| From: |
| Amir Goldstein <amir73il-AT-gmail.com> |
| To: |
| Jan Kara <jack-AT-suse.cz> |
| Subject: |
| [PATCH v2 00/10] fanotify namespace monitoring |
| Date: |
| Fri, 24 Apr 2026 19:04:53 +0200 |
| Message-ID: |
| <20260424170503.2096847-1-amir73il@gmail.com> |
| Cc: |
| Christian Brauner <brauner-AT-kernel.org>, linux-fsdevel-AT-vger.kernel.org |
| Archive-link: |
| Article |
Jan,
Following your feedback from v1 [1] review, I've made the changes
to clear the way for reusing the fs watcher event bits for ns watcher
event bits.
The terminology of "ns watcher" vs. "ns events" is a little confusing:
- "ns watcher" group can place mark on ns objects with
mntns/userns marks
- The events that can be requested by ns watcher are
mount (tree monitoring) and ns (tree monitoring) events
- We could imagine requesting all mount events of all mntns owned
by a specific userns, but this was not implemented
- "fs watcher" group can place mark on fs objects with
inode/mnt/sb marks
- The events that can be requested by fs watcher are
fs (monitoring, permission and pre-content) events
To simplify the implementation, the event flags (ON_CHILD, ISDIR)
live in a shared space that cannot be overloaded by neither group types.
This is not because ISDIR makes sense for ns watcher, just to reduce the
number of gates in common code. ON_CHILD flag might be usable for ns
watchers, not sure.
Thanks,
Amir.
Changes since v1:
- Introduce group type and gates
- FAN_NS_CREATE/FAN_NS_DELETE overload FAN_CREATE/FAN_DELETE in uapi
instead of using high 32bit
[1] https://lore.kernel.org/linux-fsdevel/20260307110550.3737...
Amir Goldstein (10):
fsnotify: rename fsnotify group flag macros
fsnotify: introduce fsnotify group types
fsnotify: separate the events bitmask macros by group type
fanotify: test event->type instead of event mask when possible
fsnotify: do not report mount events with fsnotify()
fanotify: gate fs event classification by group type
fanotify: gate fs events checks in fanotify_mark() by group type
fanotify: add support for watching the namespaces tree
selftests/filesystems: create fanotify test dir
selftests/filesystems: add fanotify namespace notifications test
fs/notify/fanotify/fanotify.c | 141 ++++++--
fs/notify/fanotify/fanotify.h | 62 +++-
fs/notify/fanotify/fanotify_user.c | 218 +++++++++---
fs/notify/fdinfo.c | 9 +-
fs/notify/fsnotify.c | 123 +++++--
fs/notify/fsnotify.h | 12 +
fs/notify/group.c | 14 +-
fs/notify/inotify/inotify_user.c | 2 +-
fs/notify/mark.c | 9 +-
fs/nsfs.c | 21 ++
include/linux/fanotify.h | 40 ++-
include/linux/fsnotify.h | 5 +
include/linux/fsnotify_backend.h | 108 ++++--
include/linux/proc_fs.h | 2 +
include/linux/user_namespace.h | 6 +
include/uapi/linux/fanotify.h | 37 +-
kernel/audit_fsnotify.c | 2 +-
kernel/nscommon.c | 47 +++
kernel/user_namespace.c | 2 +
tools/include/uapi/linux/fanotify.h | 37 +-
tools/testing/selftests/Makefile | 2 +-
.../{mount-notify => fanotify}/.gitignore | 0
.../{mount-notify => fanotify}/Makefile | 3 +-
.../mount-notify_test.c | 0
.../mount-notify_test_ns.c | 0
.../filesystems/fanotify/ns-notify_test.c | 330 ++++++++++++++++++
26 files changed, 1045 insertions(+), 187 deletions(-)
rename tools/testing/selftests/filesystems/{mount-notify => fanotify}/.gitignore (100%)
rename tools/testing/selftests/filesystems/{mount-notify => fanotify}/Makefile (67%)
rename tools/testing/selftests/filesystems/{mount-notify => fanotify}/mount-notify_test.c (100%)
rename tools/testing/selftests/filesystems/{mount-notify => fanotify}/mount-notify_test_ns.c (100%)
create mode 100644 tools/testing/selftests/filesystems/fanotify/ns-notify_test.c
--
2.54.0
