Re: [PATCH v7 2/4] fanotify: introduce new event mask FAN_OPEN_EXEC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue 13-11-18 22:45:28, Matthew Bobrowski wrote:
> On Mon, Nov 12, 2018 at 08:37:25AM -0800, Andy Lutomirski wrote:
> > >> OK.  You should probably add to your documentation that interpreters
> > >> opened as a result of execve() and execveat() also set FAN_OPEN_EXEC.
> > > 
> > > I'm not sure I understand your concern (and thus need for documentation).
> > > In the following I assume you watch the whole system for fanotify events
> > > (you can restrict them to specific files / mount points / superblocks
> > > but that's besides the point of this discussion).
> > > If you do:
> > > 
> > > ~> /bin/echo
> > > 
> > > Then you get FAN_OPEN_EXEC event for '/bin/echo' file and nothing more.
> > 
> > If indeed that’s what the code does, then documenting it as such seems fine.
> > But, by inspection, ELF interpreters are opened with open_exec(), so they
> > should fire the event too. Am I wrong?
> 
> No, you're not wrong.
> 
> I do believe that there is no need to add a specific statement about
> interpreters within the documentation.

So I think what Andy means is that if I watch / for FAN_OPEN_EXEC, then
people may not immediately realize that if they do /bin/echo, they'll
actually get events for

/bin/echo
/lib64/ld-2.22.so

At least I didn't immediately realize that (and just compiled test kernel
with your patches to verify). So I think this clarification would be worth
it as a note in the manpage. Changelog can IMO stay as is.

								Honza 
-- 
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux