[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1248898833.2597.66.camel@localhost>
Date: Wed, 29 Jul 2009 16:20:33 -0400
From: Eric Paris <eparis@...hat.com>
To: Jon Masters <jonathan@...masters.org>
Cc: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
malware-list@...sg.printk.net, Valdis.Kletnieks@...edu,
greg@...ah.com, douglas.leeder@...hos.com, tytso@....edu,
arjan@...radead.org, david@...g.hm, jengelh@...ozas.de,
aviro@...hat.com, mrkafk@...il.com, alexl@...hat.com, jack@...e.cz,
tvrtko.ursulin@...hos.com, a.p.zijlstra@...llo.nl,
hch@...radead.org, alan@...rguk.ukuu.org.uk, mmorley@....in,
pavel@...e.cz
Subject: Re: fanotify - overall design before I start sending patches
On Tue, 2009-07-28 at 07:48 -0400, Jon Masters wrote:
> On Fri, 2009-07-24 at 16:13 -0400, Eric Paris wrote:
>
> > I plan to start sending patches for fanotify in the next week or two.
>
> Generally, I appreciate your effort (as I'm sure does everyone else).
>
> I agree with Jamie that it's good to consider extending inotify and also
> that the special socket idea probably won't work for mainline. Also:
The special socket idea was Alan Cox's idea and I haven't heard a usable
alternative.
> 1). Ability to watch only certain mount-points, not just directories. Or
> directories and block on mount operations as Jamie suggested. Or both :)
Show me the user and I'll consider it.
> 2). Add event on mmap perhaps. Future theoretical cloud cuckoo land
> ideas include forcing all mmap operations to be read-only and then
> having the page fault handler fire an event for every write so that the
> anti-malware thing can monitor every single touched page...joke.
>
> 3). Sounds a lot like netlink could be close enough. Kay and others have
> been playing with in-kernel multiplexing and re-broadcasting of netlink
> events, and I'm pretty sure most of the rest is doable.
Jeez, about the 50th time someone has said netlink. I need to do the fd
open in the context of the receiving process. How do I do that with
netlink? It cannot be done at the netlink msg send side (which is the
context of the original process accessing the file)
> I'm looking forward to updatedb using this.
Well, that's still in the future work, as all updatedb cares about it
rename events, and the kernel does have enough information to send
fanotify events during rename.
> Let's try up-playing the use
> cases outside malware for this stuff.
I'm not playing any spin or bullshit. I've got HSM users who wants it.
Readahead profiling wants it. I'm told that wine can properly do
windows style notification with it instead of some hack they have now.
I've also got a need to get people who want to run integrity
checkers/virus scanners to stop binary patching/hacking my kernels. I'd
say I've found plenty of use cases today even if you don't find them as
sexy as beagle :)
-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists