From: Amir Goldstein <amir73il@gmail.com>
To: Jan Kara <jack@suse.cz>
Cc: Christian Brauner <brauner@kernel.org>,
Lennart Poettering <lennart@poettering.net>,
Tejun Heo <tj@kernel.org>,
"T . J . Mercier" <tjmercier@google.com>,
linux-fsdevel@vger.kernel.org
Subject: [RFC][PATCH 0/5] fanotify namespace monitoring
Date: Sat, 7 Mar 2026 12:05:45 +0100 [thread overview]
Message-ID: <20260307110550.373762-1-amir73il@gmail.com> (raw)
Jan,
Similar to mount notifications and listmount(), this is the complementary
part of listns().
The discussion about FAN_DELETE_SELF events for kernfs [1] for cgroup
tree monitoring got me thinking that this sort of monitoring should not be
tied to vfs inodes.
Monitoring the cgroups tree has some semantic nuances, but I am told by
Christian, that similar requirement exists for monitoring namepsace tree,
where the semantics w.r.t userns are more clear.
I prepared this RFC to see if it meets the requirements of userspace
and think if that works, the solution could be extended to monitoring
cgroup trees.
IMO monitoring namespace trees and monitoring filesystem objects do not
need to be mixed in the same fanotify group, so I wanted to try using
the high 32bits for event flags rather than wasting more event flags
in low 32bit. I remember that I wanted to so that for mount monitoring
events, but did not insist, so too bad.
However, the code for using the high 32bit in uapi is quite ugly and
hackish ATM, so I kept it as a separate patch, that we can either throw
away or improve later.
Christian/Lennart,
I had considered if doing "recursive watches" to get all events from
descendant namepsaces is worth while and decided with myself that it was
not.
Please let me know if this UAPI meets your requirements.
Amir.
[1] https://lore.kernel.org/r/20260220055449.3073-1-tjmercier@google.com/
Amir Goldstein (5):
fanotify: add support for watching the namespaces tree
fanotify: use high bits for FAN_NS_CREATE/FAN_NS_DELETE
selftests/filesystems: create fanotify test dir
filesystems/statmount: update mount.h in tools include dir
selftests/filesystems: add fanotify namespace notifications test
fs/notify/fanotify/fanotify.c | 43 ++-
fs/notify/fanotify/fanotify.h | 19 +
fs/notify/fanotify/fanotify_user.c | 102 +++++-
fs/notify/fdinfo.c | 14 +-
fs/notify/fsnotify.c | 28 +-
fs/notify/fsnotify.h | 7 +
fs/notify/mark.c | 7 +
fs/nsfs.c | 21 ++
include/linux/fanotify.h | 17 +-
include/linux/fsnotify_backend.h | 22 ++
include/linux/proc_fs.h | 2 +
include/linux/user_namespace.h | 6 +
include/uapi/linux/fanotify.h | 79 +++--
kernel/nscommon.c | 46 +++
tools/include/uapi/linux/fanotify.h | 79 +++--
tools/include/uapi/linux/mount.h | 13 +-
tools/testing/selftests/Makefile | 2 +-
.../{mount-notify => fanotify}/.gitignore | 0
.../{mount-notify => fanotify}/Makefile | 3 +-
.../mount-notify_test.c | 0
.../mount-notify_test_ns.c | 0
.../filesystems/fanotify/ns-notify_test.c | 330 ++++++++++++++++++
22 files changed, 746 insertions(+), 94 deletions(-)
rename tools/testing/selftests/filesystems/{mount-notify => fanotify}/.gitignore (100%)
rename tools/testing/selftests/filesystems/{mount-notify => fanotify}/Makefile (67%)
rename tools/testing/selftests/filesystems/{mount-notify => fanotify}/mount-notify_test.c (100%)
rename tools/testing/selftests/filesystems/{mount-notify => fanotify}/mount-notify_test_ns.c (100%)
create mode 100644 tools/testing/selftests/filesystems/fanotify/ns-notify_test.c
--
2.53.0
next reply other threads:[~2026-03-07 11:05 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-07 11:05 Amir Goldstein [this message]
2026-03-07 11:05 ` [RFC][PATCH 1/5] fanotify: add support for watching the namespaces tree Amir Goldstein
2026-03-09 18:07 ` Amir Goldstein
2026-03-07 11:05 ` [RFC][PATCH 2/5] fanotify: use high bits for FAN_NS_CREATE/FAN_NS_DELETE Amir Goldstein
2026-03-07 11:05 ` [RFC][PATCH 3/5] selftests/filesystems: create fanotify test dir Amir Goldstein
2026-03-07 11:05 ` [RFC][PATCH 4/5] filesystems/statmount: update mount.h in tools include dir Amir Goldstein
2026-03-07 11:05 ` [RFC][PATCH 5/5] selftests/filesystems: add fanotify namespace notifications test Amir Goldstein
2026-03-09 12:33 ` [RFC][PATCH 0/5] fanotify namespace monitoring Christian Brauner
2026-03-09 15:47 ` Amir Goldstein
2026-03-10 10:31 ` Christian Brauner
2026-03-10 11:14 ` Amir Goldstein
2026-03-16 10:05 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260307110550.373762-1-amir73il@gmail.com \
--to=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=lennart@poettering.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tj@kernel.org \
--cc=tjmercier@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox