https://stackoverflow.com/questions/16382839
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDid you look at the virus scanner stuff? Ie, Fanotify, also fsnotify and hooked to dnotify and inotify. This depends on kernel version; present in some form since approximately 2.6.36 (early 2011).
Some kernel files,
Lwn.net links,
Reading File System Events from Linux Kernel without Inotify
-
14-04-2022 - |
Domanda
In Linux to read File System Events, most of us use Inotify which is really a Good One. But it has it's limitations. I have to keep track of all the directories i have to watch and get a inotify descriptor for each and every directory. Let's say i want to monitor my Whole System and it has about 10 million directories. Listing and queuing them for inotify API itself would take hours. It would eat a lot of memory also. And i certainly can't watch directories more than that specified in max_user_watches in /etc/syscntl.conf or /proc/sys/fs/inotify/max_user_watches .
But we know that each and every file system event is monitored by Kernel and we use inotify API to register for a certain directory modifications. But how do i read fs events directly from kernel without API ..? [ In Mac OS X, i can read from /dev/fsevents , likewise if i can read from /proc or something like that, it would be great]. I'm ready to write a Kernel Module too, but please share some light on this.
Soluzione
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
