[reducing CC] > > The other use case of automatic inode marks I was thinking about, > > which are even more relevant for $SUBJECT is this: > > When instantiating a dentry with an inode that has xattr > > "security.fanotify.mask" (a.k.a. persistent inode mark), an inode > > mark could be auto created and attached to a group with a special sb > > mark (we can limit a single special mark per sb). > > This could be implemented similar to get_acl(), where i_fsnotify_mask > > is always initialized with a special value (i.e. FS_UNINITIALIZED) > > which is set to either 0 or non-zero if "security.fanotify.mask" exists. > > > > The details of how such an API would look like are very unclear to me, > > so I will try to focus on the recursive auto inode mark idea. > > Yeah, although initializing fanotify marks based on xattrs does not look > completely crazy I can see a lot of open questions there so I think > automatic inode mark idea has more chances for success at this point :). I realized that there is one sort of "persistent mark" who raises less questions - one that only has an ignore mask. ignore masks can have a "static" namespace that is not bound to any specific group, but rather a set of groups that join this namespace. I played with this idea and wrote some patches: https://github.com/amir73il/linux/commits/fan_xattr_ignore_mask This may end up being useful in the HSM POC - i.e., HSM places persistent ignore mask for permission events for populated dirs/files and removes the persistent mask before punching a hole. Haven't forgotten about the promised wiki. For now, I just wanted to share this idea. Thanks, Amir.
