File change notification along with user

rohan puri rohan.puri15 at gmail.com
Wed Oct 12 02:34:50 EDT 2011


On Wed, Oct 12, 2011 at 10:50 AM, V.Ravikumar
<ravikumar.vallabhu at gmail.com>wrote:

> Other than fanotify , I can achieve my requirement through a driver/module.
> If this can be achieved through a driver/module please provide me inputs to
> start.
>
> Thanks,
> Ravi
>
> On Wed, Sep 21, 2011 at 10:27 AM, rohan puri <rohan.puri15 at gmail.com>wrote:
>
>>
>>
>> On Wed, Sep 21, 2011 at 10:03 AM, V.Ravikumar <
>> ravikumar.vallabhu at gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> Is it possible to write a module/driver which notifies file/directory
>>> change asynchronously along with user name(or with uid) who modified it.
>>>
>>> inotify will do change notification but it will not provide uid who
>>> modified/created the file.
>>>
>>> audit and inotify combination can work, but I'm looking for a better
>>> option than this.
>>>
>>> Please help me.
>>>
>>> Thanks,
>>> Ravi
>>>
>>> _______________________________________________
>>> Kernelnewbies mailing list
>>> Kernelnewbies at kernelnewbies.org
>>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>>>
>>> You can have a look at fanotify.
>>
>> Refer http://lwn.net/Articles/339253/
>>
>> Regards,
>> Rohan Puri
>>
>
> Hi Ravi,

See, first of all if you want to notify file/dir change you need to the
control after the invocation of that i_ops or f_ops. So there are two ways
in which you can do : -

1. Easy & recommended : -

Write a stackable file system module. The aim of this module will be to
intercept vfs-calls on files/dirs & then call the underlying file systems
specific operations. Now after completion of this operation, you would
generate the change event here which will be used to notify.


Note : - stackable file system research work was done by Professor *Erez
Zadok.

*
refer ecryptfs for an example.

2. Complex & not recommended : -

Instead of writing a stackable file system, you hook the mount sys call to
get the control of the fs related structs. Then replace the original i_ops
and f_ops pointer with your own defined ops. save the originals somewhere.
Then when from user-space when some change operation is called, internally
your ops will be called and now you call the original stored one and
contruct the notification events

3. See if the module making use of LSM infrastructure will be able to do
this or not.

Regards,
Rohan Puri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20111012/9a024acc/attachment.html 


More information about the Kernelnewbies mailing list