a1014f1023
Send events to userspace by reading the file descriptor from fanotify_init(). One will get blocks of data which look like: struct fanotify_event_metadata { __u32 event_len; __u32 vers; __s32 fd; __u64 mask; __s64 pid; __u64 cookie; } __attribute__ ((packed)); Simple code to retrieve and deal with events is below while ((len = read(fan_fd, buf, sizeof(buf))) > 0) { struct fanotify_event_metadata *metadata; metadata = (void *)buf; while(FAN_EVENT_OK(metadata, len)) { [PROCESS HERE!!] if (metadata->fd >= 0 && close(metadata->fd) != 0) goto fail; metadata = FAN_EVENT_NEXT(metadata, len); } } Signed-off-by: Eric Paris <eparis@redhat.com>
38 lines
838 B
C
38 lines
838 B
C
#include <linux/fanotify.h>
|
|
#include <linux/fsnotify_backend.h>
|
|
#include <linux/net.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/types.h>
|
|
|
|
extern const struct fsnotify_ops fanotify_fsnotify_ops;
|
|
|
|
static inline bool fanotify_mark_flags_valid(unsigned int flags)
|
|
{
|
|
/* must be either and add or a remove */
|
|
if (!(flags & (FAN_MARK_ADD | FAN_MARK_REMOVE)))
|
|
return false;
|
|
|
|
/* cannot be both add and remove */
|
|
if ((flags & FAN_MARK_ADD) &&
|
|
(flags & FAN_MARK_REMOVE))
|
|
return false;
|
|
|
|
/* cannot have more flags than we know about */
|
|
if (flags & ~FAN_ALL_MARK_FLAGS)
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
static inline bool fanotify_mask_valid(__u32 mask)
|
|
{
|
|
if (mask & ~((__u32)FAN_ALL_INCOMING_EVENTS))
|
|
return false;
|
|
return true;
|
|
}
|
|
|
|
static inline __u32 fanotify_outgoing_mask(__u32 mask)
|
|
{
|
|
return mask & FAN_ALL_OUTGOING_EVENTS;
|
|
}
|