9e66e4233d
This is the backend work needed for fanotify to support the new FS_OPEN_PERM and FS_ACCESS_PERM fsnotify events. This is done using the new fsnotify secondary queue. No userspace interface is provided actually respond to or request these events. Signed-off-by: Eric Paris <eparis@redhat.com>
27 lines
870 B
Plaintext
27 lines
870 B
Plaintext
config FANOTIFY
|
|
bool "Filesystem wide access notification"
|
|
select FSNOTIFY
|
|
select ANON_INODES
|
|
default y
|
|
---help---
|
|
Say Y here to enable fanotify suport. fanotify is a file access
|
|
notification system which differs from inotify in that it sends
|
|
and open file descriptor to the userspace listener along with
|
|
the event.
|
|
|
|
If unsure, say Y.
|
|
|
|
config FANOTIFY_ACCESS_PERMISSIONS
|
|
bool "fanotify permissions checking"
|
|
depends on FANOTIFY
|
|
depends on SECURITY
|
|
default n
|
|
---help---
|
|
Say Y here is you want fanotify listeners to be able to make permissions
|
|
decisions concerning filesystem events. This is used by some fanotify
|
|
listeners which need to scan files before allowing the system access to
|
|
use those files. This is used by some anti-malware vendors and by some
|
|
hierarchical storage managent systems.
|
|
|
|
If unsure, say N.
|