Thread (82 messages) 82 messages, 15 authors, 2009-09-23

Re: fanotify as syscalls

From: Alan Cox <hidden>
Date: 2009-09-16 12:01:27
Also in: linux-fsdevel, lkml

You can't rely on the name being non-racy, but you _can_ reliably
invalidate application-level caches from the sequence of events
including file writes, creates, renames, links, unlinks, mounts.  And
revalidate such caches by the absence of pending events.
You can't however create the caches reliably because you've no idea if
you are referencing the right object in the first place - which is why
you want a handle in these cases. I see fanotify as a handle producing
addition to inotify, not as a replacement (plus some other bits around
open blocking for HSM etc)
Clearly, I'm going to have to explain with working code :-)
Always a good demo
quoted
but it is somewhat inadequate for indexers
For indexers, the real inadequacy is the need to attach inotify
watches to every directory at system startup, and to stat() everything
to check it hasn't changed since the indexer was last running.  Both
stat doesn't help you - inode numbers are only guaranteed unqiue (and
constant) while a reference to the object is held.
Descriptors don't tell you which subtree a file is in any better than
inotify watches.  I.e. they do, if you track them and their containing
directories all individually.
Don't get me wrong - I don't think fanotify is sufficient on its own -
and this is one reason. Some things care about the namespace, some about
getting the exact content.
quoted
chroot isn't a security model. You can already do this with AF_UNIX
sockets (and there are apps that intentionally use fchdir that way)
Ah, no.  AF_UNIX works with explicit sender cooperation.

fanotify gives you access to files without sender cooperation, as it
intercepts every open().
and is currently not general user accessible for this reason.
quoted
Inside of containers - unlikely.
Why not?  Some people run entire distributions in containiners, and
present them as VMs to the world for other people to admin.
In a word - performance. In two words performance and security. It isn't
a sensible setup because you want to scan the most efficient way possible
and you want to keep your malware scan as far away from attackers, so it
makes sense to keep it outside of the containers and do the job once
- one scan, one database of things to keep current.

Alan
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help