On Mon, Jul 16, 2018 at 11:50 AM, Matthew Bobrowski <mbobrowski@xxxxxxxxxxxxxx> wrote: > Currently, the fanotify API does not provide a means for user space > programs to register and receive events specifically when a file has been > opened with the intent to be executed. Two new event flags FAN_EXEC and > FAN_EXEC_PERM have been introduced to the fanotify API along with updates > to the generic filesystem notification hooks fsnotify_open and > fsnotify_perm in order to support this capability. > > Signed-off-by: Matthew Bobrowski <mbobrowski@xxxxxxxxxxxxxx> > > --- > [...] > @@ -69,13 +71,15 @@ > #define FAN_ALL_EVENTS (FAN_ACCESS |\ > FAN_MODIFY |\ > FAN_CLOSE |\ > - FAN_OPEN) > + FAN_OPEN |\ > + FAN_EXEC) > > /* > * All events which require a permission response from userspace > */ > #define FAN_ALL_PERM_EVENTS (FAN_OPEN_PERM |\ > - FAN_ACCESS_PERM) > + FAN_ACCESS_PERM |\ > + FAN_EXEC_PERM) > If we change these masks that are exposed to user and there is a user program setting a mark with FAN_ALL_EVENTS, recompiling that program with new headers will make the binary incompatible with old kernels. Jan, Do you think that is a problem? Thanks, Amir.
