FANOTIFY_INIT(2) | Linux Programmer's Manual | FANOTIFY_INIT(2) |
fanotify_init - create and initialize fanotify group
#include <fcntl.h>
#include <sys/fanotify.h>
int fanotify_init(unsigned int flags, unsigned int event_f_flags);
For an overview of the fanotify API, see fanotify(7).
fanotify_init() initializes a new fanotify group and returns a file descriptor for the event queue associated with the group.
The file descriptor is used in calls to fanotify_mark(2) to specify the files, directories, and mounts for which fanotify events shall be created. These events are received by reading from the file descriptor. Some events are only informative, indicating that a file has been accessed. Other events can be used to determine whether another application is permitted to access a file or directory. Permission to access filesystem objects is granted by writing to the file descriptor.
Multiple programs may be using the fanotify interface at the same time to monitor the same files.
In the current implementation, the number of fanotify groups per user is limited to 128. This limit cannot be overridden.
Calling fanotify_init() requires the CAP_SYS_ADMIN capability. This constraint might be relaxed in future versions of the API. Therefore, certain additional capability checks have been implemented as indicated below.
The flags argument contains a multi-bit field defining the notification class of the listening application and further single bit fields specifying the behavior of the file descriptor.
If multiple listeners for permission events exist, the notification class is used to establish the sequence in which the listeners receive the events.
Only one of the following notification classes may be specified in flags:
Listeners with different notification classes will receive events in the order FAN_CLASS_PRE_CONTENT, FAN_CLASS_CONTENT, FAN_CLASS_NOTIF. The order of notification for listeners in the same notification class is undefined.
The following bits can additionally be set in flags:
The event_f_flags argument defines the file status flags that will be set on the open file descriptions that are created for fanotify events. For details of these flags, see the description of the flags values in open(2). event_f_flags includes a multi-bit field for the access mode. This field can take the following values:
Additional bits can be set in event_f_flags. The most useful values are:
The following are also allowable: O_APPEND, O_DSYNC, O_NOATIME, O_NONBLOCK, and O_SYNC. Specifying any other flag in event_f_flags yields the error EINVAL (but see BUGS).
On success, fanotify_init() returns a new file descriptor. On error, -1 is returned, and errno is set to indicate the error.
fanotify_init() was introduced in version 2.6.36 of the Linux kernel and enabled in version 2.6.37.
This system call is Linux-specific.
The following bug was present in Linux kernels before version 3.18:
The following bug was present in Linux kernels before version 3.14:
This page is part of release 4.16 of the Linux man-pages project. A description of the project, information about reporting bugs, and the latest version of this page, can be found at https://www.kernel.org/doc/man-pages/.
2017-09-15 | Linux |