мониторинг событий файловой системы (monitoring filesystem events)
Примечание (Note)
The fanotify API is available only if the kernel was built with
the CONFIG_FANOTIFY configuration option enabled. In addition,
fanotify permission handling is available only if the
CONFIG_FANOTIFY_ACCESS_PERMISSIONS configuration option is
enabled.
Limitations and caveats
Fanotify reports only events that a user-space program triggers
through the filesystem API. As a result, it does not catch
remote events that occur on network filesystems.
The fanotify API does not report file accesses and modifications
that may occur because of mmap(2), msync(2), and munmap(2).
Events for directories are created only if the directory itself
is opened, read, and closed. Adding, removing, or changing
children of a marked directory does not create events for the
monitored directory itself.
Fanotify monitoring of directories is not recursive: to monitor
subdirectories under a directory, additional marks must be
created. The FAN_CREATE event can be used for detecting when a
subdirectory has been created under a marked directory. An
additional mark must then be set on the newly created
subdirectory. This approach is racy, because it can lose events
that occurred inside the newly created subdirectory, before a
mark is added on that subdirectory. Monitoring mounts offers the
capability to monitor a whole directory tree in a race-free
manner. Monitoring filesystems offers the capability to monitor
changes made from any mount of a filesystem instance in a race-
free manner.
The event queue can overflow. In this case, events are lost.
