Re: [RFC] 0/11 fanotify: fscking all notifiction and file accesssystem (intended for antivirus scanning and file indexers)

[david]

On Fri, 26 Sep 2008, Eric Paris wrote:

> fanotify has 7 event types and only sends events for S_ISREG() files.
> The event types are OPEN, READ, WRITE, CLOSE_WRITE, CLOSE_NOWRITE,
> OPEN_ACCESS, and READ_ACCESS.  Events OPEN_ACCESS and READ_ACCESS
> require that the listener return some sort of allow/deny/more_time
> response as the original process blocks until it gets an event (or times
> out.)  listeners may register a group which will get notifications about
> any combination of these events.  Antivirus scanners will likely want
> OPEN_ACCESS and READ_ACCESS while file indexers would likely use the
> non-ACCESS form of these events.

sending a message out for every READ/WRITE seems like it will generate a 
LOT of messages, and very few will be ones that anyone cares about.

one of the nice things about the TALPA approach was that there was an 
ability to notify only on a change of state (i.e. when a file that had 
been scanned was changed)

this could do a similar thing, but I think it would be a much more 
expensive process to do it all in userspace.

David Lang

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/