On Tue, Sep 11, 2018 at 9:51 AM Nixiaoming <nixiaoming@xxxxxxxxxx> wrote: > > Inotify api cannot display information about users and processes. > That is, you can only know that the file event is generated, but you don't know who triggered the event, which is not conducive to fault location. > Is it possible to add pid and comm members to the event structure to increase the display of user and thread information? > "Is it possible?" is not the only relevant question. I suppose your patch can sort of works, but it exposes information to potentially unpriveleged processes, even exposes pid values outside of the process pid namespace. While those issues could be addressed, you can't change the format struct inotify_event without breaking existing applications. I guess you are not using fanotify API, which already provides pid information (albiet tgid), because it lacks other functionality that you need? Which functionality might that be? Is it directory modification events? If so than you might be interested in my effort to add support for those events to fanotify: https://github.com/amir73il/fsnotify-utils/wiki/Super-block-root-watch Your support, should you choose to offer it, could be in the form of testing patches and/or just by putting forward your use case as an example for the need of an extended fanotify API. Thanks, Amir.
