From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Paris <eparis@redhat.com>
Subject: Re: [malware-list] A few concerns about fanotify implementation.
Date: Wed, 27 Oct 2010 11:58:54 -0400
Message-ID: <1288195134.2655.202.camel@localhost.localdomain>
References: <1288095195.29745.4010.camel@novikov-v>
	 <201010261358.46974.tvrtko.ursulin@sophos.com>
	 <1288169699.7715.103.camel@novikov-v>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Tvrtko Ursulin <tvrtko.ursulin@sophos.com>,
	"malware-list@dmesg.printk.net" <malware-list@dmesg.printk.net>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
To: Vasily Novikov <vasily.novikov@kaspersky.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:40607 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753666Ab0J0P7Q (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 27 Oct 2010 11:59:16 -0400
In-Reply-To: <1288169699.7715.103.camel@novikov-v>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Wed, 2010-10-27 at 12:54 +0400, Vasily Novikov wrote:
> > > 3. I read the discussion about how to define paths to scan but anyway.
> > > We would prefer to have global listener that was defined in the first
> > > version of the interface and mark unnecessary mount points with
> > > persistent ignore flags.
> > 
> > Yeah, but according to Eric there was fierce opposition against global mode
> > and hence he dropped it. I personally think anti-global mode arguments are not
> > that solid but what can you do.
> > 
> > I am pursuing another path of trying to add support for mount marks which
> > automatically propagate to sub-mounts. That way you can mark root with a mount
> > mark and when a new filesystem appears under it it will automatically inherit
> > that mark. I have a proof of concept patch which works but needs some
> > refactoring to comply with fanotify locking rules. Hopefully it will be
> > possible to do it in which case I will post it for review.
> 
> It looks good. I can help you with testing the patch.

I've got about 20 patches in

http://git.infradead.org/users/eparis/notify.git/shortlog/refs/heads/for-next

Which I hope addresses everything people have been asking for (except
Tvrtko's mount point inheritance wish)

-Eric