мониторинг событий файловой системы (monitoring filesystem events)
Ошибки (баги) (Bugs)
Before Linux 3.19, fallocate(2) did not generate fanotify events.
Since Linux 3.19, calls to fallocate(2) generate FAN_MODIFY
events.
As of Linux 3.17, the following bugs exist:
* On Linux, a filesystem object may be accessible through
multiple paths, for example, a part of a filesystem may be
remounted using the --bind option of mount(8). A listener
that marked a mount will be notified only of events that were
triggered for a filesystem object using the same mount. Any
other event will pass unnoticed.
* When an event is generated, no check is made to see whether
the user ID of the receiving process has authorization to read
or write the file before passing a file descriptor for that
file. This poses a security risk, when the CAP_SYS_ADMIN
capability is set for programs executed by unprivileged users.
* If a call to read(2) processes multiple events from the
fanotify queue and an error occurs, the return value will be
the total length of the events successfully copied to the
user-space buffer before the error occurred. The return value
will not be -1, and errno will not be set. Thus, the reading
application has no way to detect the error.
