fanotify and LSM path hooks
viro at zeniv.linux.org.uk
Sun Apr 14 19:26:01 UTC 2019
On Sun, Apr 14, 2019 at 09:51:38PM +0300, Amir Goldstein wrote:
> But the truth is I would much rather that users have a way to mark
> a subtree root and ask fanotify for events under that subtree.
> As a matter of fact, I have some private POC patches that allow users to
> setup a mark on a "subtree root" dentry, which really marks the super block
> and keep a reference to the dentry. Than every event on that super block
> is filtered with is_subdir() against the marked dentry.
And that is_subdir() is protected by what, exactly? And what happens
if you have many such dentries?
Or, for that matter, what happens if that dentry gets invalidated?
More information about the Linux-security-module-archive