3

I'm using code like following to monitor the whole file system:

fanotify_mark(fd,
          FAN_MARK_ADD | FAN_MARK_MOUNT,
          FAN_OPEN | FAN_EVENT_ON_CHILD,
          AT_FDCWD, "/"
)

But I need write some tests, so, I want monitor just a specific dir, let say "/tmp/test_dir". The problem is when I change code this way:

fanotify_mark(fd,
          FAN_MARK_ADD,
          FAN_OPEN | FAN_EVENT_ON_CHILD,
          AT_FDCWD, "/tmp/test_dir"
)

fanotify only watchs to events on "/tmp/test_dir" ignoring whatever happen in deeper folders.

For instance: If I open "/tmp/test_dir/aa/bb/cc/test_file.txt" fanotify detects nothing.

I'm missing some flag?

Raydel Miranda
  • 13,825
  • 3
  • 38
  • 60

2 Answers2

5

Problem solved.

fanotify isn't recursive. It only works that way when working on mounted directories. I did the following test:

mkdir /tmp/parent
mkdir -p /tmp/other/aa/bb/cc/dd
touch /tmp/other/aa/bb/cc/dd/test.txt
mount --bind /tmp/other /tmp/parent

then in code:

fanotify_mark(fd,
      FAN_MARK_ADD | FAN_MARK_MOUNT,
      FAN_OPEN | FAN_EVENT_ON_CHILD,
      AT_FDCWD, "/tmp/parent"
)

and it's done. Now fanotify fire up events for test.txt file.

Raydel Miranda
  • 13,825
  • 3
  • 38
  • 60
  • When adding a mark with `FAN_MARK_MOUNT` and the path is a directory not a mount point fanotify will determine the mount poin for you. In this scenario fanotify will perform recursive monitoring on the `/tmp` mount point. Also, `FAN_EVENT_ON_CHILD` should not be specified when working with `FAN_MARK_MOUNT`, only directories. – rvk Sep 30 '16 at 02:20
1

With fanotify, either monitor entire mount point of specified path (using FAN_MARK_MOUNT), or monitor files in a directory (not its sub-directory, without specifying FAN_MARK_MOUNT). You can set separate monitors for sub-directories to achieve this. see https://stackoverflow.com/a/20965660/2706918

Community
  • 1
  • 1
Nitinkumar Ambekar
  • 969
  • 20
  • 39