Created attachment 300557 [details] Test program to show directory exclusion not working If a process calls fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_MOUNT, FAN_OPEN_PERM, 0, "/mountpoint") no other directory exclusions can be applied. However a path (file) exclusion can still be applied using fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_IGNORED_MASK | FAN_MARK_IGNORED_SURV_MODIFY, FAN_OPEN_PERM | FAN_CLOSE_WRITE, AT_FDCWD, "/tmp/fio/abc"); ===> path exclusion that works. I think the directory exclusion not working is a bug as otherwise AV solutions cant exclude directories when using FAN_MARK_MOUNT. I believe the change should be simple since we are already supporting path exclusions. So we should be able to add the same for the directory inode.
This is the expected behavior, although there are workarounds and possible future improvements. More details in the email thread here: https://lore.kernel.org/all/CAOQ4uxiDubhONM3w502anndtbqy73q_Kt5bOQ07zbATb8ndvVA@mail.gmail.com
Closing the bug as things are working as expected. We are working with Amir on implementing some scheme that would allow this feature to work...