of the receiving process. How do I do that with
netlink? It cannot be done at the netlink msg send side (which is the
context of the original process accessing the file)
> I'm looking forward to updatedb using this.
Well, that's still in the future work, as all updatedb cares about it
rename events, and the kernel does have enough information to send
fanotify events during rename.
> Let's try up-playing the use
> cases outside malware for this stuff.
I'm not playing any spin or bullshit. I've got HSM users who wants it.
Readahead profiling wants it. I'm told that wine can properly do
windows style notification with it instead of some hack they have now.
I've also got a need to get people who want to run integrity
checkers/virus scanners to stop binary patching/hacking my kernels. I'd
say I've found plenty of use cases today even if you don't find them as
sexy as beagle :)
-Eric
next prev parent reply other threads:[~2009-07-29 20:20 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-24 20:13 fanotify - overall design before I start sending patches Eric Paris
2009-07-24 20:48 ` david-gFPdbfVZQbY
[not found] ` <alpine.DEB.1.10.0907241340580.28013-Z4YwzcCRHZnr5h6Zg1Auow@public.gmane.org>
2009-07-24 21:01 ` Eric Paris
2009-07-24 21:44 ` Jamie Lokier
2009-07-27 17:52 ` Evgeniy Polyakov
2009-07-29 20:11 ` Eric Paris
2009-07-24 21:00 ` Andreas Dilger
2009-07-24 21:21 ` Eric Paris
2009-07-24 22:42 ` Andreas Dilger
2009-07-24 23:01 ` Jamie Lokier
2009-07-24 22:48 ` Jamie Lokier
[not found] ` <20090724224813.GK27755-yetKDKU6eevNLxjTenLetw@public.gmane.org>
2009-07-24 23:25 ` Eric Paris
2009-07-24 23:46 ` Jamie Lokier
2009-07-24 23:49 ` Eric Paris
2009-07-25 0:29 ` Jamie Lokier
2009-07-27 18:33 ` Andreas Dilger
2009-07-27 19:23 ` Jamie Lokier
2009-07-28 17:59 ` Andreas Dilger
[not found] ` <20090727192342.GA27895-yetKDKU6eevNLxjTenLetw@public.gmane.org>
2009-07-29 20:14 ` Eric Paris
[not found] ` <20090727183354.GM4231-RIaA196FMs1uuQVovAj/GogTZbYi8/ss@public.gmane.org>
2009-07-29 20:12 ` Eric Paris
2009-07-29 20:07 ` Eric Paris
2009-07-27 16:54 ` Jan Kara
2009-07-25 14:22 ` Niraj kumar
2009-07-29 20:08 ` Eric Paris
2009-07-28 11:48 ` Jon Masters
[not found] ` <1248781708.14145.21.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-07-29 20:20 ` Eric Paris [this message]
2009-08-03 16:23 ` Christoph Hellwig
[not found] ` <20090803162303.GA31058-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2009-08-03 16:55 ` Eric Paris
2009-08-03 18:04 ` Christoph Hellwig
[not found] ` <20090803180437.GA9798-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2009-08-03 18:13 ` Eric Paris
2009-08-04 16:09 ` Tvrtko Ursulin
[not found] ` <200908041709.51659.tvrtko.ursulin-j34lQMj1tz/QT0dZR+AlfA@public.gmane.org>
2009-08-04 16:27 ` Eric Paris
2009-08-04 16:39 ` Tvrtko Ursulin
[not found] ` <1249403268.2361.21.camel-8EcGF3LoIElviLIMxPk1+R/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2009-08-04 17:22 ` Valdis.Kletnieks-PjAqaU27lzQ
[not found] ` <19585.1249406551-+bZmOdGhbsPr6rcHtW+onFJE71vCis6O@public.gmane.org>
2009-08-04 18:20 ` John Stoffel
[not found] ` <19064.31705.491774.122207-HgN6juyGXH5AfugRpC6u6w@public.gmane.org>
2009-08-04 18:50 ` Eric Paris
2009-08-05 9:32 ` Tvrtko Ursulin
2009-08-04 16:34 ` Tvrtko Ursulin
[not found] ` <200908041734.05762.tvrtko.ursulin-j34lQMj1tz/QT0dZR+AlfA@public.gmane.org>
2009-08-05 10:12 ` Douglas Leeder
2009-08-05 10:35 ` Douglas Leeder
2009-08-05 2:05 ` Pavel Machek
2009-08-05 16:46 ` Tvrtko Ursulin
[not found] ` <200908051746.17903.tvrtko.ursulin-j34lQMj1tz/QT0dZR+AlfA@public.gmane.org>
2009-08-06 10:10 ` Pavel Machek
2009-08-06 10:20 ` Tvrtko Ursulin
2009-08-06 10:24 ` Pavel Machek
[not found] ` <20090806101059.GD31370-I/5MKhXcvmPrBKCeMvbIDA@public.gmane.org>
2009-08-06 10:20 ` Douglas Leeder
2009-08-06 10:22 ` Pavel Machek
2009-08-07 8:59 ` Jamie Lokier
2009-08-06 10:29 ` Peter Zijlstra
2009-08-06 10:59 ` Tvrtko Ursulin
2009-08-06 11:23 ` Peter Zijlstra
2009-08-06 12:48 ` Tvrtko Ursulin
[not found] ` <200908061348.43625.tvrtko.ursulin-j34lQMj1tz/QT0dZR+AlfA@public.gmane.org>
2009-08-06 12:58 ` Alan Cox
[not found] ` <20090806135800.7ccb7787-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2009-08-06 18:18 ` Eric Paris
2009-08-06 13:50 ` Kernel Event Notification Subsystem (was: fanotify - overall design before I start sending patches) Al Boldi
2009-08-06 13:50 ` Al Boldi
2009-08-06 18:18 ` fanotify - overall design before I start sending patches Eric Paris
2009-08-07 16:36 ` Miklos Szeredi
[not found] ` <E1MZSQZ-0002as-FA-8f8m9JG5TPIdUIPVzhDTVZP2KDSNp7ea@public.gmane.org>
2009-08-07 17:43 ` Eric Paris
2009-08-08 10:36 ` Pavel Machek
2009-08-10 10:03 ` Miklos Szeredi
[not found] ` <1249582695.20644.35.camel-8EcGF3LoIElviLIMxPk1+R/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2009-08-08 10:34 ` Pavel Machek
[not found] ` <200908061159.45550.tvrtko.ursulin-j34lQMj1tz/QT0dZR+AlfA@public.gmane.org>
2009-08-06 11:24 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1248898833.2597.66.camel@localhost \
--to=eparis-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=Valdis.Kletnieks-PjAqaU27lzQ@public.gmane.org \
--cc=a.p.zijlstra-/NLkJaSkS4VmR6Xm/wNWPw@public.gmane.org \
--cc=alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org \
--cc=alexl-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=arjan-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=aviro-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=david-gFPdbfVZQbY@public.gmane.org \
--cc=douglas.leeder-j34lQMj1tz/QT0dZR+AlfA@public.gmane.org \
--cc=hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=jack-AlSwsSmVLrQ@public.gmane.org \
--cc=jengelh-nopoi9nDyk+ELgA04lAiVw@public.gmane.org \
--cc=jonathan-Zp4isUonpHBD60Wz+7aTrA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=malware-list-h+Im9A44IAFcMpApZELgcQ@public.gmane.org \
--cc=mrkafk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=pavel-AlSwsSmVLrQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).