From: Jozef Kralik <jozef.kralik@xxxxxxx> Without this patch the fanotify cannot recognize syscalls "open" from "sys_exec" or "uselib". Patch use one bit for flag executed (FS_OPENEXEC) and it's merged with FS_OPEN_PERM, when file try to open with flag FMODE_EXEC (function fsnotify_perm). Signed-off-by: Jozef Kralik <jozef.kralik@xxxxxxx> --- Example: if (metadata->mask & FAN_OPEN_PERM) if (metadata->mask & FAN_OPENEXEC) printf("file was executed"); else printf("file was opened"); Developed & Tested with kernel: 2.6.37-rc4 with patch: patch-v2.6.37-rc4-next-20101201 Diffstat: fs/notify/fanotify/fanotify.c | 1 + fs/notify/fsnotify.c | 2 +- include/linux/fanotify.h | 4 +++- include/linux/fsnotify.h | 9 ++++++--- include/linux/fsnotify_backend.h | 4 +++- 5 files changed, 14 insertions(+), 6 deletions(-) Diff: diff -uprN -X linux-2.6.37-rc4/Documentation/dontdiff linux-2.6.37-rc4/fs/notify/fanotify/fanotify.c linux-2.6.37-rc4-dev/fs/notify/fanotify/fanotify.c --- linux-2.6.37-rc4/fs/notify/fanotify/fanotify.c 2010-12-08 10:07:17.605885678 +0100 +++ linux-2.6.37-rc4-dev/fs/notify/fanotify/fanotify.c 2010-12-08 10:08:06.729268116 +0100 @@ -131,6 +131,7 @@ static int fanotify_handle_event(struct BUILD_BUG_ON(FAN_CLOSE_NOWRITE != FS_CLOSE_NOWRITE); BUILD_BUG_ON(FAN_CLOSE_WRITE != FS_CLOSE_WRITE); BUILD_BUG_ON(FAN_OPEN != FS_OPEN); + BUILD_BUG_ON(FAN_OPENEXEC != FS_OPENEXEC); BUILD_BUG_ON(FAN_EVENT_ON_CHILD != FS_EVENT_ON_CHILD); BUILD_BUG_ON(FAN_Q_OVERFLOW != FS_Q_OVERFLOW); BUILD_BUG_ON(FAN_OPEN_PERM != FS_OPEN_PERM); diff -uprN -X linux-2.6.37-rc4/Documentation/dontdiff linux-2.6.37-rc4/fs/notify/fsnotify.c linux-2.6.37-rc4-dev/fs/notify/fsnotify.c --- linux-2.6.37-rc4/fs/notify/fsnotify.c 2010-11-30 05:42:04.000000000 +0100 +++ linux-2.6.37-rc4-dev/fs/notify/fsnotify.c 2010-12-08 10:08:06.729268116 +0100 @@ -297,7 +297,7 @@ static __init int fsnotify_init(void) { int ret; - BUG_ON(hweight32(ALL_FSNOTIFY_EVENTS) != 23); + BUG_ON(hweight32(ALL_FSNOTIFY_EVENTS) != 24); ret = init_srcu_struct(&fsnotify_mark_srcu); if (ret) diff -uprN -X linux-2.6.37-rc4/Documentation/dontdiff linux-2.6.37-rc4/include/linux/fanotify.h linux-2.6.37-rc4-dev/include/linux/fanotify.h --- linux-2.6.37-rc4/include/linux/fanotify.h 2010-12-08 10:07:17.649885125 +0100 +++ linux-2.6.37-rc4-dev/include/linux/fanotify.h 2010-12-08 10:08:06.733268063 +0100 @@ -9,6 +9,7 @@ #define FAN_CLOSE_WRITE 0x00000008 /* Writtable file closed */ #define FAN_CLOSE_NOWRITE 0x00000010 /* Unwrittable file closed */ #define FAN_OPEN 0x00000020 /* File was opened */ +#define FAN_OPENEXEC 0x00001000 /* File had exec flag */ #define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */ @@ -84,7 +85,8 @@ #define FAN_ALL_OUTGOING_EVENTS (FAN_ALL_EVENTS |\ FAN_ALL_PERM_EVENTS |\ - FAN_Q_OVERFLOW) + FAN_Q_OVERFLOW |\ + FAN_OPENEXEC) #define FANOTIFY_METADATA_VERSION 2 diff -uprN -X linux-2.6.37-rc4/Documentation/dontdiff linux-2.6.37-rc4/include/linux/fsnotify_backend.h linux-2.6.37-rc4-dev/include/linux/fsnotify_backend.h --- linux-2.6.37-rc4/include/linux/fsnotify_backend.h 2010-12-08 10:07:17.657885026 +0100 +++ linux-2.6.37-rc4-dev/include/linux/fsnotify_backend.h 2010-12-08 10:08:06.741267961 +0100 @@ -36,6 +36,7 @@ #define FS_DELETE 0x00000200 /* Subfile was deleted */ #define FS_DELETE_SELF 0x00000400 /* Self was deleted */ #define FS_MOVE_SELF 0x00000800 /* Self was moved */ +#define FS_OPENEXEC 0x00001000 /* File had exec flag */ #define FS_UNMOUNT 0x00002000 /* inode on umount fs */ #define FS_Q_OVERFLOW 0x00004000 /* Event queued overflowed */ @@ -73,7 +74,8 @@ FS_UNMOUNT | FS_Q_OVERFLOW | FS_IN_IGNORED | \ FS_OPEN_PERM | FS_ACCESS_PERM | FS_EXCL_UNLINK | \ FS_ISDIR | FS_IN_ONESHOT | FS_DN_RENAME | \ - FS_DN_MULTISHOT | FS_EVENT_ON_CHILD) + FS_DN_MULTISHOT | FS_EVENT_ON_CHILD | \ + FS_OPENEXEC) struct fsnotify_group; struct fsnotify_event; diff -uprN -X linux-2.6.37-rc4/Documentation/dontdiff linux-2.6.37-rc4/include/linux/fsnotify.h linux-2.6.37-rc4-dev/include/linux/fsnotify.h --- linux-2.6.37-rc4/include/linux/fsnotify.h 2010-12-08 10:07:17.653885076 +0100 +++ linux-2.6.37-rc4-dev/include/linux/fsnotify.h 2010-12-08 10:11:17.086874772 +0100 @@ -46,12 +46,15 @@ static inline int fsnotify_perm(struct f return 0; if (!(mask & (MAY_READ | MAY_OPEN))) return 0; - if (mask & MAY_OPEN) + if (mask & MAY_OPEN) { fsnotify_mask = FS_OPEN_PERM; - else if (mask & MAY_READ) + if (file->f_flags & FMODE_EXEC) + fsnotify_mask |= FS_OPENEXEC; + } else if (mask & MAY_READ) { fsnotify_mask = FS_ACCESS_PERM; - else + } else { BUG(); + } ret = fsnotify_parent(path, NULL, fsnotify_mask); if (ret) -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html