Posted Jul 2, 2009 14:21 UTC (Thu) by eparis (subscriber, #33060)
Parent article: The fanotify API
It's not just for anti-malware snake oil vendors. Userspace indexers seem interested, the readahead process to profile boot operation is interested, along with some storage management techniques, which you describe.
"FAN_EVENT_ON_CHILD: the caller is interested in events on full directory hierarchies."
It's only for the children of the inode in question. So marking /tmp/dir will tell you about /tmp/dir/file, but not about /tmp/dir/subdir/file. So it still has that same PITA problem of watching a complete directory tree as inotify.
"If the FAN_GLOBAL_LISTENER option was provided at bind time, then all files are "marked" at the outset; FANOTIFY_REMOVE_MARK can be used to prune those which are not interesting;"
Not quite true, if FAN_GLOBAL_LISTENER is provided at bind time then all file events matching the mask provided at bind time will be sent to the listener. FANOTIFY_SET_MARK using the ignored_mask field is used to stop notification about events.