Monitor fanotify events on the entire filesystem. Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> --- man2/fanotify_mark.2 | 24 +++++++++++++++++++++--- man7/fanotify.7 | 20 +++++++++++--------- 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/man2/fanotify_mark.2 b/man2/fanotify_mark.2 index a9a482fe7..3862a8e34 100644 --- a/man2/fanotify_mark.2 +++ b/man2/fanotify_mark.2 @@ -70,15 +70,23 @@ must be nonempty or the error will occur. .TP .B FAN_MARK_FLUSH -Remove either all mount or all non-mount marks from the fanotify group. +Remove either all marks for filesystems, all marks for mounts or all +marks for directories and files from the fanotify group. If .I flags contains .BR FAN_MARK_MOUNT , all marks for mounts are removed from the group. +If +.I flags +contains +.BR FAN_MARK_FILESYSTEM , +all marks for filesystems are removed from the group. Otherwise, all marks for directories and files are removed. -No flag other than +No flag other than and only one of the flags .B FAN_MARK_MOUNT +or +.B FAN_MARK_FILESYSTEM can be used in conjunction with .BR FAN_MARK_FLUSH . .I mask @@ -119,6 +127,16 @@ will be marked. All directories, subdirectories, and the contained files of the mount point will be monitored. .TP +.BR FAN_MARK_FILESYSTEM " (since Linux 4.20)" +.\" commit d54f4fba889b205e9cd8239182ca5d27d0ac3bc2 +Mark the filesystem specified by +.IR pathname . +The filesystem containing +.I pathname +will be marked. +All the contained files and directories of the filesystem from any mount +point will be monitored. +.TP .B FAN_MARK_IGNORED_MASK The events in .I mask @@ -183,7 +201,7 @@ Without this flag, only events for files are created. .TP .B FAN_EVENT_ON_CHILD Events for the immediate children of marked directories shall be created. -The flag has no effect when marking mounts. +The flag has no effect when marking mounts and filesystems. Note that events are not generated for children of the subdirectories of marked directories. To monitor complete directory trees it is necessary to mark the relevant diff --git a/man7/fanotify.7 b/man7/fanotify.7 index 0c417c07e..ec5532f55 100644 --- a/man7/fanotify.7 +++ b/man7/fanotify.7 @@ -56,8 +56,8 @@ system call creates and initializes an fanotify notification group and returns a file descriptor referring to it. .PP An fanotify notification group is a kernel-internal object that holds -a list of files, directories, and mount points for which events shall be -created. +a list of files, directories, filesystems and mount points for which +events shall be created. .PP For each entry in an fanotify notification group, two bit masks exist: the .I mark @@ -66,14 +66,14 @@ mask and the mask. The mark mask defines file activities for which an event shall be created. The ignore mask defines activities for which no event shall be generated. -Having these two types of masks permits a mount point or directory to be -marked for receiving events, while at the same time ignoring events for -specific objects under that mount point or directory. +Having these two types of masks permits a filesystem, mount point or +directory to be marked for receiving events, while at the same time +ignoring events for specific objects under a mount point or directory. .PP The .BR fanotify_mark (2) -system call adds a file, directory, or mount to a notification group -and specifies which events +system call adds a file, directory, filesystem or mount point to a +notification group and specifies which events shall be reported (or ignored), or removes or modifies such an entry. .PP A possible usage of the ignore mask is for a file cache. @@ -93,8 +93,8 @@ The entries in the fanotify notification groups refer to files and directories via their inode number and to mounts via their mount ID. If files or directories are renamed or moved within the same mount, the respective entries survive. -If files or directories are deleted or moved to another mount or if mounts are -unmounted, the corresponding entries are deleted. +If files or directories are deleted or moved to another mount or if +filesystems or mounts are unmounted, the corresponding entries are deleted. .SS The event queue As events occur on the filesystem objects monitored by a notification group, the fanotify system generates events that are collected in a queue. @@ -481,6 +481,8 @@ additional marks must be created. subdirectory has been created under a marked directory, which makes recursive monitoring difficult.) Monitoring mounts offers the capability to monitor a whole directory tree. +Monitoring filesystems offers the capability to monitor changes made from +any mount of a filesystem instance. .PP The event queue can overflow. In this case, events are lost. -- 2.17.1