Bug 215676
| Summary: | fanotify Ignoring/Excluding a Directory not working with FAN_MARK_MOUNT | ||
|---|---|---|---|
| Product: | File System | Reporter: | Srinivas (talkwithsrinivas) |
| Component: | VFS | Assignee: | fs_vfs |
| Status: | RESOLVED ANSWERED | ||
| Severity: | high | CC: | jack, talkwithsrinivas |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 5.11.0-27 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: | Test program to show directory exclusion not working | ||
This is the expected behavior, although there are workarounds and possible future improvements. More details in the email thread here: https://lore.kernel.org/all/CAOQ4uxiDubhONM3w502anndtbqy73q_Kt5bOQ07zbATb8ndvVA@mail.gmail.com Closing the bug as things are working as expected. We are working with Amir on implementing some scheme that would allow this feature to work... |
Created attachment 300557 [details] Test program to show directory exclusion not working If a process calls fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_MOUNT, FAN_OPEN_PERM, 0, "/mountpoint") no other directory exclusions can be applied. However a path (file) exclusion can still be applied using fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_IGNORED_MASK | FAN_MARK_IGNORED_SURV_MODIFY, FAN_OPEN_PERM | FAN_CLOSE_WRITE, AT_FDCWD, "/tmp/fio/abc"); ===> path exclusion that works. I think the directory exclusion not working is a bug as otherwise AV solutions cant exclude directories when using FAN_MARK_MOUNT. I believe the change should be simple since we are already supporting path exclusions. So we should be able to add the same for the directory inode.