On Tue 17-07-18 15:21:45, Amir Goldstein wrote: > On Mon, Jul 16, 2018 at 11:50 AM, Matthew Bobrowski > <mbobrowski@xxxxxxxxxxxxxx> wrote: > > Currently, the fanotify API does not provide a means for user space > > programs to register and receive events specifically when a file has been > > opened with the intent to be executed. Two new event flags FAN_EXEC and > > FAN_EXEC_PERM have been introduced to the fanotify API along with updates > > to the generic filesystem notification hooks fsnotify_open and > > fsnotify_perm in order to support this capability. > > > > Signed-off-by: Matthew Bobrowski <mbobrowski@xxxxxxxxxxxxxx> > > > > --- > > > [...] > > @@ -69,13 +71,15 @@ > > #define FAN_ALL_EVENTS (FAN_ACCESS |\ > > FAN_MODIFY |\ > > FAN_CLOSE |\ > > - FAN_OPEN) > > + FAN_OPEN |\ > > + FAN_EXEC) > > > > /* > > * All events which require a permission response from userspace > > */ > > #define FAN_ALL_PERM_EVENTS (FAN_OPEN_PERM |\ > > - FAN_ACCESS_PERM) > > + FAN_ACCESS_PERM |\ > > + FAN_EXEC_PERM) > > > > If we change these masks that are exposed to user and > there is a user program setting a mark with FAN_ALL_EVENTS, > recompiling that program with new headers will make the binary > incompatible with old kernels. > > Jan, > > Do you think that is a problem? Hum, good point. Honestly, I think it has been a mistake to export FAN_ALL_EVENTS and FAN_ALL_PERM_EVENTS to userspace. Now either the name is going to be misleading or there's a risk of breaking existing apps as you suggest. But let's decide that once I'm convinced this feature is actually worth it. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
