Re: Fanotify API - Tracking File Movement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, May 07, 2022 at 07:03:13PM +0300, Amir Goldstein wrote:
> Sorry Matthew, I was looking at the code to give you pointers, but there were
> so many subtle details (as Jan has expected) that I could only communicate
> them with a patch.
> I tested that this patch does not break anything, but did not implement the
> UAPI changes, so the functionality that it adds is not tested - I leave that
> to you.

No, that's totally fine. I had to familiarize myself with the
FS/FAN_RENAME implementation as I hadn't gone over that series. So
appreciate you whipping this together quickly as it would've taken a
fair bit of time.

Before the UAPI related modifications, we need to first figure out how
we are to handle the CREATE/DELETE/MOVE cases.

...

> My 0.02$ - while FAN_RENAME is a snowflake, this is not because
> of our design, this is because rename(2) is a snowflake vfs operation.
> The event information simply reflects the operation complexity and when
> looking at non-Linux filesystem event APIs, the event information for rename
> looks very similar to FAN_RENAME. In some cases (lustre IIRC) the protocol
> was enhanced at some point exactly as we did with FAN_RENAME to
> have all the info in one event vs. having to join two events.
> 
> Hopefully, the attached patch simplifies the specialized implementation
> a little bit.
> 
> But... (there is always a but when it comes to UAPI),
> When looking at my patch, one cannot help wondering -
> what about FAN_CREATE/FAN_DELETE/FAN_MOVE?
> If those can report child fid, why should they be treated differently
> than FAN_RENAME w.r.t marking the child inode?

This is something that crossed my mind while looking over the patch
and is a very good thing to call-out indeed. I am of the opinion that
we shouldn't be placing FAN_RENAME in the special egg basket and also
consider how this is to operate for events
FAN_CREATE/FAN_DELETE/FAN_MOVE.

> For example, when watching a non-dir for FAN_CREATE, it could
> be VERY helpful to get the dirfid+name of where the inode was
> hard linked.

Oh right, here you're referring to this specific scenario:

- FAN_CREATE mark exclusively placed on /dir1/old_file
- Create link(/dir1/old_file, /dir2/new_file)
- Expect to receive single event including two information records
  FID(/dir1/old_file) + DFID_NAME(/dir2/new_file)

Is that correct?

> In fact, if an application is watching FAN_RENAME to track the
> movement of a non-dir file and does not watch hardlink+unlink, then
> the file could escape under the application's nose.

That's understood.

/M




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux