On Wed 17-10-18 17:33:18, Matthew Bobrowski wrote: > > And a general question: Do I understand right that your audit application > > needs this event type? > > Yes, your understanding is correct. The application we're developing > requires this event type. > > > I'm asking because so far what Steve wrote me was about pattern matching > > of fanotify events to detect when something happens. So it's not clear > > to me how permission event fits into that. > > That detection for when "something happens", is precisely to do with > understanding when a file is opened for execution. We use permission > events within the application we're developing to either ALLOW or DENY a > particular action being performed against an object. At the moment, we > don't have any way to determine what actually caused a watched object to > be opened, so this is to aid with that, and also help us make a better > judgment how we're to respond to a particular action. OK, understood. I just wanted to be sure I understand what you need correctly. Thanks for explanation. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
