On Sun, Apr 14, 2019 at 10:26 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > On Sun, Apr 14, 2019 at 09:51:38PM +0300, Amir Goldstein wrote: > > > But the truth is I would much rather that users have a way to mark > > a subtree root and ask fanotify for events under that subtree. > > As a matter of fact, I have some private POC patches that allow users to > > setup a mark on a "subtree root" dentry, which really marks the super block > > and keep a reference to the dentry. Than every event on that super block > > is filtered with is_subdir() against the marked dentry. > > And that is_subdir() is protected by what, exactly? And what happens > if you have many such dentries? > > Or, for that matter, what happens if that dentry gets invalidated? Well, as I said, its just a POC, it only supports filtering by a single dentry and I didn't think that was the way to go forward. I am looking for the best way to go forward. That's why I was looking for an API to "fence" renaming objects in/out of of a subtree root. It sounds useful to have something like this for containers and chroots. Let's look at the options users have today. Users can use recursive inotify that is racy and pins too many inodes in cache. Users can use the new fanotify sb mark to get all events on filesystem and filter them by path is userspace (also racy w.r.t ancestry). I donno, maybe filtering by projid or another inherited persistent inode property is good enough for the existing use cases out there - this seems to be the way ext4 is going with encrypted subtrees and case insensitive subtrees. Thanks, Amir.
