How to Program for Linux's New 'Fanotify' File System Monitoring Feature

fanotify: is it possible to monitor whole filesystem and write few logs/config in monitored filesystem by same process?

That's an infinite loop!

Consider you get a notification (due to some external change) and want to write that to the same filesystem. So, it would generate another notification (due to the logging). you want to write the new notification. That leads to another notification. So that is an endless loop.

You shuold use another mounted filesystem for logging or monitor only a specific path.

How to tell which path a fanotify event refers to

You can use readlink on /proc/self/fd/<fdnum>, where fdnum refers to the fd member of the struct fanotify_event_metadata for the event.

How to monitor a complete directory tree for changes in Linux?

To my knowledge, there's no other way than recursively setting an inotify watch on each directory.

That said, you won't run out of file descriptors because inotify does not have to reserve an fd to watch a file or a directory (its predecessor, dnotify, did suffer from this limitation). inotify uses "watch descriptors" instead.

According to the documentation for inotifywatch, the default limit is 8192 watch descriptors, and you can increase it by writing the new value to /proc/sys/fs/inotify/max_user_watches.

---

Related Topics