Tag[fanotify] Recent Newest Questions

Is there cheap way of retrieving EUID from PI

I've recently tried to write a program that monitors activity on filesystem. I'd like it to record action, PID, executable name and EUID. I've used fa ...

Why the fanotify_fid Linux manpage example code fails (on open_by_handle_at())?

I'm testing fanotify, on Linux 5.4 (also tested on 5.8); for the tests, I'm using the fanotify_fid.c example in the fanotify(7) manpage. Now, the cod ...

fanotify - problem with new flags introduced in Kernel 5.1

Since Kernel 5.1, new flags FAN_ATTRIB, FAN_CREATE, FAN_DELETE, FAN_DELETE_SELF, FAN_MOVED_FROM, FAN_MOVED_TO and FAN_MOVE_SELF are introduced. Unfort ...

fanotify: is it possible to monitor whole filesystem and write few logs/config in monitored filesystem by same process?

My system gets hanged, if I try to log something in file by same process. Actually I wanted to monitor entire filesystem ("/") with fanotify and also ...

Android fanotify_init: Function not implemented

I'm trying to use fanotify on Android and like to archive that with an executable file (compiled with the ndk). I'm using fsmon (small application whi ...

Android kernel run fanotify without rooting?

I would like to implement a fanotify (supported by kernel > 2.6.37 - shipped in Android 5+) interface for the Android x86 - at first for goldfish e ...

Get path from file descriptor when path is longer than PATH_MAX

I receive filesystem events from fanotify. Sometimes I want to get an absolute path to a file that's being accessed. Usually, it's not a problem - fa ...

Watching a directory tree without inotify

I'm trying to write a backup utility that is supposed to handle a rough 2 terabytes of data in a lot of folders. I want it to perform actions on file ...

Opening a file cause system hangs while handling fanotify events

I'm newbie to fanotify. I used the example of the fanotify manpage to write any information to a file, while handling events of file open and close. ...

How to find out whether CONFIG_FANOTIFY_ACCESS_PERMISSIONS is enabled?

I want to make use of fanotify(7) and the problem I run into is that on some kernels CONFIG_FANOTIFY_ACCESS_PERMISSIONS does not work, although CONFIG ...

fanotify FAN_OPEN read vs. write access?

dear linux C programmers: in the linux fanotify facility, I know how to monitor for file opens (FAN_OPEN). I can also learn whether the open was a 'r ...

fanotify gremlin---hard no-return fail (under gdb)

this is almost the same example as in the man page. everything is updated to recent versions. gcc is 4.9.2. gdb is 7.8.1. linux kernel is 3.17.6-1 (64 ...

Linux - fanotify, but for exec()?

Is there a facility like fanotify, but for exec() operations? Something like kauth in MacOS, but in userland. fanotify only seems to notify on (and a ...

fanotify obtaining file name, why /proc/self/fd/“data->fd”?

I'm examining the source code of the current fatrace. The main loop calling fanotify to obtain the value of data looks like: When it gets to extra ...

How to use FAN_DENY? (Fanotify)

I have read the manpages for Fanotify and flag FAN_DENY I wonder about. I have not found any examples that use FAN_DENY. Manpage: http://www.xypron. ...

System freezes if I reboot or shutdown with a running daemon that controls access to files using fanotify

I made my daemon use fanotify API to control access to files. Here is the working thread: It works correctly. If I stop the daemon before rebooting ...

fanotify: monitor one specific folder - not the whole filesystem

I used the example of the fanotify manpage to get all paths, where an file-access occured. But i only want the file-access monitored from one specific ...

How to detect a file has been deleted

I am writing a program to monitor the file system. But I'm not able to detect when a file is deleted. I tried monitoring with FAN_MARK_ONLYDIR flag ho ...

What's the difference between access a file and opening a file

I have this doubt: ¿Wich are the differences between: open a file and access a file? I'm working with fanotify, and I'm only interested on FAN_ACCESS ...

fanotify: What I'm doing wrong?

I want to monitor a single directory using fanotify, but what I got is monitoring the whole filesystem. This is the code: I have read from fanotify ...