On Wed 08-06-22 12:00:23, Amir Goldstein wrote: > On Wed, Jun 8, 2022 at 11:31 AM Gal Rosen <gal.rosen@xxxxxxxxxxxxxx> wrote: > > > > Hi Jack, > > > > Can you provide details on the reason I sometimes get read errors on events that I get from FANOTIFY ? > > My user space program watches on all mount points in the system and sometimes when in parallel I run full scan with another application on all my files in the endpoint, I get a read error when trying to read from the FANOTIFY fd on a new event. > > The errno is sometimes EPERM (Operation not permitted) and sometimes EMFILE (Too many open files). > > > > Hi Gal, > > EPERM is a bit surprising assuming that your process has CAP_SYS_ADMIN, > so needs investigating, but EMFILE is quite obvious. > Every event read needs to open a fd to place in event->fd. > If you exceed your configured limit, this error is expected. > You can bump the limit as CAP_SYS_ADMIN if that helps. Correct. I want to add that the file descriptor is open when reading the event from the kernel and the application that read the event is responsible for closing the file descriptor. So it is the number of events received by your application for which received fd has not been closed yet that matters. And EPERM error is indeed surprising. Is some security policy (SELinux?) in place that could deny open? Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
