[thirdparty/man-pages.git] / man2 / fanotify_mark.2

.\" Copyright (C) 2013,  Heinrich Schuchardt <xypron.glpk@gmx.de>
.\"
.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of
.\" this manual under the conditions for verbatim copying, provided that
.\" the entire resulting derived work is distributed under the terms of
.\" a permission notice identical to this one.
.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date.  The author(s) assume.
.\" no responsibility for errors or omissions, or for damages resulting.
.\" from the use of the information contained herein.  The author(s) may.
.\" not have taken the same level of care in the production of this.
.\" manual, which is licensed free of charge, as they might when working.
.\" professionally.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
.\" %%%LICENSE_END
.TH FANOTIFY_MARK 2 2016-10-08 "Linux" "Linux Programmer's Manual"
.SH NAME
fanotify_mark \- add, remove, or modify an fanotify mark on a filesystem
object
.SH SYNOPSIS
.nf
.B #include <sys/fanotify.h>
.PP
.BI "int fanotify_mark(int " fanotify_fd ", unsigned int " flags ,
.BI "                  uint64_t " mask ", int " dirfd \
", const char *" pathname );
.fi
.SH DESCRIPTION
For an overview of the fanotify API, see
.BR fanotify (7).
.PP
.BR fanotify_mark ()
adds, removes, or modifies an fanotify mark on a filesystem object.
The caller must have read permission on the filesystem object that
is to be marked.
.PP
The
.I fanotify_fd
argument is a file descriptor returned by
.BR fanotify_init (2).
.PP
.I flags
is a bit mask describing the modification to perform.
It must include exactly one of the following values:
.TP
.B FAN_MARK_ADD
The events in
.I mask
will be added to the mark mask (or to the ignore mask).
.I mask
must be nonempty or the error
.B EINVAL
will occur.
.TP
.B FAN_MARK_REMOVE
The events in argument
.I mask
will be removed from the mark mask (or from the ignore mask).
.I mask
must be nonempty or the error
.B EINVAL
will occur.
.TP
.B FAN_MARK_FLUSH
Remove either all marks for filesystems, all marks for mounts, or all
marks for directories and files from the fanotify group.
If
.I flags
contains
.BR FAN_MARK_MOUNT ,
all marks for mounts are removed from the group.
If
.I flags
contains
.BR FAN_MARK_FILESYSTEM ,
all marks for filesystems are removed from the group.
Otherwise, all marks for directories and files are removed.
No flag other than and at most one of the flags
.B FAN_MARK_MOUNT
or
.B FAN_MARK_FILESYSTEM
can be used in conjunction with
.BR FAN_MARK_FLUSH .
.I mask
is ignored.
.PP
If none of the values above is specified, or more than one is specified,
the call fails with the error
.BR EINVAL .
.PP
In addition,
zero or more of the following values may be ORed into
.IR flags :
.TP
.B FAN_MARK_DONT_FOLLOW
If
.I pathname
is a symbolic link, mark the link itself, rather than the file to which it
refers.
(By default,
.BR fanotify_mark ()
dereferences
.I pathname
if it is a symbolic link.)
.TP
.B FAN_MARK_ONLYDIR
If the filesystem object to be marked is not a directory, the error
.B ENOTDIR
shall be raised.
.TP
.B FAN_MARK_MOUNT
Mark the mount point specified by
.IR pathname .
If
.I pathname
is not itself a mount point, the mount point containing
.I pathname
will be marked.
All directories, subdirectories, and the contained files of the mount point
will be monitored.
.TP
.BR FAN_MARK_FILESYSTEM " (since Linux 4.20)"
.\" commit d54f4fba889b205e9cd8239182ca5d27d0ac3bc2
Mark the filesystem specified by
.IR pathname .
The filesystem containing
.I pathname
will be marked.
All the contained files and directories of the filesystem from any mount
point will be monitored.
.TP
.B FAN_MARK_IGNORED_MASK
The events in
.I mask
shall be added to or removed from the ignore mask.
.TP
.B FAN_MARK_IGNORED_SURV_MODIFY
The ignore mask shall survive modify events.
If this flag is not set,
the ignore mask is cleared when a modify event occurs
for the ignored file or directory.
.PP
.I mask
defines which events shall be listened for (or which shall be ignored).
It is a bit mask composed of the following values:
.TP
.B FAN_ACCESS
Create an event when a file or directory (but see BUGS) is accessed (read).
.TP
.B FAN_MODIFY
Create an event when a file is modified (write).
.TP
.B FAN_CLOSE_WRITE
Create an event when a writable file is closed.
.TP
.B FAN_CLOSE_NOWRITE
Create an event when a read-only file or directory is closed.
.TP
.B FAN_OPEN
Create an event when a file or directory is opened.
.TP
.B FAN_OPEN_EXEC " (since Linux 5.0)"
Create an event when a file is opened with the intent to be executed.
See NOTES for additional details.
.TP
.B FAN_Q_OVERFLOW
Create an event when an overflow of the event queue occurs.
The size of the event queue is limited to 16384 entries if
.B FAN_UNLIMITED_QUEUE
is not set in
.BR fanotify_init (2).
.TP
.B FAN_OPEN_PERM
Create an event when a permission to open a file or directory is requested.
An fanotify file descriptor created with
.B FAN_CLASS_PRE_CONTENT
or
.B FAN_CLASS_CONTENT
is required.
.TP
.BR FAN_OPEN_EXEC_PERM " (since Linux 5.0)"
Create an event when a permission to open a file for execution is
requested.
An fanotify file descriptor created with
.B FAN_CLASS_PRE_CONTENT
or
.B FAN_CLASS_CONTENT
is required.
See NOTES for additional details.
.TP
.B FAN_ACCESS_PERM
Create an event when a permission to read a file or directory is requested.
An fanotify file descriptor created with
.B FAN_CLASS_PRE_CONTENT
or
.B FAN_CLASS_CONTENT
is required.
.TP
.B FAN_ONDIR
Create events for directories\(emfor example, when
.BR opendir (3),
.BR readdir (3)
(but see BUGS), and
.BR closedir (3)
are called.
Without this flag, only events for files are created.
.TP
.B FAN_EVENT_ON_CHILD
Events for the immediate children of marked directories shall be created.
The flag has no effect when marking mounts and filesystems.
Note that events are not generated for children of the subdirectories
of marked directories.
To monitor complete directory trees it is necessary to mark the relevant
mount.
.PP
The following composed value is defined:
.TP
.B FAN_CLOSE
A file is closed
.RB ( FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE ).
.PP
The filesystem object to be marked is determined by the file descriptor
.I dirfd
and the pathname specified in
.IR pathname :
.IP * 3
If
.I pathname
is NULL,
.I dirfd
defines the filesystem object to be marked.
.IP *
If
.I pathname
is NULL, and
.I dirfd
takes the special value
.BR AT_FDCWD ,
the current working directory is to be marked.
.IP *
If
.I pathname
is absolute, it defines the filesystem object to be marked, and
.I dirfd
is ignored.
.IP *
If
.I pathname
is relative, and
.I dirfd
does not have the value
.BR AT_FDCWD ,
then the filesystem object to be marked is determined by interpreting
.I pathname
relative the directory referred to by
.IR dirfd .
.IP *
If
.I pathname
is relative, and
.I dirfd
has the value
.BR AT_FDCWD ,
then the filesystem object to be marked is determined by interpreting
.I pathname
relative the current working directory.
.SH RETURN VALUE
On success,
.BR fanotify_mark ()
returns 0.
On error, \-1 is returned, and
.I errno
is set to indicate the error.
.SH ERRORS
.TP
.B EBADF
An invalid file descriptor was passed in
.IR fanotify_fd .
.TP
.B EINVAL
An invalid value was passed in
.IR flags
or
.IR mask ,
or
.I fanotify_fd
was not an fanotify file descriptor.
.TP
.B EINVAL
The fanotify file descriptor was opened with
.B FAN_CLASS_NOTIF
and mask contains a flag for permission events
.RB ( FAN_OPEN_PERM
or
.BR FAN_ACCESS_PERM ).
.TP
.B ENOENT
The filesystem object indicated by
.IR dirfd
and
.IR pathname
does not exist.
This error also occurs when trying to remove a mark from an object
which is not marked.
.TP
.B ENOMEM
The necessary memory could not be allocated.
.TP
.B ENOSPC
The number of marks exceeds the limit of 8192 and the
.B FAN_UNLIMITED_MARKS
flag was not specified when the fanotify file descriptor was created with
.BR fanotify_init (2).
.TP
.B ENOSYS
This kernel does not implement
.BR fanotify_mark ().
The fanotify API is available only if the kernel was configured with
.BR CONFIG_FANOTIFY .
.TP
.B ENOTDIR
.I flags
contains
.BR FAN_MARK_ONLYDIR ,
and
.I dirfd
and
.I pathname
do not specify a directory.
.SH VERSIONS
.BR fanotify_mark ()
was introduced in version 2.6.36 of the Linux kernel and enabled in version
2.6.37.
.SH CONFORMING TO
This system call is Linux-specific.
.SH NOTES
.SS FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM
When using either
.B FAN_OPEN_EXEC
or
.B FAN_OPEN_EXEC_PERM
within the
.IR mask ,
events of these types will be returned only when the direct execution of a
program occurs.
More specifically, this means that events of these types will be generated
for files that are opened using
.BR execve (2),
.BR execveat (2),
or
.BR uselib (2).
Events of these types will not be raised in the situation where an
interpreter is passed (or reads) a script file for interpretation.
.PP
Additionally, if a mark has also been placed on the Linux dynamic
linker, a user should also expect to receive an event for it when
an ELF object has been successfully opened using
.BR execve (2)
or
.BR execveat (2).
.PP
For example, if the following ELF binary were to be invoked and a
.BR FAN_OPEN_EXEC
mark has been placed on /:
.PP
.in +4n
.EX
$ /bin/echo foo
.EE
.in
.PP
The listening application in this case would receive
.BR FAN_OPEN_EXEC
events for both the ELF binary and interpreter, respectively:
.PP
.in +4n
.EX
/bin/echo
/lib64/ld-linux-x86-64.so.2
.EE
.in
.SH BUGS
The following bugs were present in Linux kernels before version 3.16:
.IP * 3
.\" Fixed by commit 0a8dd2db579f7a0ac7033d6b857c3d5dbaa77563
If
.I flags
contains
.BR FAN_MARK_FLUSH ,
.I dirfd
and
.I pathname
must specify a valid filesystem object, even though this object is not used.
.IP *
.\" Fixed by commit d4c7cf6cffb1bc711a833b5e304ba5bcfe76398b
.BR readdir (2)
does not generate a
.B FAN_ACCESS
event.
.IP *
.\" Fixed by commit cc299a98eb13a9853675a9cbb90b30b4011e1406
If
.BR fanotify_mark ()
is called with
.BR FAN_MARK_FLUSH ,
.I flags
is not checked for invalid values.
.SH SEE ALSO
.BR fanotify_init (2),
.BR fanotify (7)
Commit	Line	Data
c200b422 HS	1	.\" Copyright (C) 2013, Heinrich Schuchardt <xypron.glpk@gmx.de>
	2	.\"
	3	.\" %%%LICENSE_START(VERBATIM)
	4	.\" Permission is granted to make and distribute verbatim copies of this
	5	.\" manual provided the copyright notice and this permission notice are
	6	.\" preserved on all copies.
	7	.\"
	8	.\" Permission is granted to copy and distribute modified versions of
	9	.\" this manual under the conditions for verbatim copying, provided that
	10	.\" the entire resulting derived work is distributed under the terms of
	11	.\" a permission notice identical to this one.
	12	.\"
	13	.\" Since the Linux kernel and libraries are constantly changing, this
	14	.\" manual page may be incorrect or out-of-date. The author(s) assume.
	15	.\" no responsibility for errors or omissions, or for damages resulting.
	16	.\" from the use of the information contained herein. The author(s) may.
	17	.\" not have taken the same level of care in the production of this.
	18	.\" manual, which is licensed free of charge, as they might when working.
	19	.\" professionally.
	20	.\"
	21	.\" Formatted or processed versions of this manual, if unaccompanied by
	22	.\" the source, must acknowledge the copyright and authors of this work.
	23	.\" %%%LICENSE_END
b8efb414	24	.TH FANOTIFY_MARK 2 2016-10-08 "Linux" "Linux Programmer's Manual"
c200b422 HS	25	.SH NAME
	26	fanotify_mark \- add, remove, or modify an fanotify mark on a filesystem
	27	object
	28	.SH SYNOPSIS
	29	.nf
	30	.B #include <sys/fanotify.h>
68e4db0a	31	.PP
c200b422	32	.BI "int fanotify_mark(int " fanotify_fd ", unsigned int " flags ,
5ff1ff14 MK	33	.BI " uint64_t " mask ", int " dirfd \
5ff1ff14 MK	34	", const char *" pathname );
c200b422 HS	35	.fi
	36	.SH DESCRIPTION
	37	For an overview of the fanotify API, see
	38	.BR fanotify (7).
	39	.PP
bf7bc8b8	40	.BR fanotify_mark ()
b6551738	41	adds, removes, or modifies an fanotify mark on a filesystem object.
1b24e2ee MK	42	The caller must have read permission on the filesystem object that
1b24e2ee MK	43	is to be marked.
c200b422 HS	44	.PP
	45	The
	46	.I fanotify_fd
963a1568	47	argument is a file descriptor returned by
c200b422 HS	48	.BR fanotify_init (2).
	49	.PP
	50	.I flags
	51	is a bit mask describing the modification to perform.
	52	It must include exactly one of the following values:
	53	.TP
	54	.B FAN_MARK_ADD
	55	The events in
	56	.I mask
	57	will be added to the mark mask (or to the ignore mask).
	58	.I mask
	59	must be nonempty or the error
	60	.B EINVAL
	61	will occur.
	62	.TP
	63	.B FAN_MARK_REMOVE
	64	The events in argument
	65	.I mask
	66	will be removed from the mark mask (or from the ignore mask).
	67	.I mask
	68	must be nonempty or the error
	69	.B EINVAL
	70	will occur.
	71	.TP
	72	.B FAN_MARK_FLUSH
953d1e07	73	Remove either all marks for filesystems, all marks for mounts, or all
b2f8214d	74	marks for directories and files from the fanotify group.
c200b422	75	If
8c659c48	76	.I flags
c200b422 HS	77	contains
	78	.BR FAN_MARK_MOUNT ,
	79	all marks for mounts are removed from the group.
b2f8214d AG	80	If
	81	.I flags
	82	contains
	83	.BR FAN_MARK_FILESYSTEM ,
	84	all marks for filesystems are removed from the group.
c200b422	85	Otherwise, all marks for directories and files are removed.
953d1e07	86	No flag other than and at most one of the flags
c200b422	87	.B FAN_MARK_MOUNT
b2f8214d AG	88	or
b2f8214d AG	89	.B FAN_MARK_FILESYSTEM
c200b422 HS	90	can be used in conjunction with
	91	.BR FAN_MARK_FLUSH .
	92	.I mask
	93	is ignored.
	94	.PP
1b24e2ee MK	95	If none of the values above is specified, or more than one is specified,
1b24e2ee MK	96	the call fails with the error
c200b422 HS	97	.BR EINVAL .
	98	.PP
	99	In addition,
d4a12c12 MK	100	zero or more of the following values may be ORed into
d4a12c12 MK	101	.IR flags :
c200b422 HS	102	.TP
	103	.B FAN_MARK_DONT_FOLLOW
	104	If
	105	.I pathname
	106	is a symbolic link, mark the link itself, rather than the file to which it
	107	refers.
	108	(By default,
	109	.BR fanotify_mark ()
	110	dereferences
	111	.I pathname
	112	if it is a symbolic link.)
	113	.TP
	114	.B FAN_MARK_ONLYDIR
	115	If the filesystem object to be marked is not a directory, the error
	116	.B ENOTDIR
	117	shall be raised.
	118	.TP
	119	.B FAN_MARK_MOUNT
c82b4ae4 MK	120	Mark the mount point specified by
	121	.IR pathname .
	122	If
	123	.I pathname
	124	is not itself a mount point, the mount point containing
c200b422	125	.I pathname
c200b422 HS	126	will be marked.
	127	All directories, subdirectories, and the contained files of the mount point
	128	will be monitored.
	129	.TP
b2f8214d AG	130	.BR FAN_MARK_FILESYSTEM " (since Linux 4.20)"
	131	.\" commit d54f4fba889b205e9cd8239182ca5d27d0ac3bc2
	132	Mark the filesystem specified by
	133	.IR pathname .
	134	The filesystem containing
	135	.I pathname
	136	will be marked.
	137	All the contained files and directories of the filesystem from any mount
	138	point will be monitored.
	139	.TP
c200b422 HS	140	.B FAN_MARK_IGNORED_MASK
	141	The events in
	142	.I mask
	143	shall be added to or removed from the ignore mask.
	144	.TP
	145	.B FAN_MARK_IGNORED_SURV_MODIFY
	146	The ignore mask shall survive modify events.
1b24e2ee MK	147	If this flag is not set,
1b24e2ee MK	148	the ignore mask is cleared when a modify event occurs
c200b422 HS	149	for the ignored file or directory.
	150	.PP
	151	.I mask
d4a12c12	152	defines which events shall be listened for (or which shall be ignored).
c200b422 HS	153	It is a bit mask composed of the following values:
	154	.TP
	155	.B FAN_ACCESS
	156	Create an event when a file or directory (but see BUGS) is accessed (read).
	157	.TP
	158	.B FAN_MODIFY
	159	Create an event when a file is modified (write).
	160	.TP
	161	.B FAN_CLOSE_WRITE
	162	Create an event when a writable file is closed.
	163	.TP
	164	.B FAN_CLOSE_NOWRITE
	165	Create an event when a read-only file or directory is closed.
	166	.TP
	167	.B FAN_OPEN
	168	Create an event when a file or directory is opened.
	169	.TP
fd1eb8a7	170	.B FAN_OPEN_EXEC " (since Linux 5.0)"
fc37d2f1	171	Create an event when a file is opened with the intent to be executed.
fd1eb8a7	172	See NOTES for additional details.
fc37d2f1	173	.TP
5d730f86 HS	174	.B FAN_Q_OVERFLOW
	175	Create an event when an overflow of the event queue occurs.
	176	The size of the event queue is limited to 16384 entries if
	177	.B FAN_UNLIMITED_QUEUE
	178	is not set in
	179	.BR fanotify_init (2).
	180	.TP
c200b422 HS	181	.B FAN_OPEN_PERM
	182	Create an event when a permission to open a file or directory is requested.
	183	An fanotify file descriptor created with
	184	.B FAN_CLASS_PRE_CONTENT
	185	or
	186	.B FAN_CLASS_CONTENT
	187	is required.
	188	.TP
fd1eb8a7	189	.BR FAN_OPEN_EXEC_PERM " (since Linux 5.0)"
fc37d2f1 MB	190	Create an event when a permission to open a file for execution is
	191	requested.
	192	An fanotify file descriptor created with
	193	.B FAN_CLASS_PRE_CONTENT
	194	or
	195	.B FAN_CLASS_CONTENT
	196	is required.
fd1eb8a7	197	See NOTES for additional details.
fc37d2f1	198	.TP
c200b422 HS	199	.B FAN_ACCESS_PERM
	200	Create an event when a permission to read a file or directory is requested.
	201	An fanotify file descriptor created with
	202	.B FAN_CLASS_PRE_CONTENT
	203	or
	204	.B FAN_CLASS_CONTENT
	205	is required.
	206	.TP
	207	.B FAN_ONDIR
d4a12c12	208	Create events for directories\(emfor example, when
834e5597 MK	209	.BR opendir (3),
834e5597 MK	210	.BR readdir (3)
c200b422	211	(but see BUGS), and
834e5597	212	.BR closedir (3)
c200b422	213	are called.
57f87a2c	214	Without this flag, only events for files are created.
c200b422 HS	215	.TP
	216	.B FAN_EVENT_ON_CHILD
	217	Events for the immediate children of marked directories shall be created.
b2f8214d	218	The flag has no effect when marking mounts and filesystems.
c200b422 HS	219	Note that events are not generated for children of the subdirectories
	220	of marked directories.
	221	To monitor complete directory trees it is necessary to mark the relevant
	222	mount.
	223	.PP
	224	The following composed value is defined:
	225	.TP
	226	.B FAN_CLOSE
	227	A file is closed
	228	.RB ( FAN_CLOSE_WRITE \| FAN_CLOSE_NOWRITE ).
	229	.PP
	230	The filesystem object to be marked is determined by the file descriptor
	231	.I dirfd
	232	and the pathname specified in
	233	.IR pathname :
	234	.IP * 3
	235	If
	236	.I pathname
	237	is NULL,
	238	.I dirfd
	239	defines the filesystem object to be marked.
	240	.IP *
	241	If
	242	.I pathname
	243	is NULL, and
	244	.I dirfd
	245	takes the special value
	246	.BR AT_FDCWD ,
	247	the current working directory is to be marked.
	248	.IP *
	249	If
	250	.I pathname
	251	is absolute, it defines the filesystem object to be marked, and
	252	.I dirfd
	253	is ignored.
	254	.IP *
	255	If
	256	.I pathname
	257	is relative, and
	258	.I dirfd
	259	does not have the value
	260	.BR AT_FDCWD ,
	261	then the filesystem object to be marked is determined by interpreting
	262	.I pathname
	263	relative the directory referred to by
	264	.IR dirfd .
	265	.IP *
	266	If
	267	.I pathname
	268	is relative, and
	269	.I dirfd
	270	has the value
9fdb563e	271	.BR AT_FDCWD ,
c200b422 HS	272	then the filesystem object to be marked is determined by interpreting
	273	.I pathname
	274	relative the current working directory.
	275	.SH RETURN VALUE
	276	On success,
	277	.BR fanotify_mark ()
	278	returns 0.
b3470de1	279	On error, \-1 is returned, and
c200b422 HS	280	.I errno
	281	is set to indicate the error.
	282	.SH ERRORS
	283	.TP
	284	.B EBADF
	285	An invalid file descriptor was passed in
	286	.IR fanotify_fd .
	287	.TP
	288	.B EINVAL
	289	An invalid value was passed in
	290	.IR flags
	291	or
	292	.IR mask ,
	293	or
	294	.I fanotify_fd
	295	was not an fanotify file descriptor.
	296	.TP
	297	.B EINVAL
	298	The fanotify file descriptor was opened with
	299	.B FAN_CLASS_NOTIF
	300	and mask contains a flag for permission events
	301	.RB ( FAN_OPEN_PERM
	302	or
	303	.BR FAN_ACCESS_PERM ).
	304	.TP
	305	.B ENOENT
	306	The filesystem object indicated by
	307	.IR dirfd
	308	and
	309	.IR pathname
	310	does not exist.
1b24e2ee MK	311	This error also occurs when trying to remove a mark from an object
1b24e2ee MK	312	which is not marked.
c200b422 HS	313	.TP
	314	.B ENOMEM
	315	The necessary memory could not be allocated.
	316	.TP
	317	.B ENOSPC
d4a12c12	318	The number of marks exceeds the limit of 8192 and the
c200b422	319	.B FAN_UNLIMITED_MARKS
d4a12c12	320	flag was not specified when the fanotify file descriptor was created with
c200b422 HS	321	.BR fanotify_init (2).
c200b422 HS	322	.TP
89ba4cc2 MK	323	.B ENOSYS
89ba4cc2 MK	324	This kernel does not implement
ffb30e75	325	.BR fanotify_mark ().
d4a12c12 MK	326	The fanotify API is available only if the kernel was configured with
d4a12c12 MK	327	.BR CONFIG_FANOTIFY .
89ba4cc2	328	.TP
c200b422 HS	329	.B ENOTDIR
	330	.I flags
	331	contains
	332	.BR FAN_MARK_ONLYDIR ,
	333	and
	334	.I dirfd
	335	and
	336	.I pathname
	337	do not specify a directory.
	338	.SH VERSIONS
	339	.BR fanotify_mark ()
	340	was introduced in version 2.6.36 of the Linux kernel and enabled in version
	341	2.6.37.
	342	.SH CONFORMING TO
	343	This system call is Linux-specific.
fc37d2f1	344	.SH NOTES
fd1eb8a7	345	.SS FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM
fc37d2f1 MB	346	When using either
	347	.B FAN_OPEN_EXEC
	348	or
	349	.B FAN_OPEN_EXEC_PERM
	350	within the
	351	.IR mask ,
fd1eb8a7	352	events of these types will be returned only when the direct execution of a
fc37d2f1	353	program occurs.
fd1eb8a7 MK	354	More specifically, this means that events of these types will be generated
	355	for files that are opened using
	356	.BR execve (2),
	357	.BR execveat (2),
fc37d2f1	358	or
fd1eb8a7	359	.BR uselib (2).
fc37d2f1	360	Events of these types will not be raised in the situation where an
6474f351	361	interpreter is passed (or reads) a script file for interpretation.
fc37d2f1 MB	362	.PP
fc37d2f1 MB	363	Additionally, if a mark has also been placed on the Linux dynamic
fd1eb8a7 MK	364	linker, a user should also expect to receive an event for it when
	365	an ELF object has been successfully opened using
	366	.BR execve (2)
fc37d2f1	367	or
fd1eb8a7	368	.BR execveat (2).
fc37d2f1 MB	369	.PP
	370	For example, if the following ELF binary were to be invoked and a
	371	.BR FAN_OPEN_EXEC
	372	mark has been placed on /:
	373	.PP
fd1eb8a7	374	.in +4n
fc37d2f1	375	.EX
fd1eb8a7	376	$ /bin/echo foo
fc37d2f1	377	.EE
fd1eb8a7	378	.in
fc37d2f1	379	.PP
fd1eb8a7	380	The listening application in this case would receive
fc37d2f1	381	.BR FAN_OPEN_EXEC
fd1eb8a7	382	events for both the ELF binary and interpreter, respectively:
fc37d2f1	383	.PP
fd1eb8a7	384	.in +4n
fc37d2f1	385	.EX
fd1eb8a7 MK	386	/bin/echo
fd1eb8a7 MK	387	/lib64/ld-linux-x86-64.so.2
fc37d2f1	388	.EE
fd1eb8a7	389	.in
c200b422	390	.SH BUGS
e5209a5a	391	The following bugs were present in Linux kernels before version 3.16:
c200b422	392	.IP * 3
e5209a5a	393	.\" Fixed by commit 0a8dd2db579f7a0ac7033d6b857c3d5dbaa77563
c200b422 HS	394	If
	395	.I flags
	396	contains
	397	.BR FAN_MARK_FLUSH ,
2335e402	398	.I dirfd
c200b422 HS	399	and
c200b422 HS	400	.I pathname
4ac7d313	401	must specify a valid filesystem object, even though this object is not used.
c200b422	402	.IP *
e5209a5a	403	.\" Fixed by commit d4c7cf6cffb1bc711a833b5e304ba5bcfe76398b
c200b422	404	.BR readdir (2)
97ef170a	405	does not generate a
c200b422 HS	406	.B FAN_ACCESS
	407	event.
	408	.IP *
e5209a5a	409	.\" Fixed by commit cc299a98eb13a9853675a9cbb90b30b4011e1406
c200b422	410	If
bf7bc8b8	411	.BR fanotify_mark ()
c200b422	412	is called with
f2f50fed	413	.BR FAN_MARK_FLUSH ,
c200b422 HS	414	.I flags
	415	is not checked for invalid values.
	416	.SH SEE ALSO
	417	.BR fanotify_init (2),
	418	.BR fanotify (7)