On Thu 05-04-18 16:18:19, Amir Goldstein wrote: > Send events to group if super block mark mask matches the event > and unless the same group has an ignore mask on the vfsmount or > the inode on which the event occurred. > > Soon, fanotify backend is going to support super block marks and > fanotify currently only supports path type events. > > Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> So what I miss in this patch set is a description (manpage style) of what is the desired semantics of the new functionality. Then also what usecases motivate this. Probably this belongs to the initial patch. Also linux-api should be CCed as this is a new API so it should get wider scrutiny. Also I'm somewhat concerned with the security of superblock marks - sure fanotify is currently guarded by CAP_SYS_ADMIN but that seriously limits its usefulness so long-term we might need to get rid of that at least for some subset of the functionality or at least relieve that to CAP_SYS_ADMIN inside current namespace. And I'm not sure superblock marks are safe even for CAP_SYS_ADMIN process in the current namespace as the process could escape from its current mount namespace by that. But maybe I'm wrong. I'll try to extract more knowledge about this from some guys at LSF/MM... Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
