Tracing file size changes
Christophe Hauser
christophe.hauser at supelec.fr
Sun Aug 14 22:05:20 EDT 2011
On Fri, Aug 12, 2011 at 08:58:41PM -0400, Chris wrote:
> > > Will Inotify help?
> > >
> > > http://en.wikipedia.org/wiki/Inotify
> > > http://www.kernel.org/doc/man-pages/online/pages/man7/inotify.7.html
> > >
> >
> > It is pretty much what I want to do, the problem with it is that it doesn't
> > appear to be recursive.
>
>
> I looked again tonight, and it appears that newer kernels with fanotify are
> able to do this. So the feature is available, just too new to be on my
> servers. Oh, well :P
>
> Thanks for the input. I will probably just end up doing what I can with
> ld_preload.
>
> Chris
Hi Chris,
I'm not sure whether that would help or not, but you could also do it in
kernel space using LSM (if you don't already use another LSM module).
With the file_security hook, you can track any changes on files and
store information in the extended attributes of the filesystem for
example. This might be a bit more flexible than a system wide
ld_preload.
My two cents.
--
Christophe
More information about the Kernelnewbies
mailing list