From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vasily Novikov Subject: Re: [malware-list] A few concerns about fanotify implementation. Date: Wed, 27 Oct 2010 12:54:59 +0400 Message-ID: <1288169699.7715.103.camel@novikov-v> References: <1288095195.29745.4010.camel@novikov-v> <201010261358.46974.tvrtko.ursulin@sophos.com> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: "malware-list@dmesg.printk.net" , "eparis@redhat.com" , "linux-fsdevel@vger.kernel.org" To: Tvrtko Ursulin Return-path: Received: from relay3.kaspersky-labs.com ([91.103.66.246]:59316 "EHLO relay3.kaspersky-labs.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751016Ab0J0I4L (ORCPT ); Wed, 27 Oct 2010 04:56:11 -0400 Received: from relay3.kaspersky-labs.com (localhost [127.0.0.1]) by mx3.kaspersky-labs.com (Postfix) with ESMTP id 1FA046632 for ; Wed, 27 Oct 2010 12:56:10 +0400 (MSD) Received: from kas30pipe.localhost (localhost [127.0.0.1]) by mx3.kaspersky-labs.com (Postfix) with ESMTP id CBA9C65B1 for ; Wed, 27 Oct 2010 12:56:09 +0400 (MSD) In-Reply-To: <201010261358.46974.tvrtko.ursulin@sophos.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: > > 3. I read the discussion about how to define paths to scan but anyway. > > We would prefer to have global listener that was defined in the first > > version of the interface and mark unnecessary mount points with > > persistent ignore flags. > > Yeah, but according to Eric there was fierce opposition against global mode > and hence he dropped it. I personally think anti-global mode arguments are not > that solid but what can you do. > > I am pursuing another path of trying to add support for mount marks which > automatically propagate to sub-mounts. That way you can mark root with a mount > mark and when a new filesystem appears under it it will automatically inherit > that mark. I have a proof of concept patch which works but needs some > refactoring to comply with fanotify locking rules. Hopefully it will be > possible to do it in which case I will post it for review. It looks good. I can help you with testing the patch.