2014-04-25 05:55:05 +00:00
|
|
|
.\" Copyright (C) 2013, Heinrich Schuchardt <xypron.glpk@gmx.de>
|
2014-05-08 08:24:22 +00:00
|
|
|
.\" and Copyright (C) 2014, Michael Kerrisk <mtk.manpages@gmail.com>
|
2014-04-25 05:55:05 +00:00
|
|
|
.\"
|
|
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of
|
|
|
|
.\" this manual under the conditions for verbatim copying, provided that
|
|
|
|
.\" the entire resulting derived work is distributed under the terms of
|
|
|
|
.\" a permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume.
|
|
|
|
.\" no responsibility for errors or omissions, or for damages resulting.
|
|
|
|
.\" from the use of the information contained herein. The author(s) may.
|
|
|
|
.\" not have taken the same level of care in the production of this.
|
|
|
|
.\" manual, which is licensed free of charge, as they might when working.
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\" %%%LICENSE_END
|
iconv.1, ldd.1, locale.1, localedef.1, memusage.1, memusagestat.1, mtrace.1, pldd.1, sprof.1, time.1, _syscall.2, add_key.2, alloc_hugepages.2, arch_prctl.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chown.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, fanotify_init.2, fcntl.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_console.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_getfsmap.2, ioctl_iflags.2, ioctl_list.2, ioctl_ns.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, ipc.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readlink.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, signal.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscall.2, syscalls.2, sysctl.2, sysfs.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, uname.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2, CPU_SET.3, INFINITY.3, __ppc_get_timebase.3, __ppc_set_ppr_med.3, __ppc_yield.3, __setfpucw.3, acos.3, acosh.3, adjtime.3, aio_fsync.3, aio_init.3, aio_read.3, aio_return.3, aio_suspend.3, aio_write.3, alloca.3, argz_add.3, asin.3, asinh.3, asprintf.3, assert.3, assert_perror.3, atan.3, atan2.3, atanh.3, atexit.3, backtrace.3, basename.3, bindresvport.3, bsd_signal.3, bsearch.3, bswap.3, btree.3, byteorder.3, bzero.3, canonicalize_file_name.3, carg.3, cbrt.3, ccos.3, ccosh.3, ceil.3, cexp.3, cfree.3, clearenv.3, clock.3, clock_getcpuclockid.3, clog.3, clog10.3, clog2.3, cmsg.3, confstr.3, copysign.3, cos.3, cosh.3, crypt.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, ctime.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlerror.3, dlinfo.3, dlopen.3, dlsym.3, drand48.3, drand48_r.3, duplocale.3, encrypt.3, end.3, endian.3, envz_add.3, erf.3, erfc.3, err.3, errno.3, error.3, ether_aton.3, euidaccess.3, exec.3, exit.3, exp.3, exp10.3, exp2.3, expm1.3, fabs.3, fcloseall.3, fdim.3, fenv.3, ferror.3, fexecve.3, fflush.3, ffs.3, fgetc.3, fgetgrent.3, fgetpwent.3, finite.3, floor.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmod.3, fmtmsg.3, fopen.3, fopencookie.3, fpclassify.3, fpurge.3, fputwc.3, fputws.3, frexp.3, fseek.3, fseeko.3, ftime.3, fts.3, ftw.3, futimes.3, gamma.3, gcvt.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getauxval.3, getcontext.3, getcwd.3, getdate.3, getentropy.3, getenv.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, gethostid.3, getifaddrs.3, getipnodebyname.3, getline.3, getlogin.3, getmntent.3, getnameinfo.3, getnetent.3, getnetent_r.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getrpcent_r.3, getrpcport.3, gets.3, getservent.3, getservent_r.3, getspnam.3, getsubopt.3, getttyent.3, getumask.3, getutent.3, getwchar.3, glob.3, gnu_get_libc_version.3, grantpt.3, gsignal.3, hash.3, hsearch.3, hypot.3, iconv.3, iconv_close.3, iconv_open.3, if_nameindex.3, if_nametoindex.3, ilogb.3, inet.3, inet_net_pton.3, inet_ntop.3, inet_pton.3, initgroups.3, insque.3, intro.3, isalpha.3, isgreater.3, j0.3, key_setsecret.3, killpg.3, ldexp.3, lgamma.3, lio_listio.3, lockf.3, log.3, log10.3, log1p.3, log2.3, logb.3, login.3, lrint.3, lround.3, lsearch.3, lseek64.3, makecontext.3, makedev.3, mallinfo.3, malloc.3, malloc_get_state.3, malloc_info.3, malloc_stats.3, malloc_trim.3, malloc_usable_size.3, mallopt.3, matherr.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mcheck.3, memccpy.3, memchr.3, memcmp.3, memcpy.3, mkfifo.3, mkstemp.3, mktemp.3, modf.3, mpool.3, mq_close.3, mq_getattr.3, mq_notify.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, nextafter.3, nextup.3, nl_langinfo.3, ntp_gettime.3, offsetof.3, on_exit.3, open_memstream.3, opendir.3, openpty.3, perror.3, popen.3, posix_fallocate.3, posix_madvise.3, posix_memalign.3, posix_openpt.3, posix_spawn.3, pow.3, pow10.3, printf.3, profil.3, program_invocation_name.3, psignal.3, pthread_atfork.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_detach.3, pthread_exit.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_join.3, pthread_kill.3, pthread_kill_other_threads_np.3, pthread_self.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_sigqueue.3, pthread_testcancel.3, pthread_tryjoin_np.3, ptsname.3, putgrent.3, putpwent.3, qsort.3, random.3, random_r.3, rcmd.3, re_comp.3, readdir.3, realpath.3, recno.3, regex.3, remainder.3, remove.3, remquo.3, resolver.3, rexec.3, rint.3, round.3, rpc.3, rpmatch.3, rtime.3, scalb.3, scalbln.3, scandir.3, scanf.3, sched_getcpu.3, sem_close.3, sem_destroy.3, sem_getvalue.3, sem_init.3, sem_open.3, sem_wait.3, setaliasent.3, setbuf.3, setenv.3, setlocale.3, setlogmask.3, setnetgrent.3, shm_open.3, signbit.3, significand.3, sigpause.3, sigqueue.3, sigset.3, sigvec.3, sin.3, sincos.3, sinh.3, sleep.3, sockatmark.3, sqrt.3, statvfs.3, stdarg.3, stdin.3, strcasecmp.3, strcat.3, strchr.3, strcoll.3, strcpy.3, strdup.3, strerror.3, strfmon.3, strfromd.3, strftime.3, strptime.3, strsignal.3, strstr.3, strtod.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, syslog.3, system.3, sysv_signal.3, tan.3, tanh.3, telldir.3, tempnam.3, termios.3, tgamma.3, timeradd.3, tmpnam.3, toupper.3, towlower.3, towupper.3, trunc.3, ttyslot.3, tzset.3, ualarm.3, ulimit.3, undocumented.3, unlocked_stdio.3, updwtmp.3, uselocale.3, usleep.3, wcrtomb.3, wcsdup.3, wcsnrtombs.3, wcsrtombs.3, wcstombs.3, wctob.3, wcwidth.3, wordexp.3, wprintf.3, xcrypt.3, xdr.3, y0.3, cciss.4, console_codes.4, dsp56k.4, fuse.4, hd.4, hpsa.4, initrd.4, intro.4, loop.4, random.4, rtc.4, sd.4, sk98lin.4, st.4, wavelan.4, acct.5, core.5, elf.5, filesystems.5, host.conf.5, hosts.5, locale.5, nologin.5, proc.5, resolv.conf.5, rpc.5, slabinfo.5, utmp.5, aio.7, arp.7, bootparam.7, capabilities.7, cgroup_namespaces.7, cgroups.7, charsets.7, cpuset.7, ddp.7, environ.7, epoll.7, fanotify.7, feature_test_macros.7, futex.7, inode.7, inotify.7, ip.7, ipv6.7, keyrings.7, locale.7, man-pages.7, man.7, math_error.7, mount_namespaces.7, mq_overview.7, namespaces.7, netdevice.7, netlink.7, packet.7, pipe.7, pkeys.7, pthreads.7, pty.7, raw.7, rtld-audit.7, rtnetlink.7, sched.7, session-keyring.7, signal.7, sock_diag.7, socket.7, spufs.7, suffixes.7, tcp.7, udp.7, udplite.7, unicode.7, units.7, unix.7, uri.7, user_namespaces.7, vdso.7, x25.7, xattr.7, iconvconfig.8, ld.so.8, ldconfig.8, sln.8: Update timestamps
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-09-15 10:44:56 +00:00
|
|
|
.TH FANOTIFY 7 2017-09-15 "Linux" "Linux Programmer's Manual"
|
2014-04-25 05:55:05 +00:00
|
|
|
.SH NAME
|
|
|
|
fanotify \- monitoring filesystem events
|
|
|
|
.SH DESCRIPTION
|
2014-05-05 09:45:37 +00:00
|
|
|
The fanotify API provides notification and interception of
|
|
|
|
filesystem events.
|
2014-04-25 05:55:05 +00:00
|
|
|
Use cases include virus scanning and hierarchical storage management.
|
|
|
|
Currently, only a limited set of events is supported.
|
2014-04-25 06:05:16 +00:00
|
|
|
In particular, there is no support for create, delete, and move events.
|
2014-04-25 06:06:07 +00:00
|
|
|
(See
|
|
|
|
.BR inotify (7)
|
|
|
|
for details of an API that does notify those events.)
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2014-04-25 05:55:05 +00:00
|
|
|
Additional capabilities compared to the
|
|
|
|
.BR inotify (7)
|
2014-05-07 08:07:26 +00:00
|
|
|
API include the ability to monitor all of the objects
|
|
|
|
in a mounted filesystem,
|
|
|
|
the ability to make access permission decisions, and the
|
2014-04-25 05:55:05 +00:00
|
|
|
possibility to read or modify files before access by other applications.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2014-04-25 05:55:05 +00:00
|
|
|
The following system calls are used with this API:
|
|
|
|
.BR fanotify_init (2),
|
|
|
|
.BR fanotify_mark (2),
|
|
|
|
.BR read (2),
|
|
|
|
.BR write (2),
|
|
|
|
and
|
|
|
|
.BR close (2).
|
2014-04-25 09:07:48 +00:00
|
|
|
.SS fanotify_init(), fanotify_mark(), and notification groups
|
2014-04-25 08:19:41 +00:00
|
|
|
The
|
2014-04-25 05:55:05 +00:00
|
|
|
.BR fanotify_init (2)
|
2014-04-25 08:19:41 +00:00
|
|
|
system call creates and initializes an fanotify notification group
|
|
|
|
and returns a file descriptor referring to it.
|
2014-04-25 05:55:05 +00:00
|
|
|
.PP
|
2014-04-25 06:05:16 +00:00
|
|
|
An fanotify notification group is a kernel-internal object that holds
|
2014-04-25 05:55:05 +00:00
|
|
|
a list of files, directories, and mount points for which events shall be
|
|
|
|
created.
|
|
|
|
.PP
|
2014-04-25 06:05:16 +00:00
|
|
|
For each entry in an fanotify notification group, two bit masks exist: the
|
|
|
|
.I mark
|
|
|
|
mask and the
|
|
|
|
.I ignore
|
|
|
|
mask.
|
|
|
|
The mark mask defines file activities for which an event shall be created.
|
|
|
|
The ignore mask defines activities for which no event shall be generated.
|
2014-04-25 05:55:05 +00:00
|
|
|
Having these two types of masks permits a mount point or directory to be
|
|
|
|
marked for receiving events, while at the same time ignoring events for
|
|
|
|
specific objects under that mount point or directory.
|
|
|
|
.PP
|
2014-05-08 09:04:30 +00:00
|
|
|
The
|
2014-04-25 09:07:48 +00:00
|
|
|
.BR fanotify_mark (2)
|
|
|
|
system call adds a file, directory, or mount to a notification group
|
|
|
|
and specifies which events
|
|
|
|
shall be reported (or ignored), or removes or modifies such an entry.
|
|
|
|
.PP
|
2014-04-25 05:55:05 +00:00
|
|
|
A possible usage of the ignore mask is for a file cache.
|
|
|
|
Events of interest for a file cache are modification of a file and closing
|
|
|
|
of the same.
|
|
|
|
Hence, the cached directory or mount point is to be marked to receive these
|
|
|
|
events.
|
2014-05-05 09:45:37 +00:00
|
|
|
After receiving the first event informing that a file has been modified,
|
|
|
|
the corresponding cache entry will be invalidated.
|
|
|
|
No further modification events for this file are of interest until the file
|
|
|
|
is closed.
|
2014-04-25 05:55:05 +00:00
|
|
|
Hence, the modify event can be added to the ignore mask.
|
2014-05-06 04:55:26 +00:00
|
|
|
Upon receiving the close event, the modify event can be removed from the
|
2014-04-25 05:55:05 +00:00
|
|
|
ignore mask and the file cache entry can be updated.
|
|
|
|
.PP
|
2014-05-05 09:45:37 +00:00
|
|
|
The entries in the fanotify notification groups refer to files and
|
|
|
|
directories via their inode number and to mounts via their mount ID.
|
2015-08-06 20:49:43 +00:00
|
|
|
If files or directories are renamed or moved within the same mount,
|
2014-05-05 09:45:37 +00:00
|
|
|
the respective entries survive.
|
2015-08-06 20:49:43 +00:00
|
|
|
If files or directories are deleted or moved to another mount or if mounts are
|
|
|
|
unmounted, the corresponding entries are deleted.
|
2014-04-25 09:28:17 +00:00
|
|
|
.SS The event queue
|
2014-05-05 09:38:07 +00:00
|
|
|
As events occur on the filesystem objects monitored by a notification group,
|
2014-04-25 09:18:02 +00:00
|
|
|
the fanotify system generates events that are collected in a queue.
|
|
|
|
These events can then be read (using
|
|
|
|
.BR read (2)
|
|
|
|
or similar)
|
|
|
|
from the fanotify file descriptor
|
|
|
|
returned by
|
|
|
|
.BR fanotify_init (2).
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2014-04-25 09:18:02 +00:00
|
|
|
Two types of events are generated:
|
2014-05-07 08:07:26 +00:00
|
|
|
.I notification
|
|
|
|
events and
|
|
|
|
.I permission
|
|
|
|
events.
|
2014-04-25 09:18:02 +00:00
|
|
|
Notification events are merely informative
|
|
|
|
and require no action to be taken by
|
2014-05-05 09:45:37 +00:00
|
|
|
the receiving application except for closing the file descriptor passed
|
2014-05-07 08:07:26 +00:00
|
|
|
in the event (see below).
|
2014-05-05 09:45:37 +00:00
|
|
|
Permission events are requests to the receiving application to decide
|
|
|
|
whether permission for a file access shall be granted.
|
2014-04-25 05:55:05 +00:00
|
|
|
For these events, the recipient must write a response which decides whether
|
|
|
|
access is granted or not.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2014-05-07 03:49:39 +00:00
|
|
|
An event is removed from the event queue of the fanotify group
|
|
|
|
when it has been read.
|
2014-05-06 18:41:06 +00:00
|
|
|
Permission events that have been read are kept in an internal list of the
|
2014-05-07 03:49:39 +00:00
|
|
|
fanotify group until either a permission decision has been taken by
|
|
|
|
writing to the fanotify file descriptor or the fanotify file descriptor
|
|
|
|
is closed.
|
2014-04-25 09:28:17 +00:00
|
|
|
.SS Reading fanotify events
|
2014-04-25 05:55:05 +00:00
|
|
|
Calling
|
|
|
|
.BR read (2)
|
|
|
|
for the file descriptor returned by
|
|
|
|
.BR fanotify_init (2)
|
|
|
|
blocks (if the flag
|
|
|
|
.B FAN_NONBLOCK
|
|
|
|
is not specified in the call to
|
|
|
|
.BR fanotify_init (2))
|
|
|
|
until either a file event occurs or the call is interrupted by a signal
|
|
|
|
(see
|
|
|
|
.BR signal (7)).
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2014-04-25 05:55:05 +00:00
|
|
|
After a successful
|
2014-04-25 06:05:16 +00:00
|
|
|
.BR read (2),
|
2014-04-25 05:55:05 +00:00
|
|
|
the read buffer contains one or more of the following structures:
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2014-04-25 05:55:05 +00:00
|
|
|
.in +4n
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EX
|
2014-04-25 05:55:05 +00:00
|
|
|
struct fanotify_event_metadata {
|
|
|
|
__u32 event_len;
|
|
|
|
__u8 vers;
|
|
|
|
__u8 reserved;
|
|
|
|
__u16 metadata_len;
|
|
|
|
__aligned_u64 mask;
|
|
|
|
__s32 fd;
|
|
|
|
__s32 pid;
|
|
|
|
};
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EE
|
2014-04-25 05:55:05 +00:00
|
|
|
.in
|
2014-04-25 09:29:17 +00:00
|
|
|
.PP
|
2014-05-07 07:29:06 +00:00
|
|
|
For performance reasons, it is recommended to use a large
|
|
|
|
buffer size (for example, 4096 bytes),
|
|
|
|
so that multiple events can be retrieved by a single
|
|
|
|
.BR read (2).
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2014-05-07 07:29:06 +00:00
|
|
|
The return value of
|
|
|
|
.BR read (2)
|
|
|
|
is the number of bytes placed in the buffer,
|
2014-05-14 18:10:16 +00:00
|
|
|
or \-1 in case of an error (but see BUGS).
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2014-05-07 08:07:26 +00:00
|
|
|
The fields of the
|
|
|
|
.I fanotify_event_metadata
|
|
|
|
structure are as follows:
|
2014-04-25 08:16:17 +00:00
|
|
|
.TP
|
2014-04-25 05:55:05 +00:00
|
|
|
.I event_len
|
2014-05-05 09:45:37 +00:00
|
|
|
This is the length of the data for the current event and the offset
|
|
|
|
to the next event in the buffer.
|
2014-04-25 06:05:16 +00:00
|
|
|
In the current implementation, the value of
|
2014-04-25 05:55:05 +00:00
|
|
|
.I event_len
|
|
|
|
is always
|
|
|
|
.BR FAN_EVENT_METADATA_LEN .
|
2014-05-07 07:29:06 +00:00
|
|
|
However, the API is designed to allow
|
|
|
|
variable-length structures to be returned in the future.
|
2014-04-25 05:55:05 +00:00
|
|
|
.TP
|
|
|
|
.I vers
|
2014-04-25 07:20:45 +00:00
|
|
|
This field holds a version number for the structure.
|
2014-04-25 05:55:05 +00:00
|
|
|
It must be compared to
|
|
|
|
.B FANOTIFY_METADATA_VERSION
|
2014-04-25 07:20:45 +00:00
|
|
|
to verify that the structures returned at runtime match
|
|
|
|
the structures defined at compile time.
|
2014-04-25 05:55:05 +00:00
|
|
|
In case of a mismatch, the application should abandon trying to use the
|
|
|
|
fanotify file descriptor.
|
|
|
|
.TP
|
|
|
|
.I reserved
|
|
|
|
This field is not used.
|
|
|
|
.TP
|
|
|
|
.I metadata_len
|
|
|
|
This is the length of the structure.
|
2014-05-05 09:45:37 +00:00
|
|
|
The field was introduced to facilitate the implementation of
|
|
|
|
optional headers per event type.
|
2014-04-25 05:55:05 +00:00
|
|
|
No such optional headers exist in the current implementation.
|
|
|
|
.TP
|
|
|
|
.I mask
|
2014-05-07 08:07:26 +00:00
|
|
|
This is a bit mask describing the event (see below).
|
2014-04-25 05:55:05 +00:00
|
|
|
.TP
|
|
|
|
.I fd
|
|
|
|
This is an open file descriptor for the object being accessed, or
|
|
|
|
.B FAN_NOFD
|
|
|
|
if a queue overflow occurred.
|
2014-05-05 09:45:37 +00:00
|
|
|
The file descriptor can be used to access the contents
|
|
|
|
of the monitored file or directory.
|
2014-05-07 08:07:26 +00:00
|
|
|
The reading application is responsible for closing this file descriptor.
|
|
|
|
.IP
|
2014-05-07 07:53:35 +00:00
|
|
|
When calling
|
2014-05-07 19:59:08 +00:00
|
|
|
.BR fanotify_init (2),
|
2014-05-07 07:53:35 +00:00
|
|
|
the caller may specify (via the
|
|
|
|
.I event_f_flags
|
|
|
|
argument) various file status flags that are to be set
|
|
|
|
on the open file description that corresponds to this file descriptor.
|
|
|
|
In addition, the (kernel-internal)
|
2014-04-25 05:55:05 +00:00
|
|
|
.B FMODE_NONOTIFY
|
2014-05-07 07:53:35 +00:00
|
|
|
file status flag is set on the open file description.
|
2014-04-25 05:55:05 +00:00
|
|
|
This flag suppresses fanotify event generation.
|
|
|
|
Hence, when the receiver of the fanotify event accesses the notified file or
|
|
|
|
directory using this file descriptor, no additional events will be created.
|
|
|
|
.TP
|
|
|
|
.I pid
|
|
|
|
This is the ID of the process that caused the event.
|
2014-05-05 09:45:37 +00:00
|
|
|
A program listening to fanotify events can compare this PID
|
|
|
|
to the PID returned by
|
2014-04-25 05:55:05 +00:00
|
|
|
.BR getpid (2),
|
2014-05-05 09:45:37 +00:00
|
|
|
to determine whether the event is caused by the listener itself,
|
2014-05-07 08:07:26 +00:00
|
|
|
or is due to a file access by another process.
|
2014-04-25 05:55:05 +00:00
|
|
|
.PP
|
|
|
|
The bit mask in
|
|
|
|
.I mask
|
2014-05-07 08:07:26 +00:00
|
|
|
indicates which events have occurred for a single filesystem object.
|
2014-04-25 09:21:27 +00:00
|
|
|
Multiple bits may be set in this mask,
|
2014-05-05 09:38:07 +00:00
|
|
|
if more than one event occurred for the monitored filesystem object.
|
2014-04-25 09:24:04 +00:00
|
|
|
In particular,
|
|
|
|
consecutive events for the same filesystem object and originating from the
|
|
|
|
same process may be merged into a single event, with the exception that two
|
|
|
|
permission events are never merged into one queue entry.
|
|
|
|
.PP
|
2014-04-25 09:21:27 +00:00
|
|
|
The bits that may appear in
|
|
|
|
.I mask
|
|
|
|
are as follows:
|
2014-04-25 05:55:05 +00:00
|
|
|
.TP
|
|
|
|
.B FAN_ACCESS
|
|
|
|
A file or a directory (but see BUGS) was accessed (read).
|
|
|
|
.TP
|
|
|
|
.B FAN_OPEN
|
|
|
|
A file or a directory was opened.
|
|
|
|
.TP
|
|
|
|
.B FAN_MODIFY
|
|
|
|
A file was modified.
|
|
|
|
.TP
|
|
|
|
.B FAN_CLOSE_WRITE
|
|
|
|
A file that was opened for writing
|
|
|
|
.RB ( O_WRONLY
|
|
|
|
or
|
|
|
|
.BR O_RDWR )
|
|
|
|
was closed.
|
|
|
|
.TP
|
|
|
|
.B FAN_CLOSE_NOWRITE
|
2014-04-25 08:17:03 +00:00
|
|
|
A file or directory that was opened read-only
|
2014-04-25 05:55:05 +00:00
|
|
|
.RB ( O_RDONLY )
|
2014-04-25 08:17:03 +00:00
|
|
|
was closed.
|
2014-04-25 05:55:05 +00:00
|
|
|
.TP
|
|
|
|
.B FAN_Q_OVERFLOW
|
|
|
|
The event queue exceeded the limit of 16384 entries.
|
2014-05-07 08:07:26 +00:00
|
|
|
This limit can be overridden by specifying the
|
|
|
|
.BR FAN_UNLIMITED_QUEUE
|
|
|
|
flag when calling
|
|
|
|
.BR fanotify_init (2).
|
2014-04-25 05:55:05 +00:00
|
|
|
.TP
|
|
|
|
.B FAN_ACCESS_PERM
|
|
|
|
An application wants to read a file or directory, for example using
|
|
|
|
.BR read (2)
|
|
|
|
or
|
|
|
|
.BR readdir (2).
|
2014-05-07 08:07:26 +00:00
|
|
|
The reader must write a response (as described below)
|
|
|
|
that determines whether the permission to
|
2014-04-25 05:55:05 +00:00
|
|
|
access the filesystem object shall be granted.
|
|
|
|
.TP
|
|
|
|
.B FAN_OPEN_PERM
|
|
|
|
An application wants to open a file or directory.
|
|
|
|
The reader must write a response that determines whether the permission to
|
|
|
|
open the filesystem object shall be granted.
|
|
|
|
.PP
|
|
|
|
To check for any close event, the following bit mask may be used:
|
|
|
|
.TP
|
|
|
|
.B FAN_CLOSE
|
2014-04-25 09:32:32 +00:00
|
|
|
A file was closed.
|
2014-05-07 08:07:26 +00:00
|
|
|
This is a synonym for:
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.IP
|
2014-04-25 09:32:32 +00:00
|
|
|
FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE
|
2014-04-25 05:55:05 +00:00
|
|
|
.PP
|
2014-05-05 09:45:37 +00:00
|
|
|
The following macros are provided to iterate over a buffer containing
|
2014-05-07 08:07:26 +00:00
|
|
|
fanotify event metadata returned by a
|
2014-04-25 05:55:05 +00:00
|
|
|
.BR read (2)
|
2014-05-07 08:07:26 +00:00
|
|
|
from an fanotify file descriptor:
|
2014-04-25 05:55:05 +00:00
|
|
|
.TP
|
|
|
|
.B FAN_EVENT_OK(meta, len)
|
|
|
|
This macro checks the remaining length
|
|
|
|
.I len
|
|
|
|
of the buffer
|
|
|
|
.I meta
|
|
|
|
against the length of the metadata structure and the
|
|
|
|
.I event_len
|
|
|
|
field of the first metadata structure in the buffer.
|
|
|
|
.TP
|
|
|
|
.B FAN_EVENT_NEXT(meta, len)
|
2014-05-19 05:16:20 +00:00
|
|
|
This macro uses the length indicated in the
|
2014-04-25 05:55:05 +00:00
|
|
|
.I event_len
|
2014-05-19 05:16:20 +00:00
|
|
|
field of the metadata structure pointed to by
|
|
|
|
.IR meta
|
|
|
|
to calculate the address of the next metadata structure that follows
|
|
|
|
.IR meta .
|
|
|
|
.I len
|
|
|
|
is the number of bytes of metadata that currently remain in the buffer.
|
|
|
|
The macro returns a pointer to the next metadata structure that follows
|
|
|
|
.IR meta ,
|
|
|
|
and reduces
|
|
|
|
.I len
|
2015-03-15 01:12:59 +00:00
|
|
|
by the number of bytes in the metadata structure that
|
2014-05-19 05:16:20 +00:00
|
|
|
has been skipped over (i.e., it subtracts
|
|
|
|
.IR meta\->event_len
|
|
|
|
from
|
|
|
|
.IR len ).
|
2014-05-21 10:40:35 +00:00
|
|
|
.PP
|
|
|
|
In addition, there is:
|
|
|
|
.TP
|
|
|
|
.B FAN_EVENT_METADATA_LEN
|
2014-05-21 10:42:00 +00:00
|
|
|
This macro returns the size (in bytes) of the structure
|
|
|
|
.IR fanotify_event_metadata .
|
2014-05-21 10:40:35 +00:00
|
|
|
This is the minimum size (and currently the only size) of any event metadata.
|
2014-05-19 05:16:20 +00:00
|
|
|
.\"
|
2014-04-25 09:03:04 +00:00
|
|
|
.SS Monitoring an fanotify file descriptor for events
|
|
|
|
When an fanotify event occurs, the fanotify file descriptor indicates as
|
|
|
|
readable when passed to
|
|
|
|
.BR epoll (7),
|
|
|
|
.BR poll (2),
|
|
|
|
or
|
|
|
|
.BR select (2).
|
2014-04-25 08:50:02 +00:00
|
|
|
.SS Dealing with permission events
|
2014-04-25 05:55:05 +00:00
|
|
|
For permission events, the application must
|
|
|
|
.BR write (2)
|
|
|
|
a structure of the following form to the
|
2014-04-25 08:50:47 +00:00
|
|
|
fanotify file descriptor:
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2014-04-25 05:55:05 +00:00
|
|
|
.in +4n
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EX
|
2014-04-25 05:55:05 +00:00
|
|
|
struct fanotify_response {
|
|
|
|
__s32 fd;
|
|
|
|
__u32 response;
|
|
|
|
};
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EE
|
2014-04-25 05:55:05 +00:00
|
|
|
.in
|
2014-04-25 09:34:16 +00:00
|
|
|
.PP
|
|
|
|
The fields of this structure are as follows:
|
2014-04-25 08:16:17 +00:00
|
|
|
.TP
|
2014-04-25 05:55:05 +00:00
|
|
|
.I fd
|
|
|
|
This is the file descriptor from the structure
|
|
|
|
.IR fanotify_event_metadata .
|
|
|
|
.TP
|
|
|
|
.I response
|
|
|
|
This field indicates whether or not the permission is to be granted.
|
|
|
|
Its value must be either
|
|
|
|
.B FAN_ALLOW
|
|
|
|
to allow the file operation or
|
|
|
|
.B FAN_DENY
|
|
|
|
to deny the file operation.
|
|
|
|
.PP
|
2014-04-25 09:35:21 +00:00
|
|
|
If access is denied, the requesting application call will receive an
|
|
|
|
.BR EPERM
|
|
|
|
error.
|
2014-04-25 08:50:02 +00:00
|
|
|
.SS Closing the fanotify file descriptor
|
2014-04-25 08:53:38 +00:00
|
|
|
.PP
|
|
|
|
When all file descriptors referring to the fanotify notification group are
|
|
|
|
closed, the fanotify group is released and its resources
|
|
|
|
are freed for reuse by the kernel.
|
|
|
|
Upon
|
|
|
|
.BR close (2),
|
|
|
|
outstanding permission events will be set to allowed.
|
2014-04-25 09:46:16 +00:00
|
|
|
.SS /proc/[pid]/fdinfo
|
2014-04-25 05:55:05 +00:00
|
|
|
The file
|
2014-04-25 09:46:40 +00:00
|
|
|
.I /proc/[pid]/fdinfo/[fd]
|
2014-04-25 05:55:05 +00:00
|
|
|
contains information about fanotify marks for file descriptor
|
|
|
|
.I fd
|
|
|
|
of process
|
|
|
|
.IR pid .
|
2016-03-08 19:08:46 +00:00
|
|
|
See
|
|
|
|
.BR proc (5)
|
2014-04-25 05:55:05 +00:00
|
|
|
for details.
|
|
|
|
.SH ERRORS
|
|
|
|
In addition to the usual errors for
|
|
|
|
.BR read (2),
|
2014-05-05 09:45:37 +00:00
|
|
|
the following errors can occur when reading from the
|
|
|
|
fanotify file descriptor:
|
2014-04-25 05:55:05 +00:00
|
|
|
.TP
|
|
|
|
.B EINVAL
|
2014-05-07 08:07:26 +00:00
|
|
|
The buffer is too small to hold the event.
|
2014-04-25 05:55:05 +00:00
|
|
|
.TP
|
|
|
|
.B EMFILE
|
|
|
|
The per-process limit on the number of open files has been reached.
|
|
|
|
See the description of
|
|
|
|
.B RLIMIT_NOFILE
|
|
|
|
in
|
|
|
|
.BR getrlimit (2).
|
|
|
|
.TP
|
|
|
|
.B ENFILE
|
accept.2, acct.2, epoll_create.2, execve.2, futex.2, inotify_init.2, mmap.2, open.2, pipe.2, shmget.2, socket.2, socketpair.2, spu_create.2, swapon.2, uselib.2, getgrent.3, getgrnam.3, getlogin.3, getpwent.3, getpwnam.3, mq_open.3, opendir.3, sem_open.3, shm_open.3, tmpfile.3, fanotify.7: ERRORS: standardize text for ENFILE error
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-12-27 16:10:23 +00:00
|
|
|
The system-wide limit on the total number of open files has been reached.
|
2014-04-25 05:55:05 +00:00
|
|
|
See
|
|
|
|
.I /proc/sys/fs/file-max
|
|
|
|
in
|
|
|
|
.BR proc (5).
|
|
|
|
.TP
|
|
|
|
.B ETXTBSY
|
|
|
|
This error is returned by
|
2014-04-25 09:38:09 +00:00
|
|
|
.BR read (2)
|
2014-04-25 05:55:05 +00:00
|
|
|
if
|
|
|
|
.B O_RDWR
|
|
|
|
or
|
|
|
|
.B O_WRONLY
|
|
|
|
was specified in the
|
|
|
|
.I event_f_flags
|
|
|
|
argument when calling
|
|
|
|
.BR fanotify_init (2)
|
2014-04-25 09:38:09 +00:00
|
|
|
and an event occurred for a monitored file that is currently being executed.
|
2014-04-25 05:55:05 +00:00
|
|
|
.PP
|
|
|
|
In addition to the usual errors for
|
|
|
|
.BR write (2),
|
|
|
|
the following errors can occur when writing to the fanotify file descriptor:
|
|
|
|
.TP
|
|
|
|
.B EINVAL
|
2014-05-05 09:45:37 +00:00
|
|
|
Fanotify access permissions are not enabled in the kernel configuration
|
|
|
|
or the value of
|
2014-04-25 05:55:05 +00:00
|
|
|
.I response
|
|
|
|
in the response structure is not valid.
|
|
|
|
.TP
|
|
|
|
.B ENOENT
|
|
|
|
The file descriptor
|
|
|
|
.I fd
|
|
|
|
in the response structure is not valid.
|
2014-05-07 03:49:39 +00:00
|
|
|
This may occur when a response for the permission event has already been
|
|
|
|
written.
|
2014-04-25 05:55:05 +00:00
|
|
|
.SH VERSIONS
|
|
|
|
The fanotify API was introduced in version 2.6.36 of the Linux kernel and
|
|
|
|
enabled in version 2.6.37.
|
|
|
|
Fdinfo support was added in version 3.8.
|
iconv.1, localedef.1, access.2, execveat.2, fanotify_init.2, futex.2, ioctl_fat.2, mount.2, ftw.3, sd.4, tty_ioctl.4, fanotify.7, futex.7, posixoptions.7, iconvconfig.8: srcfix: Remove useless quotes from .SS and .SH sections
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 02:03:52 +00:00
|
|
|
.SH CONFORMING TO
|
2014-04-25 05:55:05 +00:00
|
|
|
The fanotify API is Linux-specific.
|
|
|
|
.SH NOTES
|
|
|
|
The fanotify API is available only if the kernel was built with the
|
|
|
|
.B CONFIG_FANOTIFY
|
|
|
|
configuration option enabled.
|
|
|
|
In addition, fanotify permission handling is available only if the
|
|
|
|
.B CONFIG_FANOTIFY_ACCESS_PERMISSIONS
|
|
|
|
configuration option is enabled.
|
|
|
|
.SS Limitations and caveats
|
|
|
|
Fanotify reports only events that a user-space program triggers through the
|
|
|
|
filesystem API.
|
2014-05-05 09:45:37 +00:00
|
|
|
As a result,
|
|
|
|
it does not catch remote events that occur on network filesystems.
|
2014-04-25 05:55:05 +00:00
|
|
|
.PP
|
|
|
|
The fanotify API does not report file accesses and modifications that
|
|
|
|
may occur because of
|
|
|
|
.BR mmap (2),
|
|
|
|
.BR msync (2),
|
|
|
|
and
|
|
|
|
.BR munmap (2).
|
|
|
|
.PP
|
|
|
|
Events for directories are created only if the directory itself is opened,
|
|
|
|
read, and closed.
|
|
|
|
Adding, removing, or changing children of a marked directory does not create
|
|
|
|
events for the monitored directory itself.
|
|
|
|
.PP
|
2014-05-05 09:45:37 +00:00
|
|
|
Fanotify monitoring of directories is not recursive:
|
|
|
|
to monitor subdirectories under a directory,
|
|
|
|
additional marks must be created.
|
2014-05-11 07:04:13 +00:00
|
|
|
(But note that the fanotify API provides no way of detecting when a
|
2014-05-05 09:45:37 +00:00
|
|
|
subdirectory has been created under a marked directory,
|
|
|
|
which makes recursive monitoring difficult.)
|
2014-04-25 05:55:05 +00:00
|
|
|
Monitoring mounts offers the capability to monitor a whole directory tree.
|
|
|
|
.PP
|
|
|
|
The event queue can overflow.
|
|
|
|
In this case, events are lost.
|
|
|
|
.SH BUGS
|
2015-04-30 10:11:53 +00:00
|
|
|
Before Linux 3.19,
|
|
|
|
.BR fallocate (2)
|
|
|
|
did not generate fanotify events.
|
|
|
|
Since Linux 3.19,
|
|
|
|
.\" commit 820c12d5d6c0890bc93dd63893924a13041fdc35
|
|
|
|
calls to
|
|
|
|
.BR fallocate (2)
|
|
|
|
generate
|
|
|
|
.B FAN_MODIFY
|
|
|
|
events.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2014-10-02 22:05:03 +00:00
|
|
|
As of Linux 3.17,
|
2014-05-21 10:47:54 +00:00
|
|
|
the following bugs exist:
|
2014-04-25 05:55:05 +00:00
|
|
|
.IP * 3
|
2014-10-28 11:58:45 +00:00
|
|
|
On Linux, a filesystem object may be accessible through multiple paths,
|
2014-11-04 00:01:03 +00:00
|
|
|
for example, a part of a filesystem may be remounted using the
|
2014-10-28 11:58:45 +00:00
|
|
|
.IR \-\-bind
|
|
|
|
option of
|
|
|
|
.BR mount (8).
|
|
|
|
A listener that marked a mount will be notified only of events that were
|
|
|
|
triggered for a filesystem object using the same mount.
|
2014-10-28 11:52:42 +00:00
|
|
|
Any other event will pass unnoticed.
|
|
|
|
.IP *
|
adjtimex.2, bind.2, cacheflush.2, clone.2, fallocate.2, fanotify_init.2, fanotify_mark.2, flock.2, futex.2, getdents.2, getpriority.2, getrlimit.2, gettid.2, gettimeofday.2, ioprio_set.2, kexec_load.2, migrate_pages.2, modify_ldt.2, mount.2, move_pages.2, mprotect.2, msgop.2, nfsservctl.2, perf_event_open.2, pread.2, ptrace.2, recvmmsg.2, rename.2, restart_syscall.2, sched_setattr.2, send.2, shmop.2, shutdown.2, sigaction.2, signalfd.2, syscalls.2, timer_create.2, timerfd_create.2, tkill.2, vmsplice.2, wait.2, aio_init.3, confstr.3, exit.3, fmemopen.3, fopen.3, getaddrinfo.3, getauxval.3, getspnam.3, isalpha.3, isatty.3, mallinfo.3, malloc.3, mallopt.3, psignal.3, pthread_attr_setinheritsched.3, qecvt.3, queue.3, rtnetlink.3, strerror.3, strftime.3, toupper.3, towlower.3, towupper.3, initrd.4, locale.5, proc.5, bootparam.7, capabilities.7, ddp.7, fanotify.7, icmp.7, inotify.7, ip.7, ipv6.7, netdevice.7, netlink.7, path_resolution.7, rtld-audit.7, rtnetlink.7, sched.7, signal.7, socket.7, svipc.7, tcp.7, unix.7, ld.so.8: srcfix: Update FIXMEs
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-08-21 21:47:44 +00:00
|
|
|
.\" FIXME . A patch was proposed.
|
2014-05-05 09:45:37 +00:00
|
|
|
When an event is generated,
|
|
|
|
no check is made to see whether the user ID of the
|
|
|
|
receiving process has authorization to read or write the file
|
|
|
|
before passing a file descriptor for that file.
|
2014-04-25 05:55:05 +00:00
|
|
|
This poses a security risk, when the
|
|
|
|
.B CAP_SYS_ADMIN
|
|
|
|
capability is set for programs executed by unprivileged users.
|
2014-05-14 18:10:16 +00:00
|
|
|
.IP *
|
|
|
|
If a call to
|
2014-05-15 03:34:34 +00:00
|
|
|
.BR read (2)
|
2014-05-15 03:39:22 +00:00
|
|
|
processes multiple events from the fanotify queue and an error occurs,
|
|
|
|
the return value will be the total length of the events successfully
|
|
|
|
copied to the user-space buffer before the error occurred.
|
|
|
|
The return value will not be \-1, and
|
2014-05-14 18:10:16 +00:00
|
|
|
.I errno
|
|
|
|
will not be set.
|
2014-05-15 03:39:22 +00:00
|
|
|
Thus, the reading application has no way to detect the error.
|
2014-04-25 05:55:05 +00:00
|
|
|
.SH EXAMPLE
|
|
|
|
The following program demonstrates the usage of the fanotify API.
|
2014-05-07 08:07:26 +00:00
|
|
|
It marks the mount point passed as a command-line argument
|
2014-04-25 07:49:19 +00:00
|
|
|
and waits for events of type
|
2014-04-25 05:55:05 +00:00
|
|
|
.B FAN_PERM_OPEN
|
|
|
|
and
|
|
|
|
.BR FAN_CLOSE_WRITE .
|
|
|
|
When a permission event occurs, a
|
|
|
|
.B FAN_ALLOW
|
|
|
|
response is given.
|
|
|
|
.PP
|
2014-04-25 07:49:19 +00:00
|
|
|
The following output was recorded while editing the file
|
2014-04-25 05:55:05 +00:00
|
|
|
.IR /home/user/temp/notes .
|
|
|
|
Before the file was opened, a
|
|
|
|
.B FAN_OPEN_PERM
|
|
|
|
event occurred.
|
|
|
|
After the file was closed, a
|
|
|
|
.B FAN_CLOSE_WRITE
|
|
|
|
event occurred.
|
|
|
|
Execution of the program ends when the user presses the ENTER key.
|
|
|
|
.SS Example output
|
|
|
|
.in +4n
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EX
|
2014-04-25 05:55:05 +00:00
|
|
|
# ./fanotify_example /home
|
|
|
|
Press enter key to terminate.
|
|
|
|
Listening for events.
|
|
|
|
FAN_OPEN_PERM: File /home/user/temp/notes
|
|
|
|
FAN_CLOSE_WRITE: File /home/user/temp/notes
|
|
|
|
|
|
|
|
Listening for events stopped.
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EE
|
2014-04-25 05:55:05 +00:00
|
|
|
.in
|
|
|
|
.SS Program source
|
getrlimit.2, signalfd.2, statfs.2, tee.2, dlopen.3, duplocale.3, ftw.3, get_nprocs.3, mbstowcs.3, posix_spawn.3, strftime.3, full.4, fanotify.7, inotify.7, ip.7, netdevice.7, rtld-audit.7, unix.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-19 19:02:23 +00:00
|
|
|
\&
|
memusage.1, clone.2, eventfd.2, futex.2, getdents.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, keyctl.2, mmap.2, mprotect.2, msgop.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, setns.2, tee.2, timer_create.2, timerfd_create.2, unshare.2, userfaultfd.2, wait.2, __ppc_get_timebase.3, backtrace.3, bswap.3, clock_getcpuclockid.3, dl_iterate_phdr.3, dlinfo.3, dlopen.3, duplocale.3, end.3, endian.3, fmemopen.3, fopencookie.3, frexp.3, ftw.3, getdate.3, getgrouplist.3, getifaddrs.3, getprotoent_r.3, getservent_r.3, gnu_get_libc_version.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, mq_getattr.3, mq_notify.3, newlocale.3, offsetof.3, posix_spawn.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, scandir.3, sem_wait.3, strcat.3, strftime.3, strtok.3, strtol.3, strverscmp.3, loop.4, core.5, aio.7, fanotify.7, feature_test_macros.7, inotify.7, pkeys.7, unix.7, user_namespaces.7: Use .EX/.EE for EXAMPLE programs
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 08:44:33 +00:00
|
|
|
.EX
|
2014-04-25 09:55:32 +00:00
|
|
|
#define _GNU_SOURCE /* Needed to get O_LARGEFILE definition */
|
2014-04-25 05:55:05 +00:00
|
|
|
#include <errno.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <limits.h>
|
|
|
|
#include <poll.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <sys/fanotify.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
/* Read all available fanotify events from the file descriptor 'fd' */
|
|
|
|
|
2014-04-25 08:07:18 +00:00
|
|
|
static void
|
2014-04-25 05:55:05 +00:00
|
|
|
handle_events(int fd)
|
|
|
|
{
|
|
|
|
const struct fanotify_event_metadata *metadata;
|
2014-05-21 20:16:16 +00:00
|
|
|
struct fanotify_event_metadata buf[200];
|
2014-04-25 05:55:05 +00:00
|
|
|
ssize_t len;
|
|
|
|
char path[PATH_MAX];
|
|
|
|
ssize_t path_len;
|
|
|
|
char procfd_path[PATH_MAX];
|
|
|
|
struct fanotify_response response;
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Loop while events can be read from fanotify file descriptor */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
for(;;) {
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Read some events */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
len = read(fd, (void *) &buf, sizeof(buf));
|
|
|
|
if (len == \-1 && errno != EAGAIN) {
|
|
|
|
perror("read");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Check if end of available data reached */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
if (len <= 0)
|
|
|
|
break;
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Point to the first event in the buffer */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
2014-05-21 20:16:16 +00:00
|
|
|
metadata = buf;
|
2014-04-25 05:55:05 +00:00
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Loop over all events in the buffer */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
while (FAN_EVENT_OK(metadata, len)) {
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Check that run\-time and compile\-time structures match */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
if (metadata\->vers != FANOTIFY_METADATA_VERSION) {
|
|
|
|
fprintf(stderr,
|
|
|
|
"Mismatch of fanotify metadata version.\\n");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
2014-04-29 13:35:54 +00:00
|
|
|
/* metadata\->fd contains either FAN_NOFD, indicating a
|
|
|
|
queue overflow, or a file descriptor (a nonnegative
|
|
|
|
integer). Here, we simply ignore queue overflow. */
|
2014-04-25 18:07:02 +00:00
|
|
|
|
2014-04-25 05:55:05 +00:00
|
|
|
if (metadata\->fd >= 0) {
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Handle open permission event */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
if (metadata\->mask & FAN_OPEN_PERM) {
|
|
|
|
printf("FAN_OPEN_PERM: ");
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Allow file to be opened */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
response.fd = metadata\->fd;
|
|
|
|
response.response = FAN_ALLOW;
|
2014-04-25 08:00:53 +00:00
|
|
|
write(fd, &response,
|
2014-05-21 20:16:16 +00:00
|
|
|
sizeof(struct fanotify_response));
|
2014-04-25 05:55:05 +00:00
|
|
|
}
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Handle closing of writable file event */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
if (metadata\->mask & FAN_CLOSE_WRITE)
|
2014-04-25 05:55:05 +00:00
|
|
|
printf("FAN_CLOSE_WRITE: ");
|
|
|
|
|
2014-04-25 08:06:21 +00:00
|
|
|
/* Retrieve and print pathname of the accessed file */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
snprintf(procfd_path, sizeof(procfd_path),
|
|
|
|
"/proc/self/fd/%d", metadata\->fd);
|
|
|
|
path_len = readlink(procfd_path, path,
|
|
|
|
sizeof(path) \- 1);
|
|
|
|
if (path_len == \-1) {
|
|
|
|
perror("readlink");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
path[path_len] = '\\0';
|
2014-04-25 08:04:16 +00:00
|
|
|
printf("File %s\\n", path);
|
2014-04-25 05:55:05 +00:00
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Close the file descriptor of the event */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
close(metadata\->fd);
|
|
|
|
}
|
|
|
|
|
2014-04-25 08:03:54 +00:00
|
|
|
/* Advance to next event */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
metadata = FAN_EVENT_NEXT(metadata, len);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
char buf;
|
|
|
|
int fd, poll_num;
|
|
|
|
nfds_t nfds;
|
|
|
|
struct pollfd fds[2];
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Check mount point is supplied */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
if (argc != 2) {
|
2014-04-25 08:00:53 +00:00
|
|
|
fprintf(stderr, "Usage: %s MOUNT\\n", argv[0]);
|
2014-04-25 05:55:05 +00:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
printf("Press enter key to terminate.\\n");
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Create the file descriptor for accessing the fanotify API */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
fd = fanotify_init(FAN_CLOEXEC | FAN_CLASS_CONTENT | FAN_NONBLOCK,
|
|
|
|
O_RDONLY | O_LARGEFILE);
|
|
|
|
if (fd == \-1) {
|
|
|
|
perror("fanotify_init");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Mark the mount for:
|
2014-04-25 05:55:05 +00:00
|
|
|
\- permission events before opening files
|
2014-04-25 08:00:53 +00:00
|
|
|
\- notification events after closing a write\-enabled
|
|
|
|
file descriptor */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
if (fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_MOUNT,
|
2014-11-03 18:06:38 +00:00
|
|
|
FAN_OPEN_PERM | FAN_CLOSE_WRITE, AT_FDCWD,
|
2014-04-25 05:55:05 +00:00
|
|
|
argv[1]) == \-1) {
|
|
|
|
perror("fanotify_mark");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Prepare for polling */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
nfds = 2;
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Console input */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
fds[0].fd = STDIN_FILENO;
|
|
|
|
fds[0].events = POLLIN;
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Fanotify input */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
fds[1].fd = fd;
|
|
|
|
fds[1].events = POLLIN;
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* This is the loop to wait for incoming events */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
printf("Listening for events.\\n");
|
2014-04-25 09:58:21 +00:00
|
|
|
|
2014-04-25 05:55:05 +00:00
|
|
|
while (1) {
|
|
|
|
poll_num = poll(fds, nfds, \-1);
|
|
|
|
if (poll_num == \-1) {
|
2014-04-25 09:57:29 +00:00
|
|
|
if (errno == EINTR) /* Interrupted by a signal */
|
|
|
|
continue; /* Restart poll() */
|
|
|
|
|
|
|
|
perror("poll"); /* Unexpected error */
|
2014-04-25 05:55:05 +00:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
2014-04-25 09:58:21 +00:00
|
|
|
|
2014-04-25 05:55:05 +00:00
|
|
|
if (poll_num > 0) {
|
|
|
|
if (fds[0].revents & POLLIN) {
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Console input is available: empty stdin and quit */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
while (read(STDIN_FILENO, &buf, 1) > 0 && buf != '\\n')
|
|
|
|
continue;
|
|
|
|
break;
|
|
|
|
}
|
2014-04-25 09:58:21 +00:00
|
|
|
|
2014-04-25 05:55:05 +00:00
|
|
|
if (fds[1].revents & POLLIN) {
|
|
|
|
|
2014-04-25 08:00:53 +00:00
|
|
|
/* Fanotify events are available */
|
2014-04-25 05:55:05 +00:00
|
|
|
|
|
|
|
handle_events(fd);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
printf("Listening for events stopped.\\n");
|
2014-04-25 08:00:53 +00:00
|
|
|
exit(EXIT_SUCCESS);
|
2014-04-25 05:55:05 +00:00
|
|
|
}
|
memusage.1, clone.2, eventfd.2, futex.2, getdents.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, keyctl.2, mmap.2, mprotect.2, msgop.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, setns.2, tee.2, timer_create.2, timerfd_create.2, unshare.2, userfaultfd.2, wait.2, __ppc_get_timebase.3, backtrace.3, bswap.3, clock_getcpuclockid.3, dl_iterate_phdr.3, dlinfo.3, dlopen.3, duplocale.3, end.3, endian.3, fmemopen.3, fopencookie.3, frexp.3, ftw.3, getdate.3, getgrouplist.3, getifaddrs.3, getprotoent_r.3, getservent_r.3, gnu_get_libc_version.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, mq_getattr.3, mq_notify.3, newlocale.3, offsetof.3, posix_spawn.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, scandir.3, sem_wait.3, strcat.3, strftime.3, strtok.3, strtol.3, strverscmp.3, loop.4, core.5, aio.7, fanotify.7, feature_test_macros.7, inotify.7, pkeys.7, unix.7, user_namespaces.7: Use .EX/.EE for EXAMPLE programs
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 08:44:33 +00:00
|
|
|
.EE
|
iconv.1, localedef.1, access.2, execveat.2, fanotify_init.2, futex.2, ioctl_fat.2, mount.2, ftw.3, sd.4, tty_ioctl.4, fanotify.7, futex.7, posixoptions.7, iconvconfig.8: srcfix: Remove useless quotes from .SS and .SH sections
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 02:03:52 +00:00
|
|
|
.SH SEE ALSO
|
2014-04-25 05:55:05 +00:00
|
|
|
.ad l
|
|
|
|
.BR fanotify_init (2),
|
|
|
|
.BR fanotify_mark (2),
|
|
|
|
.BR inotify (7)
|