2017-11-01 14:08:43 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
|
2012-10-13 09:46:48 +00:00
|
|
|
#ifndef _UAPI_LINUX_FANOTIFY_H
|
|
|
|
#define _UAPI_LINUX_FANOTIFY_H
|
|
|
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
|
|
|
/* the following events that user-space can register for */
|
|
|
|
#define FAN_ACCESS 0x00000001 /* File was accessed */
|
|
|
|
#define FAN_MODIFY 0x00000002 /* File was modified */
|
2019-01-10 17:04:43 +00:00
|
|
|
#define FAN_ATTRIB 0x00000004 /* Metadata changed */
|
2012-10-13 09:46:48 +00:00
|
|
|
#define FAN_CLOSE_WRITE 0x00000008 /* Writtable file closed */
|
|
|
|
#define FAN_CLOSE_NOWRITE 0x00000010 /* Unwrittable file closed */
|
|
|
|
#define FAN_OPEN 0x00000020 /* File was opened */
|
2019-01-10 17:04:43 +00:00
|
|
|
#define FAN_MOVED_FROM 0x00000040 /* File was moved from X */
|
|
|
|
#define FAN_MOVED_TO 0x00000080 /* File was moved to Y */
|
|
|
|
#define FAN_CREATE 0x00000100 /* Subfile was created */
|
|
|
|
#define FAN_DELETE 0x00000200 /* Subfile was deleted */
|
|
|
|
#define FAN_DELETE_SELF 0x00000400 /* Self was deleted */
|
|
|
|
#define FAN_MOVE_SELF 0x00000800 /* Self was moved */
|
2018-11-08 03:07:14 +00:00
|
|
|
#define FAN_OPEN_EXEC 0x00001000 /* File was opened for exec */
|
2012-10-13 09:46:48 +00:00
|
|
|
|
|
|
|
#define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */
|
2021-10-25 19:27:33 +00:00
|
|
|
#define FAN_FS_ERROR 0x00008000 /* Filesystem error */
|
2012-10-13 09:46:48 +00:00
|
|
|
|
|
|
|
#define FAN_OPEN_PERM 0x00010000 /* File open in perm check */
|
|
|
|
#define FAN_ACCESS_PERM 0x00020000 /* File accessed in perm check */
|
2018-11-08 03:12:44 +00:00
|
|
|
#define FAN_OPEN_EXEC_PERM 0x00040000 /* File open/exec in perm check */
|
2012-10-13 09:46:48 +00:00
|
|
|
|
2020-03-19 15:10:09 +00:00
|
|
|
#define FAN_EVENT_ON_CHILD 0x08000000 /* Interested in child events */
|
2012-10-13 09:46:48 +00:00
|
|
|
|
2021-11-29 20:15:34 +00:00
|
|
|
#define FAN_RENAME 0x10000000 /* File was renamed */
|
|
|
|
|
2020-03-19 15:10:09 +00:00
|
|
|
#define FAN_ONDIR 0x40000000 /* Event occurred against dir */
|
2012-10-13 09:46:48 +00:00
|
|
|
|
|
|
|
/* helper events */
|
|
|
|
#define FAN_CLOSE (FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE) /* close */
|
2019-01-10 17:04:43 +00:00
|
|
|
#define FAN_MOVE (FAN_MOVED_FROM | FAN_MOVED_TO) /* moves */
|
2012-10-13 09:46:48 +00:00
|
|
|
|
|
|
|
/* flags used for fanotify_init() */
|
|
|
|
#define FAN_CLOEXEC 0x00000001
|
|
|
|
#define FAN_NONBLOCK 0x00000002
|
|
|
|
|
2018-09-01 07:41:13 +00:00
|
|
|
/* These are NOT bitwise flags. Both bits are used together. */
|
2012-10-13 09:46:48 +00:00
|
|
|
#define FAN_CLASS_NOTIF 0x00000000
|
|
|
|
#define FAN_CLASS_CONTENT 0x00000004
|
|
|
|
#define FAN_CLASS_PRE_CONTENT 0x00000008
|
2018-10-03 21:25:35 +00:00
|
|
|
|
|
|
|
/* Deprecated - do not use this in programs and do not add new flags here! */
|
2012-10-13 09:46:48 +00:00
|
|
|
#define FAN_ALL_CLASS_BITS (FAN_CLASS_NOTIF | FAN_CLASS_CONTENT | \
|
|
|
|
FAN_CLASS_PRE_CONTENT)
|
|
|
|
|
|
|
|
#define FAN_UNLIMITED_QUEUE 0x00000010
|
|
|
|
#define FAN_UNLIMITED_MARKS 0x00000020
|
2017-10-03 00:21:39 +00:00
|
|
|
#define FAN_ENABLE_AUDIT 0x00000040
|
2012-10-13 09:46:48 +00:00
|
|
|
|
2018-10-03 21:25:38 +00:00
|
|
|
/* Flags to determine fanotify event format */
|
2021-08-08 05:26:25 +00:00
|
|
|
#define FAN_REPORT_PIDFD 0x00000080 /* Report pidfd for event->pid */
|
2018-10-03 21:25:38 +00:00
|
|
|
#define FAN_REPORT_TID 0x00000100 /* event->pid is thread id */
|
2019-01-10 17:04:34 +00:00
|
|
|
#define FAN_REPORT_FID 0x00000200 /* Report unique file id */
|
2020-07-16 08:42:26 +00:00
|
|
|
#define FAN_REPORT_DIR_FID 0x00000400 /* Report unique directory id */
|
2020-07-16 08:42:28 +00:00
|
|
|
#define FAN_REPORT_NAME 0x00000800 /* Report events with name */
|
2021-11-29 20:15:29 +00:00
|
|
|
#define FAN_REPORT_TARGET_FID 0x00001000 /* Report dirent target id */
|
2020-07-16 08:42:28 +00:00
|
|
|
|
|
|
|
/* Convenience macro - FAN_REPORT_NAME requires FAN_REPORT_DIR_FID */
|
|
|
|
#define FAN_REPORT_DFID_NAME (FAN_REPORT_DIR_FID | FAN_REPORT_NAME)
|
2021-11-29 20:15:29 +00:00
|
|
|
/* Convenience macro - FAN_REPORT_TARGET_FID requires all other FID flags */
|
|
|
|
#define FAN_REPORT_DFID_NAME_TARGET (FAN_REPORT_DFID_NAME | \
|
|
|
|
FAN_REPORT_FID | FAN_REPORT_TARGET_FID)
|
2018-10-03 21:25:38 +00:00
|
|
|
|
2018-10-03 21:25:35 +00:00
|
|
|
/* Deprecated - do not use this in programs and do not add new flags here! */
|
2012-10-13 09:46:48 +00:00
|
|
|
#define FAN_ALL_INIT_FLAGS (FAN_CLOEXEC | FAN_NONBLOCK | \
|
|
|
|
FAN_ALL_CLASS_BITS | FAN_UNLIMITED_QUEUE |\
|
|
|
|
FAN_UNLIMITED_MARKS)
|
|
|
|
|
|
|
|
/* flags used for fanotify_modify_mark() */
|
|
|
|
#define FAN_MARK_ADD 0x00000001
|
|
|
|
#define FAN_MARK_REMOVE 0x00000002
|
|
|
|
#define FAN_MARK_DONT_FOLLOW 0x00000004
|
|
|
|
#define FAN_MARK_ONLYDIR 0x00000008
|
2018-09-01 07:41:13 +00:00
|
|
|
/* FAN_MARK_MOUNT is 0x00000010 */
|
2012-10-13 09:46:48 +00:00
|
|
|
#define FAN_MARK_IGNORED_MASK 0x00000020
|
|
|
|
#define FAN_MARK_IGNORED_SURV_MODIFY 0x00000040
|
|
|
|
#define FAN_MARK_FLUSH 0x00000080
|
2018-09-01 07:41:13 +00:00
|
|
|
/* FAN_MARK_FILESYSTEM is 0x00000100 */
|
2022-04-22 12:03:25 +00:00
|
|
|
#define FAN_MARK_EVICTABLE 0x00000200
|
2022-06-29 14:42:10 +00:00
|
|
|
/* This bit is mutually exclusive with FAN_MARK_IGNORED_MASK bit */
|
|
|
|
#define FAN_MARK_IGNORE 0x00000400
|
2018-09-01 07:41:13 +00:00
|
|
|
|
|
|
|
/* These are NOT bitwise flags. Both bits can be used togther. */
|
|
|
|
#define FAN_MARK_INODE 0x00000000
|
|
|
|
#define FAN_MARK_MOUNT 0x00000010
|
|
|
|
#define FAN_MARK_FILESYSTEM 0x00000100
|
2012-10-13 09:46:48 +00:00
|
|
|
|
2022-06-29 14:42:10 +00:00
|
|
|
/*
|
|
|
|
* Convenience macro - FAN_MARK_IGNORE requires FAN_MARK_IGNORED_SURV_MODIFY
|
|
|
|
* for non-inode mark types.
|
|
|
|
*/
|
|
|
|
#define FAN_MARK_IGNORE_SURV (FAN_MARK_IGNORE | FAN_MARK_IGNORED_SURV_MODIFY)
|
|
|
|
|
2018-10-03 21:25:35 +00:00
|
|
|
/* Deprecated - do not use this in programs and do not add new flags here! */
|
2012-10-13 09:46:48 +00:00
|
|
|
#define FAN_ALL_MARK_FLAGS (FAN_MARK_ADD |\
|
|
|
|
FAN_MARK_REMOVE |\
|
|
|
|
FAN_MARK_DONT_FOLLOW |\
|
|
|
|
FAN_MARK_ONLYDIR |\
|
2018-10-03 21:25:35 +00:00
|
|
|
FAN_MARK_MOUNT |\
|
2012-10-13 09:46:48 +00:00
|
|
|
FAN_MARK_IGNORED_MASK |\
|
|
|
|
FAN_MARK_IGNORED_SURV_MODIFY |\
|
2018-10-03 21:25:35 +00:00
|
|
|
FAN_MARK_FLUSH)
|
2012-10-13 09:46:48 +00:00
|
|
|
|
2018-10-03 21:25:35 +00:00
|
|
|
/* Deprecated - do not use this in programs and do not add new flags here! */
|
2012-10-13 09:46:48 +00:00
|
|
|
#define FAN_ALL_EVENTS (FAN_ACCESS |\
|
|
|
|
FAN_MODIFY |\
|
|
|
|
FAN_CLOSE |\
|
|
|
|
FAN_OPEN)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* All events which require a permission response from userspace
|
|
|
|
*/
|
2018-10-03 21:25:35 +00:00
|
|
|
/* Deprecated - do not use this in programs and do not add new flags here! */
|
2012-10-13 09:46:48 +00:00
|
|
|
#define FAN_ALL_PERM_EVENTS (FAN_OPEN_PERM |\
|
|
|
|
FAN_ACCESS_PERM)
|
|
|
|
|
2018-10-03 21:25:35 +00:00
|
|
|
/* Deprecated - do not use this in programs and do not add new flags here! */
|
2012-10-13 09:46:48 +00:00
|
|
|
#define FAN_ALL_OUTGOING_EVENTS (FAN_ALL_EVENTS |\
|
|
|
|
FAN_ALL_PERM_EVENTS |\
|
|
|
|
FAN_Q_OVERFLOW)
|
|
|
|
|
|
|
|
#define FANOTIFY_METADATA_VERSION 3
|
|
|
|
|
|
|
|
struct fanotify_event_metadata {
|
|
|
|
__u32 event_len;
|
|
|
|
__u8 vers;
|
|
|
|
__u8 reserved;
|
|
|
|
__u16 metadata_len;
|
|
|
|
__aligned_u64 mask;
|
|
|
|
__s32 fd;
|
|
|
|
__s32 pid;
|
|
|
|
};
|
|
|
|
|
2019-01-10 17:04:35 +00:00
|
|
|
#define FAN_EVENT_INFO_TYPE_FID 1
|
fanotify: report name info for FAN_DIR_MODIFY event
Report event FAN_DIR_MODIFY with name in a variable length record similar
to how fid's are reported. With name info reporting implemented, setting
FAN_DIR_MODIFY in mark mask is now allowed.
When events are reported with name, the reported fid identifies the
directory and the name follows the fid. The info record type for this
event info is FAN_EVENT_INFO_TYPE_DFID_NAME.
For now, all reported events have at most one info record which is
either FAN_EVENT_INFO_TYPE_FID or FAN_EVENT_INFO_TYPE_DFID_NAME (for
FAN_DIR_MODIFY). Later on, events "on child" will report both records.
There are several ways that an application can use this information:
1. When watching a single directory, the name is always relative to
the watched directory, so application need to fstatat(2) the name
relative to the watched directory.
2. When watching a set of directories, the application could keep a map
of dirfd for all watched directories and hash the map by fid obtained
with name_to_handle_at(2). When getting a name event, the fid in the
event info could be used to lookup the base dirfd in the map and then
call fstatat(2) with that dirfd.
3. When watching a filesystem (FAN_MARK_FILESYSTEM) or a large set of
directories, the application could use open_by_handle_at(2) with the fid
in event info to obtain dirfd for the directory where event happened and
call fstatat(2) with this dirfd.
The last option scales better for a large number of watched directories.
The first two options may be available in the future also for non
privileged fanotify watchers, because open_by_handle_at(2) requires
the CAP_DAC_READ_SEARCH capability.
Link: https://lore.kernel.org/r/20200319151022.31456-15-amir73il@gmail.com
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2020-03-19 15:10:22 +00:00
|
|
|
#define FAN_EVENT_INFO_TYPE_DFID_NAME 2
|
2020-07-16 08:42:26 +00:00
|
|
|
#define FAN_EVENT_INFO_TYPE_DFID 3
|
2021-08-08 05:26:25 +00:00
|
|
|
#define FAN_EVENT_INFO_TYPE_PIDFD 4
|
2021-10-25 19:27:42 +00:00
|
|
|
#define FAN_EVENT_INFO_TYPE_ERROR 5
|
2019-01-10 17:04:35 +00:00
|
|
|
|
2021-11-29 20:15:36 +00:00
|
|
|
/* Special info types for FAN_RENAME */
|
|
|
|
#define FAN_EVENT_INFO_TYPE_OLD_DFID_NAME 10
|
|
|
|
/* Reserved for FAN_EVENT_INFO_TYPE_OLD_DFID 11 */
|
|
|
|
#define FAN_EVENT_INFO_TYPE_NEW_DFID_NAME 12
|
|
|
|
/* Reserved for FAN_EVENT_INFO_TYPE_NEW_DFID 13 */
|
|
|
|
|
2019-01-10 17:04:35 +00:00
|
|
|
/* Variable length info record following event metadata */
|
|
|
|
struct fanotify_event_info_header {
|
|
|
|
__u8 info_type;
|
|
|
|
__u8 pad;
|
|
|
|
__u16 len;
|
|
|
|
};
|
|
|
|
|
fanotify: report name info for FAN_DIR_MODIFY event
Report event FAN_DIR_MODIFY with name in a variable length record similar
to how fid's are reported. With name info reporting implemented, setting
FAN_DIR_MODIFY in mark mask is now allowed.
When events are reported with name, the reported fid identifies the
directory and the name follows the fid. The info record type for this
event info is FAN_EVENT_INFO_TYPE_DFID_NAME.
For now, all reported events have at most one info record which is
either FAN_EVENT_INFO_TYPE_FID or FAN_EVENT_INFO_TYPE_DFID_NAME (for
FAN_DIR_MODIFY). Later on, events "on child" will report both records.
There are several ways that an application can use this information:
1. When watching a single directory, the name is always relative to
the watched directory, so application need to fstatat(2) the name
relative to the watched directory.
2. When watching a set of directories, the application could keep a map
of dirfd for all watched directories and hash the map by fid obtained
with name_to_handle_at(2). When getting a name event, the fid in the
event info could be used to lookup the base dirfd in the map and then
call fstatat(2) with that dirfd.
3. When watching a filesystem (FAN_MARK_FILESYSTEM) or a large set of
directories, the application could use open_by_handle_at(2) with the fid
in event info to obtain dirfd for the directory where event happened and
call fstatat(2) with this dirfd.
The last option scales better for a large number of watched directories.
The first two options may be available in the future also for non
privileged fanotify watchers, because open_by_handle_at(2) requires
the CAP_DAC_READ_SEARCH capability.
Link: https://lore.kernel.org/r/20200319151022.31456-15-amir73il@gmail.com
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2020-03-19 15:10:22 +00:00
|
|
|
/*
|
2020-07-16 08:42:26 +00:00
|
|
|
* Unique file identifier info record.
|
|
|
|
* This structure is used for records of types FAN_EVENT_INFO_TYPE_FID,
|
|
|
|
* FAN_EVENT_INFO_TYPE_DFID and FAN_EVENT_INFO_TYPE_DFID_NAME.
|
|
|
|
* For FAN_EVENT_INFO_TYPE_DFID_NAME there is additionally a null terminated
|
|
|
|
* name immediately after the file handle.
|
fanotify: report name info for FAN_DIR_MODIFY event
Report event FAN_DIR_MODIFY with name in a variable length record similar
to how fid's are reported. With name info reporting implemented, setting
FAN_DIR_MODIFY in mark mask is now allowed.
When events are reported with name, the reported fid identifies the
directory and the name follows the fid. The info record type for this
event info is FAN_EVENT_INFO_TYPE_DFID_NAME.
For now, all reported events have at most one info record which is
either FAN_EVENT_INFO_TYPE_FID or FAN_EVENT_INFO_TYPE_DFID_NAME (for
FAN_DIR_MODIFY). Later on, events "on child" will report both records.
There are several ways that an application can use this information:
1. When watching a single directory, the name is always relative to
the watched directory, so application need to fstatat(2) the name
relative to the watched directory.
2. When watching a set of directories, the application could keep a map
of dirfd for all watched directories and hash the map by fid obtained
with name_to_handle_at(2). When getting a name event, the fid in the
event info could be used to lookup the base dirfd in the map and then
call fstatat(2) with that dirfd.
3. When watching a filesystem (FAN_MARK_FILESYSTEM) or a large set of
directories, the application could use open_by_handle_at(2) with the fid
in event info to obtain dirfd for the directory where event happened and
call fstatat(2) with this dirfd.
The last option scales better for a large number of watched directories.
The first two options may be available in the future also for non
privileged fanotify watchers, because open_by_handle_at(2) requires
the CAP_DAC_READ_SEARCH capability.
Link: https://lore.kernel.org/r/20200319151022.31456-15-amir73il@gmail.com
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2020-03-19 15:10:22 +00:00
|
|
|
*/
|
2019-01-10 17:04:35 +00:00
|
|
|
struct fanotify_event_info_fid {
|
|
|
|
struct fanotify_event_info_header hdr;
|
|
|
|
__kernel_fsid_t fsid;
|
|
|
|
/*
|
|
|
|
* Following is an opaque struct file_handle that can be passed as
|
|
|
|
* an argument to open_by_handle_at(2).
|
|
|
|
*/
|
2022-04-07 00:36:51 +00:00
|
|
|
unsigned char handle[];
|
2019-01-10 17:04:35 +00:00
|
|
|
};
|
|
|
|
|
2021-08-08 05:26:25 +00:00
|
|
|
/*
|
|
|
|
* This structure is used for info records of type FAN_EVENT_INFO_TYPE_PIDFD.
|
|
|
|
* It holds a pidfd for the pid that was responsible for generating an event.
|
|
|
|
*/
|
|
|
|
struct fanotify_event_info_pidfd {
|
|
|
|
struct fanotify_event_info_header hdr;
|
|
|
|
__s32 pidfd;
|
|
|
|
};
|
|
|
|
|
2021-10-25 19:27:42 +00:00
|
|
|
struct fanotify_event_info_error {
|
|
|
|
struct fanotify_event_info_header hdr;
|
|
|
|
__s32 error;
|
|
|
|
__u32 error_count;
|
|
|
|
};
|
|
|
|
|
2023-02-03 21:35:15 +00:00
|
|
|
/*
|
|
|
|
* User space may need to record additional information about its decision.
|
|
|
|
* The extra information type records what kind of information is included.
|
|
|
|
* The default is none. We also define an extra information buffer whose
|
|
|
|
* size is determined by the extra information type.
|
|
|
|
*
|
|
|
|
* If the information type is Audit Rule, then the information following
|
|
|
|
* is the rule number that triggered the user space decision that
|
|
|
|
* requires auditing.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define FAN_RESPONSE_INFO_NONE 0
|
|
|
|
#define FAN_RESPONSE_INFO_AUDIT_RULE 1
|
|
|
|
|
2012-10-13 09:46:48 +00:00
|
|
|
struct fanotify_response {
|
|
|
|
__s32 fd;
|
|
|
|
__u32 response;
|
|
|
|
};
|
|
|
|
|
2023-02-03 21:35:15 +00:00
|
|
|
struct fanotify_response_info_header {
|
|
|
|
__u8 type;
|
|
|
|
__u8 pad;
|
|
|
|
__u16 len;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct fanotify_response_info_audit_rule {
|
|
|
|
struct fanotify_response_info_header hdr;
|
|
|
|
__u32 rule_number;
|
|
|
|
__u32 subj_trust;
|
|
|
|
__u32 obj_trust;
|
|
|
|
};
|
|
|
|
|
2012-10-13 09:46:48 +00:00
|
|
|
/* Legit userspace responses to a _PERM event */
|
|
|
|
#define FAN_ALLOW 0x01
|
|
|
|
#define FAN_DENY 0x02
|
2023-02-03 21:35:15 +00:00
|
|
|
#define FAN_AUDIT 0x10 /* Bitmask to create audit record for result */
|
|
|
|
#define FAN_INFO 0x20 /* Bitmask to indicate additional information */
|
2017-10-03 00:21:39 +00:00
|
|
|
|
2012-10-13 09:46:48 +00:00
|
|
|
/* No fd set in event */
|
|
|
|
#define FAN_NOFD -1
|
2021-08-08 05:26:25 +00:00
|
|
|
#define FAN_NOPIDFD FAN_NOFD
|
|
|
|
#define FAN_EPIDFD -2
|
2012-10-13 09:46:48 +00:00
|
|
|
|
|
|
|
/* Helper functions to deal with fanotify_event_metadata buffers */
|
|
|
|
#define FAN_EVENT_METADATA_LEN (sizeof(struct fanotify_event_metadata))
|
|
|
|
|
|
|
|
#define FAN_EVENT_NEXT(meta, len) ((len) -= (meta)->event_len, \
|
|
|
|
(struct fanotify_event_metadata*)(((char *)(meta)) + \
|
|
|
|
(meta)->event_len))
|
|
|
|
|
|
|
|
#define FAN_EVENT_OK(meta, len) ((long)(len) >= (long)FAN_EVENT_METADATA_LEN && \
|
|
|
|
(long)(meta)->event_len >= (long)FAN_EVENT_METADATA_LEN && \
|
|
|
|
(long)(meta)->event_len <= (long)(len))
|
|
|
|
|
|
|
|
#endif /* _UAPI_LINUX_FANOTIFY_H */
|