A use case you mentioned is exactly why I'm interested in fanotify. I tried very hard to make inotify work for this purpose but could not get the information I needed (scan and parse /proc) in time (the event would be gone by the time I got around to finding it). The problem is, inotify simply didn't provide the pid of the process who triggered the event.
I am excited about fanotify and found out about it just in time. I want to thank Eric and the other guys who put in the work and provided the capabilities.
I'm going to try to use fanotify to help tune a Linux installation based on what software is actually being used. There is a tool out there like this called popcon, but it is difficult to get proper precision based on atime accesses.
Currently, I'm only interested in OPEN events and don't yet care about blocking events. So, this will work just fine.
The reason I mentioned all of this is because I'm under the impression the tool I need doesn't exist. So I'm off to try to make it. If anybody knows of something already completed, please stop me now! :) -jeff wicks