]>
Commit | Line | Data |
---|---|---|
e9f14fa0 | 1 | \" Copyright (C) 2013, Heinrich Schuchardt <xypron.glpk@gmx.de> |
3e6ebb33 | 2 | .\" |
5fbde956 | 3 | .\" SPDX-License-Identifier: Linux-man-pages-copyleft |
45186a5d | 4 | .TH FANOTIFY_INIT 2 2021-03-22 "Linux man-pages (unreleased)" |
3e6ebb33 HS |
5 | .SH NAME |
6 | fanotify_init \- create and initialize fanotify group | |
65a43077 AC |
7 | .SH LIBRARY |
8 | Standard C library | |
8fc3b2cf | 9 | .RI ( libc ", " \-lc ) |
3e6ebb33 | 10 | .SH SYNOPSIS |
c7db92b9 | 11 | .nf |
d2ac3dcf | 12 | .BR "#include <fcntl.h>" " /* Definition of " O_* " constants */" |
3e6ebb33 | 13 | .B #include <sys/fanotify.h> |
080522cb | 14 | .PP |
3e6ebb33 | 15 | .BI "int fanotify_init(unsigned int " flags ", unsigned int " event_f_flags ); |
c7db92b9 | 16 | .fi |
3e6ebb33 HS |
17 | .SH DESCRIPTION |
18 | For an overview of the fanotify API, see | |
19 | .BR fanotify (7). | |
20 | .PP | |
21 | .BR fanotify_init () | |
22 | initializes a new fanotify group and returns a file descriptor for the event | |
23 | queue associated with the group. | |
24 | .PP | |
25 | The file descriptor is used in calls to | |
26 | .BR fanotify_mark (2) | |
3ded684c | 27 | to specify the files, directories, mounts, or filesystems for which fanotify |
0a4db6dc | 28 | events shall be created. |
3e6ebb33 HS |
29 | These events are received by reading from the file descriptor. |
30 | Some events are only informative, indicating that a file has been accessed. | |
72b14a93 MK |
31 | Other events can be used to determine whether |
32 | another application is permitted to access a file or directory. | |
3e6ebb33 HS |
33 | Permission to access filesystem objects is granted by writing to the file |
34 | descriptor. | |
35 | .PP | |
36 | Multiple programs may be using the fanotify interface at the same time to | |
37 | monitor the same files. | |
38 | .PP | |
39bab785 AG |
39 | The number of fanotify groups per user is limited. |
40 | See | |
41 | .BR fanotify (7) | |
42 | for details about this limit. | |
3e6ebb33 | 43 | .PP |
3e6ebb33 HS |
44 | The |
45 | .I flags | |
46 | argument contains a multi-bit field defining the notification class of the | |
1b24e2ee MK |
47 | listening application and further single bit fields specifying the behavior |
48 | of the file descriptor. | |
3e6ebb33 | 49 | .PP |
1b24e2ee MK |
50 | If multiple listeners for permission events exist, |
51 | the notification class is used to establish the sequence | |
52 | in which the listeners receive the events. | |
3e6ebb33 | 53 | .PP |
d58f4190 MK |
54 | Only one of the following notification classes may be specified in |
55 | .IR flags : | |
3e6ebb33 HS |
56 | .TP |
57 | .B FAN_CLASS_PRE_CONTENT | |
58 | This value allows the receipt of events notifying that a file has been | |
59 | accessed and events for permission decisions if a file may be accessed. | |
60 | It is intended for event listeners that need to access files before they | |
61 | contain their final data. | |
1b24e2ee MK |
62 | This notification class might be used by hierarchical storage managers, |
63 | for example. | |
69e6b644 MB |
64 | Use of this flag requires the |
65 | .B CAP_SYS_ADMIN | |
66 | capability. | |
3e6ebb33 HS |
67 | .TP |
68 | .B FAN_CLASS_CONTENT | |
69 | This value allows the receipt of events notifying that a file has been | |
70 | accessed and events for permission decisions if a file may be accessed. | |
1b24e2ee MK |
71 | It is intended for event listeners that need to access files when they |
72 | already contain their final content. | |
3e6ebb33 HS |
73 | This notification class might be used by malware detection programs, for |
74 | example. | |
69e6b644 MB |
75 | Use of this flag requires the |
76 | .B CAP_SYS_ADMIN | |
77 | capability. | |
3e6ebb33 HS |
78 | .TP |
79 | .B FAN_CLASS_NOTIF | |
80 | This is the default value. | |
81 | It does not need to be specified. | |
82 | This value only allows the receipt of events notifying that a file has been | |
83 | accessed. | |
84 | Permission decisions before the file is accessed are not possible. | |
85 | .PP | |
86 | Listeners with different notification classes will receive events in the | |
cd505a8a | 87 | order |
3e6ebb33 HS |
88 | .BR FAN_CLASS_PRE_CONTENT , |
89 | .BR FAN_CLASS_CONTENT , | |
90 | .BR FAN_CLASS_NOTIF . | |
8d605e55 MK |
91 | The order of notification for listeners in the same notification class |
92 | is undefined. | |
3e6ebb33 | 93 | .PP |
8d605e55 | 94 | The following bits can additionally be set in |
3e6ebb33 HS |
95 | .IR flags : |
96 | .TP | |
97 | .B FAN_CLOEXEC | |
8d605e55 | 98 | Set the close-on-exec flag |
3e6ebb33 HS |
99 | .RB ( FD_CLOEXEC ) |
100 | on the new file descriptor. | |
101 | See the description of the | |
102 | .B O_CLOEXEC | |
103 | flag in | |
104 | .BR open (2). | |
105 | .TP | |
106 | .B FAN_NONBLOCK | |
8d605e55 | 107 | Enable the nonblocking flag |
3e6ebb33 HS |
108 | .RB ( O_NONBLOCK ) |
109 | for the file descriptor. | |
110 | Reading from the file descriptor will not block. | |
f199b308 | 111 | Instead, if no data is available, |
3e6ebb33 | 112 | .BR read (2) |
a23d8efa | 113 | fails with the error |
f199b308 | 114 | .BR EAGAIN . |
3e6ebb33 HS |
115 | .TP |
116 | .B FAN_UNLIMITED_QUEUE | |
39bab785 AG |
117 | Remove the limit on the number of events in the event queue. |
118 | See | |
119 | .BR fanotify (7) | |
120 | for details about this limit. | |
8d605e55 | 121 | Use of this flag requires the |
3e6ebb33 HS |
122 | .B CAP_SYS_ADMIN |
123 | capability. | |
124 | .TP | |
125 | .B FAN_UNLIMITED_MARKS | |
39bab785 AG |
126 | Remove the limit on the number of fanotify marks per user. |
127 | See | |
128 | .BR fanotify (7) | |
129 | for details about this limit. | |
8d605e55 | 130 | Use of this flag requires the |
3e6ebb33 HS |
131 | .B CAP_SYS_ADMIN |
132 | capability. | |
ebfb6fee | 133 | .TP |
134 | .BR FAN_REPORT_TID " (since Linux 4.20)" | |
135 | .\" commit d0a6a87e40da49cfc7954c491d3065a25a641b29 | |
ce61c76f MK |
136 | Report thread ID (TID) instead of process ID (PID) |
137 | in the | |
138 | .I pid | |
139 | field of the | |
140 | .I "struct fanotify_event_metadata" | |
141 | supplied to | |
142 | .BR read (2) | |
143 | (see | |
144 | .BR fanotify (7)). | |
69e6b644 MB |
145 | Use of this flag requires the |
146 | .B CAP_SYS_ADMIN | |
147 | capability. | |
e5a800c1 | 148 | .TP |
f040d286 JK |
149 | .BR FAN_ENABLE_AUDIT " (since Linux 4.15)" |
150 | .\" commit de8cd83e91bc3ee212b3e6ec6e4283af9e4ab269 | |
151 | Enable generation of audit log records about access mediation performed by | |
d187835f MK |
152 | permission events. |
153 | The permission event response has to be marked with the | |
f040d286 | 154 | .B FAN_AUDIT |
d187835f | 155 | flag for an audit log record to be generated. |
69e6b644 MB |
156 | Use of this flag requires the |
157 | .B CAP_AUDIT_WRITE | |
158 | capability. | |
f040d286 | 159 | .TP |
e5a800c1 AG |
160 | .BR FAN_REPORT_FID " (since Linux 5.1)" |
161 | .\" commit a8b13aa20afb69161b5123b4f1acc7ea0a03d360 | |
162 | This value allows the receipt of events which contain additional information | |
163 | about the underlying filesystem object correlated to an event. | |
b216da61 | 164 | An additional record of type |
1ae6b2c7 | 165 | .B FAN_EVENT_INFO_TYPE_FID |
b216da61 AG |
166 | encapsulates the information about the object and is included alongside the |
167 | generic event metadata structure. | |
e5a800c1 AG |
168 | The file descriptor that is used to represent the object correlated to an |
169 | event is instead substituted with a file handle. | |
170 | It is intended for applications that may find the use of a file handle to | |
171 | identify an object more suitable than a file descriptor. | |
b216da61 AG |
172 | Additionally, it may be used for applications monitoring a directory or a |
173 | filesystem that are interested in the directory entry modification events | |
e5a800c1 | 174 | .BR FAN_CREATE , |
b216da61 | 175 | .BR FAN_DELETE , |
e5a800c1 | 176 | .BR FAN_MOVE , |
c099f165 AG |
177 | and |
178 | .BR FAN_RENAME , | |
b216da61 AG |
179 | or in events such as |
180 | .BR FAN_ATTRIB , | |
181 | .BR FAN_DELETE_SELF , | |
e5a800c1 | 182 | and |
b216da61 AG |
183 | .BR FAN_MOVE_SELF . |
184 | All the events above require an fanotify group that identifies filesystem | |
185 | objects by file handles. | |
f5e3b67e AG |
186 | Note that without the flag |
187 | .BR FAN_REPORT_TARGET_FID , | |
188 | for the directory entry modification events, | |
7156d0dc | 189 | there is an information record that identifies the modified directory |
f5e3b67e | 190 | and not the created/deleted/moved child object. |
e5a800c1 | 191 | The use of |
1ae6b2c7 | 192 | .B FAN_CLASS_CONTENT |
e5a800c1 | 193 | or |
1ae6b2c7 | 194 | .B FAN_CLASS_PRE_CONTENT |
e5a800c1 AG |
195 | is not permitted with this flag and will result in the error |
196 | .BR EINVAL . | |
197 | See | |
198 | .BR fanotify (7) | |
e9f14fa0 AG |
199 | for additional details. |
200 | .TP | |
201 | .BR FAN_REPORT_DIR_FID " (since Linux 5.9)" | |
1bfa8d6e | 202 | .\" commit 83b7a59896dd24015a34b7f00027f0ff3747972f |
e9f14fa0 AG |
203 | Events for fanotify groups initialized with this flag will contain |
204 | (see exceptions below) additional information about a directory object | |
205 | correlated to an event. | |
206 | An additional record of type | |
1ae6b2c7 | 207 | .B FAN_EVENT_INFO_TYPE_DFID |
e9f14fa0 AG |
208 | encapsulates the information about the directory object and is included |
209 | alongside the generic event metadata structure. | |
210 | For events that occur on a non-directory object, the additional structure | |
211 | includes a file handle that identifies the parent directory filesystem object. | |
212 | Note that there is no guarantee that the directory filesystem object will be | |
213 | found at the location described by the file handle information at the time | |
214 | the event is received. | |
215 | When combined with the flag | |
216 | .BR FAN_REPORT_FID , | |
217 | two records may be reported with events that occur on a non-directory object, | |
218 | one to identify the non-directory object itself and one to identify the parent | |
219 | directory object. | |
220 | Note that in some cases, a filesystem object does not have a parent, | |
221 | for example, when an event occurs on an unlinked but open file. | |
222 | In that case, with the | |
1ae6b2c7 | 223 | .B FAN_REPORT_FID |
e9f14fa0 AG |
224 | flag, the event will be reported with only one record to identify the |
225 | non-directory object itself, because there is no directory associated with | |
1a1e4638 MK |
226 | the event. |
227 | Without the | |
1ae6b2c7 | 228 | .B FAN_REPORT_FID |
e9f14fa0 AG |
229 | flag, no event will be reported. |
230 | See | |
231 | .BR fanotify (7) | |
232 | for additional details. | |
ea4f5778 AG |
233 | .TP |
234 | .BR FAN_REPORT_NAME " (since Linux 5.9)" | |
1bfa8d6e | 235 | .\" commit 929943b38daf817f2e6d303ea04401651fc3bc05 |
ea4f5778 AG |
236 | Events for fanotify groups initialized with this flag will contain additional |
237 | information about the name of the directory entry correlated to an event. | |
238 | This flag must be provided in conjunction with the flag | |
239 | .BR FAN_REPORT_DIR_FID . | |
240 | Providing this flag value without | |
1ae6b2c7 | 241 | .B FAN_REPORT_DIR_FID |
ea4f5778 AG |
242 | will result in the error |
243 | .BR EINVAL . | |
244 | This flag may be combined with the flag | |
245 | .BR FAN_REPORT_FID . | |
246 | An additional record of type | |
247 | .BR FAN_EVENT_INFO_TYPE_DFID_NAME , | |
0bda7ded | 248 | which encapsulates the information about the directory entry, is included |
ea4f5778 AG |
249 | alongside the generic event metadata structure and substitutes the additional |
250 | information record of type | |
251 | .BR FAN_EVENT_INFO_TYPE_DFID . | |
252 | The additional record includes a file handle that identifies a directory | |
253 | filesystem object followed by a name that identifies an entry in that | |
254 | directory. | |
255 | For the directory entry modification events | |
256 | .BR FAN_CREATE , | |
257 | .BR FAN_DELETE , | |
258 | and | |
259 | .BR FAN_MOVE , | |
260 | the reported name is that of the created/deleted/moved directory entry. | |
c099f165 AG |
261 | The event |
262 | .B FAN_RENAME | |
263 | may contain two information records. | |
264 | One of type | |
265 | .B FAN_EVENT_INFO_TYPE_OLD_DFID_NAME | |
266 | identifying the old directory entry, | |
267 | and another of type | |
268 | .B FAN_EVENT_INFO_TYPE_NEW_DFID_NAME | |
269 | identifying the new directory entry. | |
ea4f5778 AG |
270 | For other events that occur on a directory object, the reported file handle |
271 | is that of the directory object itself and the reported name is '.'. | |
272 | For other events that occur on a non-directory object, the reported file handle | |
273 | is that of the parent directory object and the reported name is the name of a | |
274 | directory entry where the object was located at the time of the event. | |
275 | The rationale behind this logic is that the reported directory file handle can | |
276 | be passed to | |
277 | .BR open_by_handle_at (2) | |
278 | to get an open directory file descriptor and that file descriptor along with | |
279 | the reported name can be used to call | |
280 | .BR fstatat (2). | |
281 | The same rule that applies to record type | |
1ae6b2c7 | 282 | .B FAN_EVENT_INFO_TYPE_DFID |
ea4f5778 | 283 | also applies to record type |
0bda7ded | 284 | .BR FAN_EVENT_INFO_TYPE_DFID_NAME : |
ea4f5778 AG |
285 | if a non-directory object has no parent, either the event will not be reported |
286 | or it will be reported without the directory entry information. | |
287 | Note that there is no guarantee that the filesystem object will be found at the | |
288 | location described by the directory entry information at the time the event is | |
289 | received. | |
290 | See | |
291 | .BR fanotify (7) | |
292 | for additional details. | |
293 | .TP | |
294 | .B FAN_REPORT_DFID_NAME | |
295 | This is a synonym for | |
296 | .RB ( FAN_REPORT_DIR_FID | FAN_REPORT_NAME ). | |
f5e3b67e AG |
297 | .TP |
298 | .BR FAN_REPORT_TARGET_FID " (since Linux 5.17)" | |
299 | .\" commit d61fd650e9d206a71fda789f02a1ced4b19944c4 | |
300 | Events for fanotify groups initialized with this flag | |
301 | will contain additional information about the child | |
302 | correlated with directory entry modification events. | |
303 | This flag must be provided in conjunction with the flags | |
304 | .BR FAN_REPORT_FID , | |
305 | .B FAN_REPORT_DIR_FID | |
306 | and | |
307 | .BR FAN_REPORT_NAME . | |
308 | or else the error | |
309 | .B EINVAL | |
310 | will be returned. | |
311 | For the directory entry modification events | |
312 | .BR FAN_CREATE , | |
313 | .BR FAN_DELETE , | |
f5e3b67e | 314 | .BR FAN_MOVE , |
c099f165 AG |
315 | and |
316 | .BR FAN_RENAME , | |
f5e3b67e AG |
317 | an additional record of type |
318 | .BR FAN_EVENT_INFO_TYPE_FID , | |
c099f165 AG |
319 | is reported in addition to the information records of type |
320 | .BR FAN_EVENT_INFO_TYPE_DFID , | |
321 | .BR FAN_EVENT_INFO_TYPE_DFID_NAME , | |
322 | .BR FAN_EVENT_INFO_TYPE_OLD_DFID_NAME , | |
323 | and | |
324 | .BR FAN_EVENT_INFO_TYPE_NEW_DFID_NAME . | |
f5e3b67e AG |
325 | The additional record includes a file handle |
326 | that identifies the filesystem child object | |
327 | that the directory entry is referring to. | |
328 | .TP | |
329 | .B FAN_REPORT_DFID_NAME_TARGET | |
330 | This is a synonym for | |
331 | .RB ( FAN_REPORT_DFID_NAME | FAN_REPORT_FID | FAN_REPORT_TARGET_FID ). | |
dde197dc MB |
332 | .TP |
333 | .BR FAN_REPORT_PIDFD " (since Linux 5.15)" | |
334 | .\" commit af579beb666aefb17e9a335c12c788c92932baf1 | |
335 | Events for fanotify groups initialized with this flag will contain | |
336 | an additional information record alongside the generic | |
337 | .I fanotify_event_metadata | |
338 | structure. | |
339 | This information record will be of type | |
340 | .B FAN_EVENT_INFO_TYPE_PIDFD | |
341 | and will contain a pidfd for the process that | |
342 | was responsible for generating an event. | |
343 | A pidfd returned in this information record object is | |
344 | no different to the pidfd that is returned when calling | |
345 | .BR pidfd_open (2). | |
346 | Usage of this information record are for applications that | |
347 | may be interested in reliably determining whether | |
348 | the process responsible for generating an event | |
349 | has been recycled or terminated. | |
350 | The use of the | |
351 | .B FAN_REPORT_TID | |
352 | flag along with | |
353 | .B FAN_REPORT_PIDFD | |
354 | is currently not supported and | |
355 | attempting to do so will result in the error | |
356 | .B EINVAL | |
357 | being returned. | |
358 | This limitation is currently imposed by the pidfd API | |
359 | as it currently only supports | |
360 | the creation of pidfds for thread-group leaders. | |
361 | Creating pidfds for non-thread-group leaders | |
362 | may be supported at some point in the future, | |
363 | so this restriction may eventually be lifted. | |
364 | For more details on information records, | |
365 | see | |
366 | .BR fanotify (7). | |
367 | .PP | |
8d605e55 | 368 | The |
3e6ebb33 | 369 | .I event_f_flags |
8d605e55 MK |
370 | argument |
371 | defines the file status flags that will be set on the open file descriptions | |
372 | that are created for fanotify events. | |
373 | For details of these flags, see the description of the | |
3e6ebb33 | 374 | .I flags |
8d605e55 MK |
375 | values in |
376 | .BR open (2). | |
1caffed4 | 377 | .I event_f_flags |
be5c465e | 378 | includes a multi-bit field for the access mode. |
1caffed4 | 379 | This field can take the following values: |
3e6ebb33 HS |
380 | .TP |
381 | .B O_RDONLY | |
382 | This value allows only read access. | |
383 | .TP | |
384 | .B O_WRONLY | |
385 | This value allows only write access. | |
386 | .TP | |
387 | .B O_RDWR | |
388 | This value allows read and write access. | |
1caffed4 HS |
389 | .PP |
390 | Additional bits can be set in | |
391 | .IR event_f_flags . | |
392 | The most useful values are: | |
3e6ebb33 HS |
393 | .TP |
394 | .B O_LARGEFILE | |
c4b7e5ac | 395 | Enable support for files exceeding 2\ GB. |
3e6ebb33 HS |
396 | Failing to set this flag will result in an |
397 | .B EOVERFLOW | |
1b24e2ee MK |
398 | error when trying to open a large file which is monitored by |
399 | an fanotify group on a 32-bit system. | |
1caffed4 | 400 | .TP |
d38a09fc MK |
401 | .BR O_CLOEXEC " (since Linux 3.18)" |
402 | .\" commit 0b37e097a648aa71d4db1ad108001e95b69a2da4 | |
1caffed4 | 403 | Enable the close-on-exec flag for the file descriptor. |
be5c465e MK |
404 | See the description of the |
405 | .B O_CLOEXEC | |
406 | flag in | |
407 | .BR open (2) | |
408 | for reasons why this may be useful. | |
1caffed4 HS |
409 | .PP |
410 | The following are also allowable: | |
411 | .BR O_APPEND , | |
412 | .BR O_DSYNC , | |
413 | .BR O_NOATIME , | |
414 | .BR O_NONBLOCK , | |
415 | and | |
416 | .BR O_SYNC . | |
be5c465e MK |
417 | Specifying any other flag in |
418 | .I event_f_flags | |
419 | yields the error | |
1caffed4 HS |
420 | .B EINVAL |
421 | (but see BUGS). | |
3e6ebb33 HS |
422 | .SH RETURN VALUE |
423 | On success, | |
424 | .BR fanotify_init () | |
425 | returns a new file descriptor. | |
ddfa9db7 | 426 | On error, \-1 is returned, and |
3e6ebb33 HS |
427 | .I errno |
428 | is set to indicate the error. | |
429 | .SH ERRORS | |
430 | .TP | |
431 | .B EINVAL | |
432 | An invalid value was passed in | |
1caffed4 HS |
433 | .I flags |
434 | or | |
435 | .IR event_f_flags . | |
3e6ebb33 | 436 | .B FAN_ALL_INIT_FLAGS |
0a4db6dc MB |
437 | (deprecated since Linux kernel version 4.20) |
438 | .\" commit 23c9deeb3285d34fd243abb3d6b9f07db60c3cf4 | |
1caffed4 HS |
439 | defines all allowable bits for |
440 | .IR flags . | |
3e6ebb33 HS |
441 | .TP |
442 | .B EMFILE | |
39bab785 AG |
443 | The number of fanotify groups for this user exceeds the limit. |
444 | See | |
445 | .BR fanotify (7) | |
446 | for details about this limit. | |
3e6ebb33 | 447 | .TP |
356a2957 | 448 | .B EMFILE |
71d597e9 MK |
449 | The per-process limit on the number of open file descriptors has been reached. |
450 | .TP | |
3e6ebb33 HS |
451 | .B ENOMEM |
452 | The allocation of memory for the notification group failed. | |
453 | .TP | |
a8972eed HS |
454 | .B ENOSYS |
455 | This kernel does not implement | |
456 | .BR fanotify_init (). | |
8d605e55 MK |
457 | The fanotify API is available only if the kernel was configured with |
458 | .BR CONFIG_FANOTIFY . | |
a8972eed | 459 | .TP |
3e6ebb33 | 460 | .B EPERM |
69e6b644 | 461 | The operation is not permitted because the caller lacks a required capability. |
3e6ebb33 HS |
462 | .SH VERSIONS |
463 | .BR fanotify_init () | |
464 | was introduced in version 2.6.36 of the Linux kernel and enabled in version | |
465 | 2.6.37. | |
69e6b644 MB |
466 | .PP |
467 | Prior to Linux 5.13, | |
468 | .\" commit 7cea2a3c505e87a9d6afc78be4a7f7be636a73a7 | |
469 | calling | |
470 | .BR fanotify_init () | |
471 | required the | |
472 | .B CAP_SYS_ADMIN | |
473 | capability. | |
474 | Since Linux 5.13, | |
475 | .\" commit 7cea2a3c505e87a9d6afc78be4a7f7be636a73a7 | |
476 | users may call | |
477 | .BR fanotify_init () | |
478 | without the | |
479 | .B CAP_SYS_ADMIN | |
fe10fc1d AC |
480 | capability to create and initialize |
481 | an fanotify group with limited functionality. | |
69e6b644 MB |
482 | .TP |
483 | The limitations imposed on an event listener created by a user without the | |
484 | .B CAP_SYS_ADMIN | |
485 | capability are as follows: | |
486 | .RS | |
487 | .IP * 3 | |
488 | The user cannot request for an unlimited event queue by using | |
489 | .BR FAN_UNLIMITED_QUEUE . | |
490 | .IP * 3 | |
491 | The user cannot request for an unlimited number of marks by using | |
492 | .BR FAN_UNLIMITED_MARKS . | |
493 | .IP * 3 | |
494 | The user cannot request to use either notification classes | |
9594c505 | 495 | .B FAN_CLASS_CONTENT |
69e6b644 MB |
496 | or |
497 | .BR FAN_CLASS_PRE_CONTENT . | |
498 | This means that user cannot request permission events. | |
499 | .IP * 3 | |
500 | The user is required to create a group that identifies filesystem objects by | |
501 | file handles, for example, by providing the | |
9594c505 | 502 | .B FAN_REPORT_FID |
69e6b644 MB |
503 | flag. |
504 | .IP * 3 | |
505 | The user is limited to only mark inodes. | |
506 | The ability to mark a mount or filesystem via | |
9594c505 | 507 | .BR fanotify_mark () |
69e6b644 | 508 | through the use of |
9594c505 | 509 | .B FAN_MARK_MOUNT |
69e6b644 | 510 | or |
9594c505 | 511 | .B FAN_MARK_FILESYSTEM |
69e6b644 MB |
512 | is not permitted. |
513 | .IP * 3 | |
514 | The event object in the event queue is limited in terms of the information | |
515 | that is made available to the unprivileged user. | |
516 | A user will also not receive the pid that generated the event, unless the | |
517 | listening process itself generated the event. | |
518 | .RE | |
3113c7f3 | 519 | .SH STANDARDS |
3e6ebb33 | 520 | This system call is Linux-specific. |
6448be7e | 521 | .SH BUGS |
692b4bcc | 522 | The following bug was present in Linux kernels before version 3.18: |
0d69c093 | 523 | .IP * 3 |
692b4bcc | 524 | .\" Fixed by commit 0b37e097a648aa71d4db1ad108001e95b69a2da4 |
51d266b7 | 525 | The |
0d69c093 | 526 | .B O_CLOEXEC |
51d266b7 MK |
527 | is ignored when passed in |
528 | .IR event_f_flags . | |
0d69c093 | 529 | .PP |
f479e19c | 530 | The following bug was present in Linux kernels before version 3.14: |
6448be7e | 531 | .IP * 3 |
f479e19c | 532 | .\" Fixed by commit 48149e9d3a7e924010a0daab30a6197b7d7b6580 |
20abed53 | 533 | The |
6448be7e | 534 | .I event_f_flags |
491bc783 | 535 | argument is not checked for invalid flags. |
20abed53 MK |
536 | Flags that are intended only for internal use, |
537 | such as | |
6448be7e | 538 | .BR FMODE_EXEC , |
20abed53 MK |
539 | can be set, and will consequently be set for the file descriptors |
540 | returned when reading from the fanotify file descriptor. | |
d282bb24 | 541 | .SH SEE ALSO |
3e6ebb33 HS |
542 | .BR fanotify_mark (2), |
543 | .BR fanotify (7) |