On Mon, Mar 23, 2020 at 1:57 PM Jan Kara <jack@xxxxxxx> wrote: > > > Hello Nilesh! > > On Sun 22-03-20 17:50:50, Nilesh Awate wrote: > > I'm new to Fanotify. I'm approaching you because I see that you have done great work in Fanotify subsystem. > > > > I've a trivial query. How can we ignore events from a directory, If we have mark "/" as mount. > > > > fd = fanotify_init(FAN_CLOEXEC | FAN_CLASS_CONTENT | FAN_NONBLOCK, > > O_RDONLY | O_LARGEFILE); > > > > ret = fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_MOUNT, FAN_OPEN_PERM | FAN_CLOSE_WRITE, > > AT_FDCWD, "/") ; > > > > Now I don't want events from "/opt" directory is it possible to ignore all events from /opt directory. > > > > I see examples from https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/fanotify/fanotify01.c > > But they all taking about a file. Could you pls help me here. > > There's no way how you could 'ignore' events in the whole directory, let > alone even the whole subtree under a directory which you seem to imply. > Ignore mask really only work for avoiding generating events from individual > files. Any more sophisticated filtering needs to happen in userspace after > getting the events from the kernel. There is no way so set an 'ignore' mask, but it is possible to use the fact that the mark is a 'mount' mark. By mounting a bind mount over /opt (mount -o bind /opt /opt) operations within the /opt subtree (if performed from this mount ns and with path lookup done after mounting the bind mount), will not generate events to the mount mark on /. Thanks, Amir.
