From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from helmsgmaster01.f-secure.com ([193.110.108.20]:55678 "EHLO
        helmsgmaster01.f-secure.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S934377AbcJMSvy (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Thu, 13 Oct 2016 14:51:54 -0400
From: Marko Rauhamaa <marko.rauhamaa@f-secure.com>
To: <linux-fsdevel@vger.kernel.org>
Subject: Re: [RFC][PATCH 0/7] fanotify: add support for more events
CC: <amir73il@gmail.com>
Date: Thu, 13 Oct 2016 20:35:43 +0300
Message-ID: <87inswm9sg.fsf@drapion.f-secure.com>
MIME-Version: 1.0
Content-Type: text/plain
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>


Amir Goldstein:
> This series is a prep work for using fanotify to monitor all events in
> a file system with a single watch.
>
> [...]
>
> I am posting this WIP to get feedback on the idea and to find out if
> there are any users out there interested in the improved fanotify
> capabilities and/or in the super block monitoring use case.

My employer certainly is in need of monitoring a whole filesystem. We
have noticed that namespaces evade monitoring via FAN_MARK_MOUNT. I was
thinking something like a FAN_MARK_FILESYSTEM would be needed.

(There are some other needed features but filesystem monitoring is the
most pressing one.)


Jan Kara:
> Careful here. In the world of user namespaces and containers you have
> to be really careful so that events from one container don't leak into
> another container despite they live in the same physical filesystem,
> just a different bind mount.

Obviously, proper care needs to be taken, but a namespace should not be
able smuggle filesystem events past fanotify monitoring.


Marko