[thirdparty/man-pages.git] / man2 / fanotify_mark.2

.\" Copyright (C) 2013,  Heinrich Schuchardt <xypron.glpk@gmx.de>
.\"
.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of
.\" this manual under the conditions for verbatim copying, provided that
.\" the entire resulting derived work is distributed under the terms of
.\" a permission notice identical to this one.
.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date.  The author(s) assume.
.\" no responsibility for errors or omissions, or for damages resulting.
.\" from the use of the information contained herein.  The author(s) may.
.\" not have taken the same level of care in the production of this.
.\" manual, which is licensed free of charge, as they might when working.
.\" professionally.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
.\" %%%LICENSE_END
.TH FANOTIFY_MARK 2 2019-08-02 "Linux" "Linux Programmer's Manual"
.SH NAME
fanotify_mark \- add, remove, or modify an fanotify mark on a filesystem
object
.SH SYNOPSIS
.nf
.B #include <sys/fanotify.h>
.PP
.BI "int fanotify_mark(int " fanotify_fd ", unsigned int " flags ,
.BI "                  uint64_t " mask ", int " dirfd \
", const char *" pathname );
.fi
.SH DESCRIPTION
For an overview of the fanotify API, see
.BR fanotify (7).
.PP
.BR fanotify_mark ()
adds, removes, or modifies an fanotify mark on a filesystem object.
The caller must have read permission on the filesystem object that
is to be marked.
.PP
The
.I fanotify_fd
argument is a file descriptor returned by
.BR fanotify_init (2).
.PP
.I flags
is a bit mask describing the modification to perform.
It must include exactly one of the following values:
.TP
.B FAN_MARK_ADD
The events in
.I mask
will be added to the mark mask (or to the ignore mask).
.I mask
must be nonempty or the error
.B EINVAL
will occur.
.TP
.B FAN_MARK_REMOVE
The events in argument
.I mask
will be removed from the mark mask (or from the ignore mask).
.I mask
must be nonempty or the error
.B EINVAL
will occur.
.TP
.B FAN_MARK_FLUSH
Remove either all marks for filesystems, all marks for mounts, or all
marks for directories and files from the fanotify group.
If
.I flags
contains
.BR FAN_MARK_MOUNT ,
all marks for mounts are removed from the group.
If
.I flags
contains
.BR FAN_MARK_FILESYSTEM ,
all marks for filesystems are removed from the group.
Otherwise, all marks for directories and files are removed.
No flag other than and at most one of the flags
.B FAN_MARK_MOUNT
or
.B FAN_MARK_FILESYSTEM
can be used in conjunction with
.BR FAN_MARK_FLUSH .
.I mask
is ignored.
.PP
If none of the values above is specified, or more than one is specified,
the call fails with the error
.BR EINVAL .
.PP
In addition,
zero or more of the following values may be ORed into
.IR flags :
.TP
.B FAN_MARK_DONT_FOLLOW
If
.I pathname
is a symbolic link, mark the link itself, rather than the file to which it
refers.
(By default,
.BR fanotify_mark ()
dereferences
.I pathname
if it is a symbolic link.)
.TP
.B FAN_MARK_ONLYDIR
If the filesystem object to be marked is not a directory, the error
.B ENOTDIR
shall be raised.
.TP
.B FAN_MARK_MOUNT
Mark the mount point specified by
.IR pathname .
If
.I pathname
is not itself a mount point, the mount point containing
.I pathname
will be marked.
All directories, subdirectories, and the contained files of the mount point
will be monitored.
This value cannot be used if the
.I fanotify_fd
file descriptor has been initialized with the flag
.BR FAN_REPORT_FID
or if any of the new directory modification events are provided as a
.IR mask .
Attempting to do so will result in the error
.B EINVAL
being returned.
.TP
.BR FAN_MARK_FILESYSTEM " (since Linux 4.20)"
.\" commit d54f4fba889b205e9cd8239182ca5d27d0ac3bc2
Mark the filesystem specified by
.IR pathname .
The filesystem containing
.I pathname
will be marked.
All the contained files and directories of the filesystem from any mount
point will be monitored.
.TP
.B FAN_MARK_IGNORED_MASK
The events in
.I mask
shall be added to or removed from the ignore mask.
.TP
.B FAN_MARK_IGNORED_SURV_MODIFY
The ignore mask shall survive modify events.
If this flag is not set,
the ignore mask is cleared when a modify event occurs
for the ignored file or directory.
.PP
.I mask
defines which events shall be listened for (or which shall be ignored).
It is a bit mask composed of the following values:
.TP
.B FAN_ACCESS
Create an event when a file or directory (but see BUGS) is accessed (read).
.TP
.B FAN_MODIFY
Create an event when a file is modified (write).
.TP
.B FAN_CLOSE_WRITE
Create an event when a writable file is closed.
.TP
.B FAN_CLOSE_NOWRITE
Create an event when a read-only file or directory is closed.
.TP
.B FAN_OPEN
Create an event when a file or directory is opened.
.TP
.B FAN_OPEN_EXEC " (since Linux 5.0)"
Create an event when a file is opened with the intent to be executed.
See NOTES for additional details.
.TP
.B FAN_ATTRIB
Create an event when the metadata for a file or directory has changed.
.TP
.B FAN_CREATE
Create an event when a file or directory has been created in a marked
parent directory.
.TP
.B FAN_DELETE
Create an event when a file or directory has been deleted in a marked
parent directory.
.TP
.B FAN_DELETE_SELF
Create an event when a marked file or directory itself is deleted.
.TP
.B FAN_MOVED_FROM
Create an event when a file or directory has been moved from a marked
parent directory.
.TP
.B FAN_MOVED_TO
Create an event when a file or directory has been moved to a marked parent
directory.
.TP
.B FAN_Q_OVERFLOW
Create an event when an overflow of the event queue occurs.
The size of the event queue is limited to 16384 entries if
.B FAN_UNLIMITED_QUEUE
is not set in
.BR fanotify_init (2).
.TP
.B FAN_OPEN_PERM
Create an event when a permission to open a file or directory is requested.
An fanotify file descriptor created with
.B FAN_CLASS_PRE_CONTENT
or
.B FAN_CLASS_CONTENT
is required.
.TP
.BR FAN_OPEN_EXEC_PERM " (since Linux 5.0)"
Create an event when a permission to open a file for execution is
requested.
An fanotify file descriptor created with
.B FAN_CLASS_PRE_CONTENT
or
.B FAN_CLASS_CONTENT
is required.
See NOTES for additional details.
.TP
.B FAN_ACCESS_PERM
Create an event when a permission to read a file or directory is requested.
An fanotify file descriptor created with
.B FAN_CLASS_PRE_CONTENT
or
.B FAN_CLASS_CONTENT
is required.
.TP
.B FAN_ONDIR
Create events for directories\(emfor example, when
.BR opendir (3),
.BR readdir (3)
(but see BUGS), and
.BR closedir (3)
are called.
Without this flag, only events for files are created.
The
.BR FAN_ONDIR
flag is reported in an event mask only if the
.I fanotify_fd
file descriptor has been initialized with the flag
.BR FAN_REPORT_FID .
In the context of directory entry events, such as
.BR FAN_CREATE ,
.BR FAN_DELETE ,
.BR FAN_MOVED_FROM ,
and
.BR FAN_MOVED_TO
for example, specifying the flag
.BR FAN_ONDIR
is required in order to create events when subdirectory entries are
modified (i.e.,
.BR mkdir (2)/
.BR rmdir (2)).
Subdirectory entry modification events will never be merged with
nonsubdirectory entry modification events.
This flag is never reported individually within an event and is always
supplied in conjunction with another event type.
.TP
.B FAN_EVENT_ON_CHILD
Events for the immediate children of marked directories shall be created.
The flag has no effect when marking mounts and filesystems.
Note that events are not generated for children of the subdirectories
of marked directories.
To monitor complete directory trees it is necessary to mark the relevant
mount.
.PP
The following composed values are defined:
.TP
.B FAN_CLOSE
A file is closed
.RB ( FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE ).
.TP
.B FAN_MOVE
A file or directory has been moved
.RB ( FAN_MOVED_FROM | FAN_MOVED_TO ).
.PP
The filesystem object to be marked is determined by the file descriptor
.I dirfd
and the pathname specified in
.IR pathname :
.IP * 3
If
.I pathname
is NULL,
.I dirfd
defines the filesystem object to be marked.
.IP *
If
.I pathname
is NULL, and
.I dirfd
takes the special value
.BR AT_FDCWD ,
the current working directory is to be marked.
.IP *
If
.I pathname
is absolute, it defines the filesystem object to be marked, and
.I dirfd
is ignored.
.IP *
If
.I pathname
is relative, and
.I dirfd
does not have the value
.BR AT_FDCWD ,
then the filesystem object to be marked is determined by interpreting
.I pathname
relative the directory referred to by
.IR dirfd .
.IP *
If
.I pathname
is relative, and
.I dirfd
has the value
.BR AT_FDCWD ,
then the filesystem object to be marked is determined by interpreting
.I pathname
relative the current working directory.
.SH RETURN VALUE
On success,
.BR fanotify_mark ()
returns 0.
On error, \-1 is returned, and
.I errno
is set to indicate the error.
.SH ERRORS
.TP
.B EBADF
An invalid file descriptor was passed in
.IR fanotify_fd .
.TP
.B EINVAL
An invalid value was passed in
.IR flags
or
.IR mask ,
or
.I fanotify_fd
was not an fanotify file descriptor.
.TP
.B EINVAL
The fanotify file descriptor was opened with
.B FAN_CLASS_NOTIF
or
.B FAN_REPORT_FID
and mask contains a flag for permission events
.RB ( FAN_OPEN_PERM
or
.BR FAN_ACCESS_PERM ).
.TP
.B ENOENT
The filesystem object indicated by
.IR dirfd
and
.IR pathname
does not exist.
This error also occurs when trying to remove a mark from an object
which is not marked.
.TP
.B ENOMEM
The necessary memory could not be allocated.
.TP
.B ENOSPC
The number of marks exceeds the limit of 8192 and the
.B FAN_UNLIMITED_MARKS
flag was not specified when the fanotify file descriptor was created with
.BR fanotify_init (2).
.TP
.B ENOSYS
This kernel does not implement
.BR fanotify_mark ().
The fanotify API is available only if the kernel was configured with
.BR CONFIG_FANOTIFY .
.TP
.B ENOTDIR
.I flags
contains
.BR FAN_MARK_ONLYDIR ,
and
.I dirfd
and
.I pathname
do not specify a directory.
.TP
.B EXDEV
The filesystem object indicated by
.I pathname
resides within a filesystem subvolume (e.g.,
.BR btrfs (5))
which uses a different
.I fsid
than its root superblock.
This error can be returned only when an fanotify file descriptor returned
by
.BR fanotify_init (2)
has been created with
.BR FAN_REPORT_FID .
.TP
.B ENODEV
The filesystem object indicated by
.I pathname
is not associated with a filesystem that supports
.I fsid
(e.g.,
.BR tmpfs (5)).
This error can be returned only when an fanotify file descriptor returned
by
.BR fanotify_init (2)
has been created with
.BR FAN_REPORT_FID .
.TP
.B EOPNOTSUPP
The object indicated by
.I pathname
is associated with a filesystem that does not support the encoding of file
handles.
This error can be returned only when an fanotify file descriptor returned
by
.BR fanotify_init (2)
has been created with
.BR FAN_REPORT_FID .
.SH VERSIONS
.BR fanotify_mark ()
was introduced in version 2.6.36 of the Linux kernel and enabled in version
2.6.37.
.SH CONFORMING TO
This system call is Linux-specific.
.SH NOTES
.SS FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM
When using either
.B FAN_OPEN_EXEC
or
.B FAN_OPEN_EXEC_PERM
within the
.IR mask ,
events of these types will be returned only when the direct execution of a
program occurs.
More specifically, this means that events of these types will be generated
for files that are opened using
.BR execve (2),
.BR execveat (2),
or
.BR uselib (2).
Events of these types will not be raised in the situation where an
interpreter is passed (or reads) a script file for interpretation.
.PP
Additionally, if a mark has also been placed on the Linux dynamic
linker, a user should also expect to receive an event for it when
an ELF object has been successfully opened using
.BR execve (2)
or
.BR execveat (2).
.PP
For example, if the following ELF binary were to be invoked and a
.BR FAN_OPEN_EXEC
mark has been placed on /:
.PP
.in +4n
.EX
$ /bin/echo foo
.EE
.in
.PP
The listening application in this case would receive
.BR FAN_OPEN_EXEC
events for both the ELF binary and interpreter, respectively:
.PP
.in +4n
.EX
/bin/echo
/lib64/ld-linux-x86-64.so.2
.EE
.in
.SH BUGS
The following bugs were present in Linux kernels before version 3.16:
.IP * 3
.\" Fixed by commit 0a8dd2db579f7a0ac7033d6b857c3d5dbaa77563
If
.I flags
contains
.BR FAN_MARK_FLUSH ,
.I dirfd
and
.I pathname
must specify a valid filesystem object, even though this object is not used.
.IP *
.\" Fixed by commit d4c7cf6cffb1bc711a833b5e304ba5bcfe76398b
.BR readdir (2)
does not generate a
.B FAN_ACCESS
event.
.IP *
.\" Fixed by commit cc299a98eb13a9853675a9cbb90b30b4011e1406
If
.BR fanotify_mark ()
is called with
.BR FAN_MARK_FLUSH ,
.I flags
is not checked for invalid values.
.SH SEE ALSO
.BR fanotify_init (2),
.BR fanotify (7)
Commit	Line	Data
c200b422 HS	1	.\" Copyright (C) 2013, Heinrich Schuchardt <xypron.glpk@gmx.de>
	2	.\"
	3	.\" %%%LICENSE_START(VERBATIM)
	4	.\" Permission is granted to make and distribute verbatim copies of this
	5	.\" manual provided the copyright notice and this permission notice are
	6	.\" preserved on all copies.
	7	.\"
	8	.\" Permission is granted to copy and distribute modified versions of
	9	.\" this manual under the conditions for verbatim copying, provided that
	10	.\" the entire resulting derived work is distributed under the terms of
	11	.\" a permission notice identical to this one.
	12	.\"
	13	.\" Since the Linux kernel and libraries are constantly changing, this
	14	.\" manual page may be incorrect or out-of-date. The author(s) assume.
	15	.\" no responsibility for errors or omissions, or for damages resulting.
	16	.\" from the use of the information contained herein. The author(s) may.
	17	.\" not have taken the same level of care in the production of this.
	18	.\" manual, which is licensed free of charge, as they might when working.
	19	.\" professionally.
	20	.\"
	21	.\" Formatted or processed versions of this manual, if unaccompanied by
	22	.\" the source, must acknowledge the copyright and authors of this work.
	23	.\" %%%LICENSE_END
63121bd4	24	.TH FANOTIFY_MARK 2 2019-08-02 "Linux" "Linux Programmer's Manual"
c200b422 HS	25	.SH NAME
	26	fanotify_mark \- add, remove, or modify an fanotify mark on a filesystem
	27	object
	28	.SH SYNOPSIS
	29	.nf
	30	.B #include <sys/fanotify.h>
68e4db0a	31	.PP
c200b422	32	.BI "int fanotify_mark(int " fanotify_fd ", unsigned int " flags ,
5ff1ff14 MK	33	.BI " uint64_t " mask ", int " dirfd \
5ff1ff14 MK	34	", const char *" pathname );
c200b422 HS	35	.fi
	36	.SH DESCRIPTION
	37	For an overview of the fanotify API, see
	38	.BR fanotify (7).
	39	.PP
bf7bc8b8	40	.BR fanotify_mark ()
b6551738	41	adds, removes, or modifies an fanotify mark on a filesystem object.
1b24e2ee MK	42	The caller must have read permission on the filesystem object that
1b24e2ee MK	43	is to be marked.
c200b422 HS	44	.PP
	45	The
	46	.I fanotify_fd
963a1568	47	argument is a file descriptor returned by
c200b422 HS	48	.BR fanotify_init (2).
	49	.PP
	50	.I flags
	51	is a bit mask describing the modification to perform.
	52	It must include exactly one of the following values:
	53	.TP
	54	.B FAN_MARK_ADD
	55	The events in
	56	.I mask
	57	will be added to the mark mask (or to the ignore mask).
	58	.I mask
	59	must be nonempty or the error
	60	.B EINVAL
	61	will occur.
	62	.TP
	63	.B FAN_MARK_REMOVE
	64	The events in argument
	65	.I mask
	66	will be removed from the mark mask (or from the ignore mask).
	67	.I mask
	68	must be nonempty or the error
	69	.B EINVAL
	70	will occur.
	71	.TP
	72	.B FAN_MARK_FLUSH
953d1e07	73	Remove either all marks for filesystems, all marks for mounts, or all
b2f8214d	74	marks for directories and files from the fanotify group.
c200b422	75	If
8c659c48	76	.I flags
c200b422 HS	77	contains
	78	.BR FAN_MARK_MOUNT ,
	79	all marks for mounts are removed from the group.
b2f8214d AG	80	If
	81	.I flags
	82	contains
	83	.BR FAN_MARK_FILESYSTEM ,
	84	all marks for filesystems are removed from the group.
c200b422	85	Otherwise, all marks for directories and files are removed.
953d1e07	86	No flag other than and at most one of the flags
c200b422	87	.B FAN_MARK_MOUNT
b2f8214d AG	88	or
b2f8214d AG	89	.B FAN_MARK_FILESYSTEM
c200b422 HS	90	can be used in conjunction with
	91	.BR FAN_MARK_FLUSH .
	92	.I mask
	93	is ignored.
	94	.PP
1b24e2ee MK	95	If none of the values above is specified, or more than one is specified,
1b24e2ee MK	96	the call fails with the error
c200b422 HS	97	.BR EINVAL .
	98	.PP
	99	In addition,
d4a12c12 MK	100	zero or more of the following values may be ORed into
d4a12c12 MK	101	.IR flags :
c200b422 HS	102	.TP
	103	.B FAN_MARK_DONT_FOLLOW
	104	If
	105	.I pathname
	106	is a symbolic link, mark the link itself, rather than the file to which it
	107	refers.
	108	(By default,
	109	.BR fanotify_mark ()
	110	dereferences
	111	.I pathname
	112	if it is a symbolic link.)
	113	.TP
	114	.B FAN_MARK_ONLYDIR
	115	If the filesystem object to be marked is not a directory, the error
	116	.B ENOTDIR
	117	shall be raised.
	118	.TP
	119	.B FAN_MARK_MOUNT
c82b4ae4 MK	120	Mark the mount point specified by
	121	.IR pathname .
	122	If
	123	.I pathname
	124	is not itself a mount point, the mount point containing
c200b422	125	.I pathname
c200b422 HS	126	will be marked.
	127	All directories, subdirectories, and the contained files of the mount point
	128	will be monitored.
0a4db6dc MB	129	This value cannot be used if the
	130	.I fanotify_fd
	131	file descriptor has been initialized with the flag
	132	.BR FAN_REPORT_FID
	133	or if any of the new directory modification events are provided as a
	134	.IR mask .
	135	Attempting to do so will result in the error
	136	.B EINVAL
	137	being returned.
c200b422	138	.TP
b2f8214d AG	139	.BR FAN_MARK_FILESYSTEM " (since Linux 4.20)"
	140	.\" commit d54f4fba889b205e9cd8239182ca5d27d0ac3bc2
	141	Mark the filesystem specified by
	142	.IR pathname .
	143	The filesystem containing
	144	.I pathname
	145	will be marked.
	146	All the contained files and directories of the filesystem from any mount
	147	point will be monitored.
	148	.TP
c200b422 HS	149	.B FAN_MARK_IGNORED_MASK
	150	The events in
	151	.I mask
	152	shall be added to or removed from the ignore mask.
	153	.TP
	154	.B FAN_MARK_IGNORED_SURV_MODIFY
	155	The ignore mask shall survive modify events.
1b24e2ee MK	156	If this flag is not set,
1b24e2ee MK	157	the ignore mask is cleared when a modify event occurs
c200b422 HS	158	for the ignored file or directory.
	159	.PP
	160	.I mask
d4a12c12	161	defines which events shall be listened for (or which shall be ignored).
c200b422 HS	162	It is a bit mask composed of the following values:
	163	.TP
	164	.B FAN_ACCESS
	165	Create an event when a file or directory (but see BUGS) is accessed (read).
	166	.TP
	167	.B FAN_MODIFY
	168	Create an event when a file is modified (write).
	169	.TP
	170	.B FAN_CLOSE_WRITE
	171	Create an event when a writable file is closed.
	172	.TP
	173	.B FAN_CLOSE_NOWRITE
	174	Create an event when a read-only file or directory is closed.
	175	.TP
	176	.B FAN_OPEN
	177	Create an event when a file or directory is opened.
	178	.TP
fd1eb8a7	179	.B FAN_OPEN_EXEC " (since Linux 5.0)"
fc37d2f1	180	Create an event when a file is opened with the intent to be executed.
fd1eb8a7	181	See NOTES for additional details.
fc37d2f1	182	.TP
0a4db6dc MB	183	.B FAN_ATTRIB
	184	Create an event when the metadata for a file or directory has changed.
	185	.TP
	186	.B FAN_CREATE
	187	Create an event when a file or directory has been created in a marked
	188	parent directory.
	189	.TP
	190	.B FAN_DELETE
	191	Create an event when a file or directory has been deleted in a marked
	192	parent directory.
	193	.TP
	194	.B FAN_DELETE_SELF
	195	Create an event when a marked file or directory itself is deleted.
	196	.TP
	197	.B FAN_MOVED_FROM
	198	Create an event when a file or directory has been moved from a marked
	199	parent directory.
	200	.TP
	201	.B FAN_MOVED_TO
	202	Create an event when a file or directory has been moved to a marked parent
	203	directory.
	204	.TP
5d730f86 HS	205	.B FAN_Q_OVERFLOW
	206	Create an event when an overflow of the event queue occurs.
	207	The size of the event queue is limited to 16384 entries if
	208	.B FAN_UNLIMITED_QUEUE
	209	is not set in
	210	.BR fanotify_init (2).
	211	.TP
c200b422 HS	212	.B FAN_OPEN_PERM
	213	Create an event when a permission to open a file or directory is requested.
	214	An fanotify file descriptor created with
	215	.B FAN_CLASS_PRE_CONTENT
	216	or
	217	.B FAN_CLASS_CONTENT
	218	is required.
	219	.TP
fd1eb8a7	220	.BR FAN_OPEN_EXEC_PERM " (since Linux 5.0)"
fc37d2f1 MB	221	Create an event when a permission to open a file for execution is
	222	requested.
	223	An fanotify file descriptor created with
	224	.B FAN_CLASS_PRE_CONTENT
	225	or
	226	.B FAN_CLASS_CONTENT
	227	is required.
fd1eb8a7	228	See NOTES for additional details.
fc37d2f1	229	.TP
c200b422 HS	230	.B FAN_ACCESS_PERM
	231	Create an event when a permission to read a file or directory is requested.
	232	An fanotify file descriptor created with
	233	.B FAN_CLASS_PRE_CONTENT
	234	or
	235	.B FAN_CLASS_CONTENT
	236	is required.
	237	.TP
	238	.B FAN_ONDIR
817c8240	239	Create events for directories\(emfor example, when
834e5597 MK	240	.BR opendir (3),
834e5597 MK	241	.BR readdir (3)
c200b422	242	(but see BUGS), and
834e5597	243	.BR closedir (3)
c200b422	244	are called.
57f87a2c	245	Without this flag, only events for files are created.
0a4db6dc MB	246	The
	247	.BR FAN_ONDIR
	248	flag is reported in an event mask only if the
	249	.I fanotify_fd
	250	file descriptor has been initialized with the flag
	251	.BR FAN_REPORT_FID .
	252	In the context of directory entry events, such as
	253	.BR FAN_CREATE ,
	254	.BR FAN_DELETE ,
817c8240	255	.BR FAN_MOVED_FROM ,
0a4db6dc MB	256	and
	257	.BR FAN_MOVED_TO
	258	for example, specifying the flag
	259	.BR FAN_ONDIR
	260	is required in order to create events when subdirectory entries are
817c8240 MK	261	modified (i.e.,
	262	.BR mkdir (2)/
	263	.BR rmdir (2)).
	264	Subdirectory entry modification events will never be merged with
	265	nonsubdirectory entry modification events.
0a4db6dc MB	266	This flag is never reported individually within an event and is always
0a4db6dc MB	267	supplied in conjunction with another event type.
c200b422 HS	268	.TP
	269	.B FAN_EVENT_ON_CHILD
	270	Events for the immediate children of marked directories shall be created.
b2f8214d	271	The flag has no effect when marking mounts and filesystems.
c200b422 HS	272	Note that events are not generated for children of the subdirectories
	273	of marked directories.
	274	To monitor complete directory trees it is necessary to mark the relevant
	275	mount.
	276	.PP
0a4db6dc	277	The following composed values are defined:
c200b422 HS	278	.TP
	279	.B FAN_CLOSE
	280	A file is closed
	281	.RB ( FAN_CLOSE_WRITE \| FAN_CLOSE_NOWRITE ).
0a4db6dc MB	282	.TP
	283	.B FAN_MOVE
	284	A file or directory has been moved
	285	.RB ( FAN_MOVED_FROM \| FAN_MOVED_TO ).
c200b422 HS	286	.PP
	287	The filesystem object to be marked is determined by the file descriptor
	288	.I dirfd
	289	and the pathname specified in
	290	.IR pathname :
	291	.IP * 3
	292	If
	293	.I pathname
	294	is NULL,
	295	.I dirfd
	296	defines the filesystem object to be marked.
	297	.IP *
	298	If
	299	.I pathname
	300	is NULL, and
	301	.I dirfd
	302	takes the special value
	303	.BR AT_FDCWD ,
	304	the current working directory is to be marked.
	305	.IP *
	306	If
	307	.I pathname
	308	is absolute, it defines the filesystem object to be marked, and
	309	.I dirfd
	310	is ignored.
	311	.IP *
	312	If
	313	.I pathname
	314	is relative, and
	315	.I dirfd
	316	does not have the value
	317	.BR AT_FDCWD ,
	318	then the filesystem object to be marked is determined by interpreting
	319	.I pathname
	320	relative the directory referred to by
	321	.IR dirfd .
	322	.IP *
	323	If
	324	.I pathname
	325	is relative, and
	326	.I dirfd
	327	has the value
9fdb563e	328	.BR AT_FDCWD ,
c200b422 HS	329	then the filesystem object to be marked is determined by interpreting
	330	.I pathname
	331	relative the current working directory.
	332	.SH RETURN VALUE
	333	On success,
	334	.BR fanotify_mark ()
	335	returns 0.
b3470de1	336	On error, \-1 is returned, and
c200b422 HS	337	.I errno
	338	is set to indicate the error.
	339	.SH ERRORS
	340	.TP
	341	.B EBADF
	342	An invalid file descriptor was passed in
	343	.IR fanotify_fd .
	344	.TP
	345	.B EINVAL
	346	An invalid value was passed in
	347	.IR flags
	348	or
	349	.IR mask ,
	350	or
	351	.I fanotify_fd
	352	was not an fanotify file descriptor.
	353	.TP
	354	.B EINVAL
	355	The fanotify file descriptor was opened with
	356	.B FAN_CLASS_NOTIF
0a4db6dc MB	357	or
0a4db6dc MB	358	.B FAN_REPORT_FID
c200b422 HS	359	and mask contains a flag for permission events
	360	.RB ( FAN_OPEN_PERM
	361	or
	362	.BR FAN_ACCESS_PERM ).
	363	.TP
	364	.B ENOENT
	365	The filesystem object indicated by
	366	.IR dirfd
	367	and
	368	.IR pathname
	369	does not exist.
1b24e2ee MK	370	This error also occurs when trying to remove a mark from an object
1b24e2ee MK	371	which is not marked.
c200b422 HS	372	.TP
	373	.B ENOMEM
	374	The necessary memory could not be allocated.
	375	.TP
	376	.B ENOSPC
d4a12c12	377	The number of marks exceeds the limit of 8192 and the
c200b422	378	.B FAN_UNLIMITED_MARKS
d4a12c12	379	flag was not specified when the fanotify file descriptor was created with
c200b422 HS	380	.BR fanotify_init (2).
c200b422 HS	381	.TP
89ba4cc2 MK	382	.B ENOSYS
89ba4cc2 MK	383	This kernel does not implement
ffb30e75	384	.BR fanotify_mark ().
d4a12c12 MK	385	The fanotify API is available only if the kernel was configured with
d4a12c12 MK	386	.BR CONFIG_FANOTIFY .
89ba4cc2	387	.TP
c200b422 HS	388	.B ENOTDIR
	389	.I flags
	390	contains
	391	.BR FAN_MARK_ONLYDIR ,
	392	and
	393	.I dirfd
	394	and
	395	.I pathname
	396	do not specify a directory.
0a4db6dc MB	397	.TP
0a4db6dc MB	398	.B EXDEV
eae836e0	399	The filesystem object indicated by
0a4db6dc	400	.I pathname
817c8240 MK	401	resides within a filesystem subvolume (e.g.,
	402	.BR btrfs (5))
	403	which uses a different
0a4db6dc MB	404	.I fsid
0a4db6dc MB	405	than its root superblock.
817c8240	406	This error can be returned only when an fanotify file descriptor returned
0a4db6dc MB	407	by
	408	.BR fanotify_init (2)
	409	has been created with
	410	.BR FAN_REPORT_FID .
	411	.TP
	412	.B ENODEV
eae836e0	413	The filesystem object indicated by
0a4db6dc MB	414	.I pathname
	415	is not associated with a filesystem that supports
	416	.I fsid
817c8240 MK	417	(e.g.,
	418	.BR tmpfs (5)).
	419	This error can be returned only when an fanotify file descriptor returned
0a4db6dc MB	420	by
	421	.BR fanotify_init (2)
	422	has been created with
	423	.BR FAN_REPORT_FID .
	424	.TP
	425	.B EOPNOTSUPP
	426	The object indicated by
	427	.I pathname
	428	is associated with a filesystem that does not support the encoding of file
	429	handles.
817c8240	430	This error can be returned only when an fanotify file descriptor returned
0a4db6dc MB	431	by
	432	.BR fanotify_init (2)
	433	has been created with
	434	.BR FAN_REPORT_FID .
c200b422 HS	435	.SH VERSIONS
	436	.BR fanotify_mark ()
	437	was introduced in version 2.6.36 of the Linux kernel and enabled in version
	438	2.6.37.
	439	.SH CONFORMING TO
	440	This system call is Linux-specific.
fc37d2f1	441	.SH NOTES
fd1eb8a7	442	.SS FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM
fc37d2f1 MB	443	When using either
	444	.B FAN_OPEN_EXEC
	445	or
	446	.B FAN_OPEN_EXEC_PERM
	447	within the
	448	.IR mask ,
fd1eb8a7	449	events of these types will be returned only when the direct execution of a
fc37d2f1	450	program occurs.
fd1eb8a7 MK	451	More specifically, this means that events of these types will be generated
	452	for files that are opened using
	453	.BR execve (2),
	454	.BR execveat (2),
fc37d2f1	455	or
fd1eb8a7	456	.BR uselib (2).
fc37d2f1	457	Events of these types will not be raised in the situation where an
6474f351	458	interpreter is passed (or reads) a script file for interpretation.
fc37d2f1 MB	459	.PP
fc37d2f1 MB	460	Additionally, if a mark has also been placed on the Linux dynamic
fd1eb8a7 MK	461	linker, a user should also expect to receive an event for it when
	462	an ELF object has been successfully opened using
	463	.BR execve (2)
fc37d2f1	464	or
fd1eb8a7	465	.BR execveat (2).
fc37d2f1 MB	466	.PP
	467	For example, if the following ELF binary were to be invoked and a
	468	.BR FAN_OPEN_EXEC
	469	mark has been placed on /:
	470	.PP
fd1eb8a7	471	.in +4n
fc37d2f1	472	.EX
fd1eb8a7	473	$ /bin/echo foo
fc37d2f1	474	.EE
fd1eb8a7	475	.in
fc37d2f1	476	.PP
fd1eb8a7	477	The listening application in this case would receive
fc37d2f1	478	.BR FAN_OPEN_EXEC
fd1eb8a7	479	events for both the ELF binary and interpreter, respectively:
fc37d2f1	480	.PP
fd1eb8a7	481	.in +4n
fc37d2f1	482	.EX
fd1eb8a7 MK	483	/bin/echo
fd1eb8a7 MK	484	/lib64/ld-linux-x86-64.so.2
fc37d2f1	485	.EE
fd1eb8a7	486	.in
c200b422	487	.SH BUGS
e5209a5a	488	The following bugs were present in Linux kernels before version 3.16:
c200b422	489	.IP * 3
e5209a5a	490	.\" Fixed by commit 0a8dd2db579f7a0ac7033d6b857c3d5dbaa77563
c200b422 HS	491	If
	492	.I flags
	493	contains
	494	.BR FAN_MARK_FLUSH ,
2335e402	495	.I dirfd
c200b422 HS	496	and
c200b422 HS	497	.I pathname
4ac7d313	498	must specify a valid filesystem object, even though this object is not used.
c200b422	499	.IP *
e5209a5a	500	.\" Fixed by commit d4c7cf6cffb1bc711a833b5e304ba5bcfe76398b
c200b422	501	.BR readdir (2)
97ef170a	502	does not generate a
c200b422 HS	503	.B FAN_ACCESS
	504	event.
	505	.IP *
e5209a5a	506	.\" Fixed by commit cc299a98eb13a9853675a9cbb90b30b4011e1406
c200b422	507	If
bf7bc8b8	508	.BR fanotify_mark ()
c200b422	509	is called with
f2f50fed	510	.BR FAN_MARK_FLUSH ,
c200b422 HS	511	.I flags
	512	is not checked for invalid values.
	513	.SH SEE ALSO
	514	.BR fanotify_init (2),
	515	.BR fanotify (7)