From: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
To: Jan Kara <jack-AlSwsSmVLrQ@public.gmane.org>
Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: [PATCH 0/1] Manpages for the fanotify API: FAN_ACCESS_PERM for readdir
Date: Mon, 07 Apr 2014 20:16:27 +0200 [thread overview]
Message-ID: <5342EB7B.4010201@gmx.de> (raw)
In-Reply-To: <20140407085624.GB14927-+0h/O2h83AeN3ZZ/Hiejyg@public.gmane.org>
Hello Jan,
> > FAN_ACCESS_PERM
> > The name is misleading. The permission check is done before executing a file
> > or listing a directory.
> AFAIK it doesn't happen before listing a directory. But if you are
> convinced it does, I can check more carefully ;)
iterate_dir calls
security_file_permission(file, MAY_READ);
which in turn calls
fsnotify_perm(file, mask);
Which has these lines:
51 else if (mask & MAY_READ)
52 fsnotify_mask = FS_ACCESS_PERM;
This is the result I get for
#include <stdlib.h>
#include <sys/types.h>
#include <dirent.h>
#include <libgen.h>
int main() {
DIR *dir;
struct dirent *dp;
if ((dir = opendir ("/home/test")) == NULL) {
exit (1);
}
while ((dp = readdir (dir)) != NULL) {
}
closedir(dir);
return 0;
}
FAN_OPEN: File /home/test
FAN_ACCESS_PERM: File /home/test
FAN_ACCESS_PERM: File /home/test
I guess it is somewhat inconsistent that
readdir results in FAN_ACCESS_PERM while
read results in FAN_ACCESS_PERM and FAN_ACCESS.
===
This is the result I get for executing
/home/test/test
which contains the following lines
!#/bin/sh
echo Hello world
FAN_OPEN: File /home/test/test
FAN_ACCESS_PERM: File /home/test/test
FAN_ACCESS: File /home/test/test
FAN_OPEN: File /home/test/test
FAN_ACCESS_PERM: File /home/test/test
FAN_ACCESS: File /home/test/test
FAN_ACCESS_PERM: File /home/test/test
The last FAN_ACCESS_PERM probably does not relate to a read() as it is
not followed by FAN_ACCESS.
===
When running
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
int fd;
char buf[4096];
ssize_t len;
fd = open("/home/test/test", O_RDONLY);
len = read(fd, buf, 4096);
buf[len] = '\0';
printf("Bytes read %d\n%s\n", len, buf);
close(fd);
return 0;
}
I get
FAN_OPEN: File /home/test/test
FAN_ACCESS_PERM: File /home/test/test
FAN_ACCESS: File /home/test/test
When running
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
int fd;
char buf[4096];
ssize_t len;
fd = open("/home/test/test", O_WRONLY);
len = write(fd, "visited" , 4);
close(fd);
return 0;
}
I get
FAN_OPEN: File /home/test/test
FAN_MODIFY: File /home/test/test
You only receive a permission event before reading and not before writing.
The fanotify API was meant for use in a hierarchical storage management
system. Should it not be able to inhibit writing, e.g. if the remote
file is on a read-only medium?
I guess it would make sense to add a FAN_MODIFY_PERM event.
Best regards
Heinrich Schuchardt
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2014-04-07 18:16 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-26 19:53 [PATCH 1/1] Man pages for the fanotify API xypron.glpk-Mmb7MZpHnFY
[not found] ` <1393444390-16012-1-git-send-email-xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
2014-03-14 16:42 ` Michael Kerrisk (man-pages)
[not found] ` <53233160.9000106-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-03-16 15:32 ` xypron.glpk-Mmb7MZpHnFY
[not found] ` <1394983959-5392-1-git-send-email-xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
2014-03-17 15:45 ` Michael Kerrisk (man-pages)
[not found] ` <53271880.4090100-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-03-22 16:42 ` xypron.glpk-Mmb7MZpHnFY
[not found] ` <1395506528-10026-1-git-send-email-xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
2014-03-24 21:23 ` Michael Kerrisk (man-pages)
[not found] ` <5330A257.9080100-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-03-25 15:39 ` Man pages for the fanotify API: merging of events Heinrich Schuchardt
[not found] ` <5331A343.9070403-Mmb7MZpHnFY@public.gmane.org>
2014-03-25 16:37 ` Jan Kara
2014-03-26 19:09 ` [PATCH 1/1] Man pages for the fanotify API Eric Paris
2014-04-06 0:01 ` [PATCH 0/1] Manpages " xypron.glpk-Mmb7MZpHnFY
[not found] ` <1396742468-4752-1-git-send-email-xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
2014-04-06 12:18 ` Michael Kerrisk (man-pages)
[not found] ` <5341461A.3090405-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-04-07 8:48 ` Jan Kara
2014-04-13 14:05 ` fanotify API: FMODE_NONOTIFY, FMODE_EXEC, FMODE_NOCMTIME Heinrich Schuchardt
2014-04-20 11:56 ` [PATCH 1/1] Manpages for the fanotify API Heinrich Schuchardt
[not found] ` <1397994990-9068-1-git-send-email-xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
2014-04-22 14:29 ` Michael Kerrisk (man-pages)
[not found] ` <53567CC2.6050708-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-04-23 17:40 ` [PATCH 1/1] fanotify: add manpages Heinrich Schuchardt
[not found] ` <1398274809-6107-1-git-send-email-xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
2014-04-23 20:24 ` [PATCH] fanotify: add man pages Heinrich Schuchardt
[not found] ` <1398284672-7410-1-git-send-email-xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
2014-04-24 16:25 ` Michael Kerrisk (man-pages)
2014-04-07 8:56 ` [PATCH 0/1] Manpages for the fanotify API Jan Kara
[not found] ` <20140407085624.GB14927-+0h/O2h83AeN3ZZ/Hiejyg@public.gmane.org>
2014-04-07 18:16 ` Heinrich Schuchardt [this message]
[not found] ` <5342EB7B.4010201-Mmb7MZpHnFY@public.gmane.org>
2014-04-07 20:13 ` [PATCH 0/1] Manpages for the fanotify API: FAN_ACCESS_PERM for readdir Jan Kara
2014-04-06 0:01 ` [PATCH 1/1] Manpages for the fanotify API xypron.glpk-Mmb7MZpHnFY
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5342EB7B.4010201@gmx.de \
--to=xypron.glpk-mmb7mzphnfy@public.gmane.org \
--cc=eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=jack-AlSwsSmVLrQ@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).