mknod.2: tfix

[thirdparty/man-pages.git] / man2 / fanotify_mark.2

.\" Copyright (C) 2013,  Heinrich Schuchardt <xypron.glpk@gmx.de>
.\"
.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of
.\" this manual under the conditions for verbatim copying, provided that
.\" the entire resulting derived work is distributed under the terms of
.\" a permission notice identical to this one.
.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date.  The author(s) assume.
.\" no responsibility for errors or omissions, or for damages resulting.
.\" from the use of the information contained herein.  The author(s) may.
.\" not have taken the same level of care in the production of this.
.\" manual, which is licensed free of charge, as they might when working.
.\" professionally.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
.\" %%%LICENSE_END
.TH FANOTIFY_MARK 2 2019-08-02 "Linux" "Linux Programmer's Manual"
.SH NAME
fanotify_mark \- add, remove, or modify an fanotify mark on a filesystem
object
.SH SYNOPSIS
.nf
.B #include <sys/fanotify.h>
.PP
.BI "int fanotify_mark(int " fanotify_fd ", unsigned int " flags ,
.BI "                  uint64_t " mask ", int " dirfd \
", const char *" pathname );
.fi
.SH DESCRIPTION
For an overview of the fanotify API, see
.BR fanotify (7).
.PP
.BR fanotify_mark ()
adds, removes, or modifies an fanotify mark on a filesystem object.
The caller must have read permission on the filesystem object that
is to be marked.
.PP
The
.I fanotify_fd
argument is a file descriptor returned by
.BR fanotify_init (2).
.PP
.I flags
is a bit mask describing the modification to perform.
It must include exactly one of the following values:
.TP
.B FAN_MARK_ADD
The events in
.I mask
will be added to the mark mask (or to the ignore mask).
.I mask
must be nonempty or the error
.B EINVAL
will occur.
.TP
.B FAN_MARK_REMOVE
The events in argument
.I mask
will be removed from the mark mask (or from the ignore mask).
.I mask
must be nonempty or the error
.B EINVAL
will occur.
.TP
.B FAN_MARK_FLUSH
Remove either all marks for filesystems, all marks for mounts, or all
marks for directories and files from the fanotify group.
If
.I flags
contains
.BR FAN_MARK_MOUNT ,
all marks for mounts are removed from the group.
If
.I flags
contains
.BR FAN_MARK_FILESYSTEM ,
all marks for filesystems are removed from the group.
Otherwise, all marks for directories and files are removed.
No flag other than and at most one of the flags
.B FAN_MARK_MOUNT
or
.B FAN_MARK_FILESYSTEM
can be used in conjunction with
.BR FAN_MARK_FLUSH .
.I mask
is ignored.
.PP
If none of the values above is specified, or more than one is specified,
the call fails with the error
.BR EINVAL .
.PP
In addition,
zero or more of the following values may be ORed into
.IR flags :
.TP
.B FAN_MARK_DONT_FOLLOW
If
.I pathname
is a symbolic link, mark the link itself, rather than the file to which it
refers.
(By default,
.BR fanotify_mark ()
dereferences
.I pathname
if it is a symbolic link.)
.TP
.B FAN_MARK_ONLYDIR
If the filesystem object to be marked is not a directory, the error
.B ENOTDIR
shall be raised.
.TP
.B FAN_MARK_MOUNT
Mark the mount point specified by
.IR pathname .
If
.I pathname
is not itself a mount point, the mount point containing
.I pathname
will be marked.
All directories, subdirectories, and the contained files of the mount point
will be monitored.
This value cannot be used if the
.I fanotify_fd
file descriptor has been initialized with the flag
.BR FAN_REPORT_FID
or if any of the new directory modification events are provided as a
.IR mask .
Attempting to do so will result in the error
.B EINVAL
being returned.
.TP
.BR FAN_MARK_FILESYSTEM " (since Linux 4.20)"
.\" commit d54f4fba889b205e9cd8239182ca5d27d0ac3bc2
Mark the filesystem specified by
.IR pathname .
The filesystem containing
.I pathname
will be marked.
All the contained files and directories of the filesystem from any mount
point will be monitored.
.TP
.B FAN_MARK_IGNORED_MASK
The events in
.I mask
shall be added to or removed from the ignore mask.
.TP
.B FAN_MARK_IGNORED_SURV_MODIFY
The ignore mask shall survive modify events.
If this flag is not set,
the ignore mask is cleared when a modify event occurs
for the ignored file or directory.
.PP
.I mask
defines which events shall be listened for (or which shall be ignored).
It is a bit mask composed of the following values:
.TP
.B FAN_ACCESS
Create an event when a file or directory (but see BUGS) is accessed (read).
.TP
.B FAN_MODIFY
Create an event when a file is modified (write).
.TP
.B FAN_CLOSE_WRITE
Create an event when a writable file is closed.
.TP
.B FAN_CLOSE_NOWRITE
Create an event when a read-only file or directory is closed.
.TP
.B FAN_OPEN
Create an event when a file or directory is opened.
.TP
.BR FAN_OPEN_EXEC " (since Linux 5.0)"
.\" commit 9b076f1c0f4869b838a1b7aa0edb5664d47ec8aa
Create an event when a file is opened with the intent to be executed.
See NOTES for additional details.
.TP
.BR FAN_ATTRIB " (since Linux 5.1)"
.\" commit 235328d1fa4251c6dcb32351219bb553a58838d2
Create an event when the metadata for a file or directory has changed.
.TP
.BR FAN_CREATE " (since Linux 5.1)"
.\" commit 235328d1fa4251c6dcb32351219bb553a58838d2
Create an event when a file or directory has been created in a marked
parent directory.
.TP
.BR FAN_DELETE " (since Linux 5.1)"
.\" commit 235328d1fa4251c6dcb32351219bb553a58838d2
Create an event when a file or directory has been deleted in a marked
parent directory.
.TP
.BR FAN_DELETE_SELF " (since Linux 5.1)"
.\" commit 235328d1fa4251c6dcb32351219bb553a58838d2
Create an event when a marked file or directory itself is deleted.
.TP
.BR FAN_MOVED_FROM " (since Linux 5.1)"
.\" commit 235328d1fa4251c6dcb32351219bb553a58838d2
Create an event when a file or directory has been moved from a marked
parent directory.
.TP
.BR FAN_MOVED_TO " (since Linux 5.1)"
.\" commit 235328d1fa4251c6dcb32351219bb553a58838d2
Create an event when a file or directory has been moved to a marked parent
directory.
.TP
.BR FAN_MOVE_SELF " (since Linux 5.1)"
.\" commit 235328d1fa4251c6dcb32351219bb553a58838d2
Create an event when a marked file or directory itself has been moved.
.TP
.B FAN_Q_OVERFLOW
Create an event when an overflow of the event queue occurs.
The size of the event queue is limited to 16384 entries if
.B FAN_UNLIMITED_QUEUE
is not set in
.BR fanotify_init (2).
.TP
.B FAN_OPEN_PERM
Create an event when a permission to open a file or directory is requested.
An fanotify file descriptor created with
.B FAN_CLASS_PRE_CONTENT
or
.B FAN_CLASS_CONTENT
is required.
.TP
.BR FAN_OPEN_EXEC_PERM " (since Linux 5.0)"
.\" commit 66917a3130f218dcef9eeab4fd11a71cd00cd7c9
Create an event when a permission to open a file for execution is
requested.
An fanotify file descriptor created with
.B FAN_CLASS_PRE_CONTENT
or
.B FAN_CLASS_CONTENT
is required.
See NOTES for additional details.
.TP
.B FAN_ACCESS_PERM
Create an event when a permission to read a file or directory is requested.
An fanotify file descriptor created with
.B FAN_CLASS_PRE_CONTENT
or
.B FAN_CLASS_CONTENT
is required.
.TP
.B FAN_ONDIR
Create events for directories\(emfor example, when
.BR opendir (3),
.BR readdir (3)
(but see BUGS), and
.BR closedir (3)
are called.
Without this flag, only events for files are created.
The
.BR FAN_ONDIR
flag is reported in an event mask only if the
.I fanotify_fd
file descriptor has been initialized with the flag
.BR FAN_REPORT_FID .
In the context of directory entry events, such as
.BR FAN_CREATE ,
.BR FAN_DELETE ,
.BR FAN_MOVED_FROM ,
and
.BR FAN_MOVED_TO
for example, specifying the flag
.BR FAN_ONDIR
is required in order to create events when subdirectory entries are
modified (i.e.,
.BR mkdir (2)/
.BR rmdir (2)).
Subdirectory entry modification events will never be merged with
nonsubdirectory entry modification events.
This flag is never reported individually within an event and is always
supplied in conjunction with another event type.
.TP
.B FAN_EVENT_ON_CHILD
Events for the immediate children of marked directories shall be created.
The flag has no effect when marking mounts and filesystems.
Note that events are not generated for children of the subdirectories
of marked directories.
To monitor complete directory trees it is necessary to mark the relevant
mount.
.PP
The following composed values are defined:
.TP
.B FAN_CLOSE
A file is closed
.RB ( FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE ).
.TP
.B FAN_MOVE
A file or directory has been moved
.RB ( FAN_MOVED_FROM | FAN_MOVED_TO ).
.PP
The filesystem object to be marked is determined by the file descriptor
.I dirfd
and the pathname specified in
.IR pathname :
.IP * 3
If
.I pathname
is NULL,
.I dirfd
defines the filesystem object to be marked.
.IP *
If
.I pathname
is NULL, and
.I dirfd
takes the special value
.BR AT_FDCWD ,
the current working directory is to be marked.
.IP *
If
.I pathname
is absolute, it defines the filesystem object to be marked, and
.I dirfd
is ignored.
.IP *
If
.I pathname
is relative, and
.I dirfd
does not have the value
.BR AT_FDCWD ,
then the filesystem object to be marked is determined by interpreting
.I pathname
relative the directory referred to by
.IR dirfd .
.IP *
If
.I pathname
is relative, and
.I dirfd
has the value
.BR AT_FDCWD ,
then the filesystem object to be marked is determined by interpreting
.I pathname
relative the current working directory.
.SH RETURN VALUE
On success,
.BR fanotify_mark ()
returns 0.
On error, \-1 is returned, and
.I errno
is set to indicate the error.
.SH ERRORS
.TP
.B EBADF
An invalid file descriptor was passed in
.IR fanotify_fd .
.TP
.B EINVAL
An invalid value was passed in
.IR flags
or
.IR mask ,
or
.I fanotify_fd
was not an fanotify file descriptor.
.TP
.B EINVAL
The fanotify file descriptor was opened with
.B FAN_CLASS_NOTIF
or
.B FAN_REPORT_FID
and mask contains a flag for permission events
.RB ( FAN_OPEN_PERM
or
.BR FAN_ACCESS_PERM ).
.TP
.B ENODEV
The filesystem object indicated by
.I pathname
is not associated with a filesystem that supports
.I fsid
(e.g.,
.BR tmpfs (5)).
This error can be returned only when an fanotify file descriptor returned
by
.BR fanotify_init (2)
has been created with
.BR FAN_REPORT_FID .
.TP
.B ENOENT
The filesystem object indicated by
.IR dirfd
and
.IR pathname
does not exist.
This error also occurs when trying to remove a mark from an object
which is not marked.
.TP
.B ENOMEM
The necessary memory could not be allocated.
.TP
.B ENOSPC
The number of marks exceeds the limit of 8192 and the
.B FAN_UNLIMITED_MARKS
flag was not specified when the fanotify file descriptor was created with
.BR fanotify_init (2).
.TP
.B ENOSYS
This kernel does not implement
.BR fanotify_mark ().
The fanotify API is available only if the kernel was configured with
.BR CONFIG_FANOTIFY .
.TP
.B ENOTDIR
.I flags
contains
.BR FAN_MARK_ONLYDIR ,
and
.I dirfd
and
.I pathname
do not specify a directory.
.TP
.B EOPNOTSUPP
The object indicated by
.I pathname
is associated with a filesystem that does not support the encoding of file
handles.
This error can be returned only when an fanotify file descriptor returned
by
.BR fanotify_init (2)
has been created with
.BR FAN_REPORT_FID .
.TP
.B EXDEV
The filesystem object indicated by
.I pathname
resides within a filesystem subvolume (e.g.,
.BR btrfs (5))
which uses a different
.I fsid
than its root superblock.
This error can be returned only when an fanotify file descriptor returned
by
.BR fanotify_init (2)
has been created with
.BR FAN_REPORT_FID .
.SH VERSIONS
.BR fanotify_mark ()
was introduced in version 2.6.36 of the Linux kernel and enabled in version
2.6.37.
.SH CONFORMING TO
This system call is Linux-specific.
.SH NOTES
.SS FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM
When using either
.B FAN_OPEN_EXEC
or
.B FAN_OPEN_EXEC_PERM
within the
.IR mask ,
events of these types will be returned only when the direct execution of a
program occurs.
More specifically, this means that events of these types will be generated
for files that are opened using
.BR execve (2),
.BR execveat (2),
or
.BR uselib (2).
Events of these types will not be raised in the situation where an
interpreter is passed (or reads) a file for interpretation.
.PP
Additionally, if a mark has also been placed on the Linux dynamic
linker, a user should also expect to receive an event for it when
an ELF object has been successfully opened using
.BR execve (2)
or
.BR execveat (2).
.PP
For example, if the following ELF binary were to be invoked and a
.BR FAN_OPEN_EXEC
mark has been placed on /:
.PP
.in +4n
.EX
$ /bin/echo foo
.EE
.in
.PP
The listening application in this case would receive
.BR FAN_OPEN_EXEC
events for both the ELF binary and interpreter, respectively:
.PP
.in +4n
.EX
/bin/echo
/lib64/ld-linux-x86-64.so.2
.EE
.in
.SH BUGS
The following bugs were present in Linux kernels before version 3.16:
.IP * 3
.\" Fixed by commit 0a8dd2db579f7a0ac7033d6b857c3d5dbaa77563
If
.I flags
contains
.BR FAN_MARK_FLUSH ,
.I dirfd
and
.I pathname
must specify a valid filesystem object, even though this object is not used.
.IP *
.\" Fixed by commit d4c7cf6cffb1bc711a833b5e304ba5bcfe76398b
.BR readdir (2)
does not generate a
.B FAN_ACCESS
event.
.IP *
.\" Fixed by commit cc299a98eb13a9853675a9cbb90b30b4011e1406
If
.BR fanotify_mark ()
is called with
.BR FAN_MARK_FLUSH ,
.I flags
is not checked for invalid values.
.SH SEE ALSO
.BR fanotify_init (2),
.BR fanotify (7)