Fix Event API (#4)

Cleanup Watch API
Fix broken event watcher (flags were incorrect)
Add validation to check mark flags and mask
Clean up code

Author: opcoder0

fanotify_api.go

@@ -21,6 +21,9 @@ var (
 	ErrUnsupportedOnKernelVersion = errors.New("feature unsupported on current kernel version")
 )
 
+// Action represents an event / operation on a particular file/directory
+type Action uint64
+
 // Event represents a notification from the kernel for the file, directory
 // or a filesystem marked for watching.
 type Event struct {
@@ -33,7 +36,9 @@ type Event struct {
 	// only with kernels 5.9 or higher.
 	FileName string
 	// Mask holds bit mask representing the operation
-	Mask uint64
+	Mask Action
+	// Pid Process ID of the process that caused the event
+	Pid int32
 }
 
 // Listener represents a fanotify notification group that holds a list of files,
@@ -144,52 +149,23 @@ func (l *Listener) Stop() {
 	close(l.Events)
 }
 
-// AddDir adds the specified directory to listener's watch
-// list. If `dir` is not a directory then an error is returned.
-// If `dir` is a symbolic link the link is followed.
-func (l *Listener) AddDir(dir string, events uint64) error {
-	var flags uint
-	flags = unix.FAN_MARK_ADD | unix.FAN_MARK_ONLYDIR
-	return l.fanotifyMark(dir, flags, events, false)
-}
-
-// RemoveDir removes the specified directory from the listener's
-// watch list.
-func (l *Listener) RemoveDir(dir string, events uint64) error {
-	var flags uint
-	flags = unix.FAN_MARK_REMOVE | unix.FAN_MARK_ONLYDIR
-	return l.fanotifyMark(dir, flags, events, true)
-}
-
-// AddLink adds the specified symbolic link to the listener's watch list. The link
-// is not followed. The link itself is marked for watching.
-func (l *Listener) AddLink(linkName string, events uint64) error {
-	var flags uint
-	flags = unix.FAN_MARK_ADD | unix.FAN_MARK_DONT_FOLLOW
-	return l.fanotifyMark(linkName, flags, events, false)
-}
-
-// RemoveLink removes the specified symbolic link from the listener's watch list.
-func (l *Listener) RemoveLink(linkName string, events uint64) error {
-	var flags uint
-	flags = unix.FAN_MARK_REMOVE | unix.FAN_MARK_DONT_FOLLOW
-	return l.fanotifyMark(linkName, flags, events, true)
+// AddWatch watches parent directory for specified actions
+func (l *Listener) AddWatch(parentDir string, action Action) error {
+	return l.fanotifyMark(parentDir, unix.FAN_MARK_ADD, uint64(action|unix.FAN_EVENT_ON_CHILD), false)
 }
 
-// AddPath adds the specified path name (file or directory) to the listener's
-// watch list.
-func (l *Listener) AddPath(path string, events uint64) error {
-	return l.fanotifyMark(path, unix.FAN_MARK_ADD, events, false)
+// DeleteWatch stops watching the parent directory for the specified action
+func (l *Listener) DeleteWatch(parentDir string, action Action) error {
+	return l.fanotifyMark(parentDir, unix.FAN_MARK_REMOVE, uint64(action|unix.FAN_EVENT_ON_CHILD), false)
 }
 
-// RemovePath removes the specified path name (file or directory) from the
-// listener's watch list.
-func (l *Listener) RemovePath(path string, events uint64) error {
-	return l.fanotifyMark(path, unix.FAN_MARK_REMOVE, events, true)
+// WatchMountPoint watches the entire mount point for specified actions
+func (l *Listener) WatchMountPoint(action Action) error {
+	return l.fanotifyMark(l.mountpoint.Name(), unix.FAN_MARK_ADD|unix.FAN_MARK_MOUNT, uint64(action), false)
 }
 
-// RemoveAll removes all the watch elements from the listener.
-func (l *Listener) RemoveAll() error {
+// ClearWatch stops watching for all actions
+func (l *Listener) ClearWatch() error {
 	if l == nil {
 		return ErrNilListener
 	}

fanotify_event.go

@@ -93,21 +93,37 @@ func flagsValid(flags uint) error {
 	return nil
 }
 
-// Check if specified flags are supported for the given
+func fanotifyMarkMaskValid(mask uint64) error {
+	isSet := func(n, k uint64) bool {
+		return n&k == k
+	}
+	if isSet(mask, unix.FAN_MARK_MOUNT) && (isSet(mask, unix.FAN_CREATE) || isSet(mask, unix.FAN_ATTRIB) || isSet(mask, unix.FAN_MOVE) || isSet(mask, unix.FAN_DELETE_SELF)) {
+		return errors.New("mountpoint cannot be watched for create, attrib, move or delete self actions")
+	}
+	return nil
+}
+
+func markFlagsValid(flags uint64) bool {
+	return false
+}
+
+// Check if specified fanotify_init flags are supported for the given
 // kernel version. If none of the defined flags are specified
 // then the basic option works on any kernel version.
-func checkFlagsKernelSupport(flags uint, maj, min int) bool {
+func fanotifyInitFlagsKernelSupport(flags uint, maj, min int) bool {
 	type kernelVersion struct {
 		maj int
 		min int
 	}
+	// fanotify init flags
 	var flagPerKernelVersion = map[uint]kernelVersion{
 		unix.FAN_ENABLE_AUDIT:     {4, 15},
 		unix.FAN_REPORT_FID:       {5, 1},
 		unix.FAN_REPORT_DIR_FID:   {5, 9},
 		unix.FAN_REPORT_NAME:      {5, 9},
 		unix.FAN_REPORT_DFID_NAME: {5, 9},
 	}
+
 	check := func(n, k uint, w, x int) (bool, error) {
 		if n&k == k {
 			if maj > w {
@@ -131,6 +147,48 @@ func checkFlagsKernelSupport(flags uint, maj, min int) bool {
 	return true
 }
 
+// Check if specified fanotify_mark flags are supported for the given
+// kernel version. If none of the defined flags are specified
+// then the basic option works on any kernel version.
+func fanotifyMarkFlagsKernelSupport(flags uint64, maj, min int) bool {
+	type kernelVersion struct {
+		maj int
+		min int
+	}
+	// fanotify mark flags
+	var fanotifyMarkFlags = map[uint64]kernelVersion{
+		unix.FAN_OPEN_EXEC:   {5, 0},
+		unix.FAN_ATTRIB:      {5, 1},
+		unix.FAN_CREATE:      {5, 1},
+		unix.FAN_DELETE:      {5, 1},
+		unix.FAN_DELETE_SELF: {5, 1},
+		unix.FAN_MOVED_FROM:  {5, 1},
+		unix.FAN_MOVED_TO:    {5, 1},
+	}
+
+	check := func(n, k uint64, w, x int) (bool, error) {
+		if n&k == k {
+			if maj > w {
+				return true, nil
+			} else if maj == w && min >= x {
+				return true, nil
+			}
+			return false, nil
+		}
+		return false, errors.New("flag not set")
+	}
+	for flag, ver := range fanotifyMarkFlags {
+		if v, err := check(flags, flag, ver.maj, ver.min); err != nil {
+			continue // flag not set; check other flags
+		} else {
+			return v
+		}
+	}
+	// if none of these flags were specified then the basic option
+	// works on any kernel version
+	return true
+}
+
 func fanotifyEventOK(meta *unix.FanotifyEventMetadata, n int) bool {
 	return (n >= int(sizeOfFanotifyEventMetadata) &&
 		meta.Event_len >= sizeOfFanotifyEventMetadata &&
@@ -145,8 +203,8 @@ func newListener(mountpointPath string, flags, eventFlags, maxEvents uint) (*Lis
 	if err := flagsValid(flags); err != nil {
 		return nil, fmt.Errorf("%w: %v", ErrInvalidFlagCombination, err)
 	}
-	if !checkFlagsKernelSupport(flags, maj, min) {
-		panic("some of the flags specified are not supported on the current kernel")
+	if !fanotifyInitFlagsKernelSupport(flags, maj, min) {
+		panic("some of the flags specified are not supported on the current kernel; refer to the documentation")
 	}
 	fd, err := unix.FanotifyInit(flags, eventFlags)
 	if err != nil {
@@ -189,6 +247,12 @@ func (l *Listener) fanotifyMark(path string, flags uint, mask uint64, remove boo
 	if l == nil {
 		return ErrNilListener
 	}
+	if !fanotifyMarkFlagsKernelSupport(mask, l.kernelMajorVersion, l.kernelMinorVersion) {
+		panic("some of the mark mask combinations specified are not supported on the current kernel; refer to the documentation")
+	}
+	if err := fanotifyMarkMaskValid(mask); err != nil {
+		return fmt.Errorf("%v: %w", err, ErrInvalidFlagCombination)
+	}
 	_, found := l.watches[path]
 	if found {
 		if remove {
@@ -292,7 +356,8 @@ func (l *Listener) readEvents() error {
 				event := Event{
 					Fd:   int(metadata.Fd),
 					Path: string(name[:n1]),
-					Mask: metadata.Mask,
+					Mask: Action(metadata.Mask),
+					Pid:  metadata.Pid,
 				}
 				l.Events <- event
 
@@ -334,7 +399,8 @@ func (l *Listener) readEvents() error {
 					Fd:       fd,
 					Path:     pathName,
 					FileName: fileName,
-					Mask:     metadata.Mask,
+					Mask:     Action(metadata.Mask),
+					Pid:      metadata.Pid,
 				}
 				l.Events <- event
 				i += int(metadata.Event_len)

fanotify_event_types.go

@@ -3,44 +3,81 @@ package fanotify
 import "golang.org/x/sys/unix"
 
 const (
-	// FileOrDirAccessedEvent create an event when a file or directory is accessed
-	FileOrDirAccessedEvent uint64 = unix.FAN_ACCESS
-	// FileModifiedEvent create an event when a file is modified
-	FileModifiedEvent uint64 = unix.FAN_MODIFY
-	// FileClosedEvent create an event when a file is closed
-	FileClosedEvent uint64 = unix.FAN_CLOSE_WRITE | unix.FAN_CLOSE_NOWRITE
-	// FileOrDirOpenedEvent create an event when a file or directory is opened
-	FileOrDirOpenedEvent uint64 = unix.FAN_OPEN
-	// FileOpenedForExecEvent create an event when a file is opened with the intent to be executed.
-	FileOpenedForExecEvent uint64 = unix.FAN_OPEN_EXEC
-	// FileOrDirMetadataChangedEvent create an event when a file or directory attributes have changed.
-	FileOrDirMetadataChangedEvent uint64 = unix.FAN_ATTRIB
-	// DirectoryEvent create an event when directory is opened, read or closed.
-	DirectoryEvent uint64 = unix.FAN_ONDIR
-	// FileCreatedInMarkedParentEvent create event when a file is created under a marked parent directory.
-	FileCreatedInMarkedParentEvent uint64 = unix.FAN_CREATE | unix.FAN_EVENT_ON_CHILD
-	// DirectoryCreatedInMarkedParentEvent create event when a directory is created under a marked parent directory.
-	DirectoryCreatedInMarkedParentEvent uint64 = unix.FAN_ONDIR | unix.FAN_CREATE | unix.FAN_EVENT_ON_CHILD
-	// FileDeletedInMarkedParentEvent create event when a file is deleted under a marked parent directory.
-	FileDeletedInMarkedParentEvent uint64 = unix.FAN_DELETE | unix.FAN_EVENT_ON_CHILD
-	// DirectoryDeletedInMarkedParentEvent create event when a directory is deleted under a marked parent directory.
-	DirectoryDeletedInMarkedParentEvent uint64 = unix.FAN_ONDIR | unix.FAN_DELETE | unix.FAN_EVENT_ON_CHILD
-	// MarkedFileDeletedEvent create event when a marked file is deleted.
-	MarkedFileDeletedEvent uint64 = unix.FAN_DELETE_SELF
-	// MarkedDirectoryDeletedEvent create an event when a marked directory is deleted.
-	MarkedDirectoryDeletedEvent uint64 = unix.FAN_ONDIR | unix.FAN_DELETE_SELF
-	// FileMovedFromMarkedParentEvent create an event when file has been moved from a marked parent directory.
-	FileMovedFromMarkedParentEvent uint64 = unix.FAN_MOVED_FROM | unix.FAN_EVENT_ON_CHILD
-	// DirMovedFromMarkedParentEvent create an event when a directory has been moved from a marked parent directory.
-	DirMovedFromMarkedParentEvent uint64 = unix.FAN_ONDIR | unix.FAN_MOVED_FROM | unix.FAN_EVENT_ON_CHILD
-	// FileMovedToMarkedParentEvent create an event when file has been moved to a marked parent directory.
-	FileMovedToMarkedParentEvent uint64 = unix.FAN_MOVED_TO | unix.FAN_EVENT_ON_CHILD
-	// DirMovedToMarkedParentEvent create an event when a directory has been moved to a marked parent directory.
-	DirMovedToMarkedParentEvent uint64 = unix.FAN_ONDIR | unix.FAN_MOVED_TO | unix.FAN_EVENT_ON_CHILD
-	// MarkedFileOrDirectoryHasMovedEvent create an event when a marked file or directory has moved.
-	MarkedFileOrDirectoryHasMovedEvent uint64 = unix.FAN_MOVE_SELF
-	// QueueOverflowedEvent create an event when the kernel event queue has overflowed.
-	QueueOverflowedEvent uint64 = unix.FAN_Q_OVERFLOW
-	// FileOrDirectoryMovedEvent create an event when a file or directory has moved.
-	FileOrDirectoryMovedEvent uint64 = FileMovedFromMarkedParentEvent | FileMovedToMarkedParentEvent | DirMovedFromMarkedParentEvent | DirMovedToMarkedParentEvent
+	// FileAccessed event when a file is accessed
+	FileAccessed Action = unix.FAN_ACCESS
+
+	// FileOrDirectoryAccessed event when a file or directory is accessed
+	FileOrDirectoryAccessed Action = unix.FAN_ACCESS | unix.FAN_ONDIR
+
+	// FileModified event when a file is modified
+	FileModified Action = unix.FAN_MODIFY
+
+	// FileClosed event when a file is closed
+	FileClosed Action = unix.FAN_CLOSE_WRITE | unix.FAN_CLOSE_NOWRITE
+
+	// FileOpened event when a file is opened
+	FileOpened Action = unix.FAN_OPEN
+
+	// FileOrDirectoryOpened event when a file or directory is opened
+	FileOrDirectoryOpened Action = unix.FAN_OPEN | unix.FAN_ONDIR
+
+	// FileOpenedForExec event when a file is opened with the intent to be executed.
+	// Requires Linux kernel 5.0 or later
+	FileOpenedForExec Action = unix.FAN_OPEN_EXEC
+
+	// FileAttribChanged event when a file attribute has changed
+	// Requires Linux kernel 5.1 or later (requires FID)
+	FileAttribChanged Action = unix.FAN_ATTRIB
+
+	// FileOrDirAttribChanged event when a file or directory attribute has changed
+	// Requires Linux kernel 5.1 or later (requires FID)
+	FileOrDirAttribChanged Action = unix.FAN_ATTRIB | unix.FAN_ONDIR
+
+	// FileCreated event when file a has been created
+	// Requires Linux kernel 5.1 or later (requires FID)
+	FileCreated Action = unix.FAN_CREATE
+
+	// FileOrDirCreated event when a file or directory has been created
+	// Requires Linux kernel 5.1 or later (requires FID)
+	FileOrDirCreated Action = unix.FAN_CREATE | unix.FAN_ONDIR
+
+	// FileDeleted event when file a has been deleted
+	// Requires Linux kernel 5.1 or later (requires FID)
+	FileDeleted Action = unix.FAN_DELETE
+
+	// FileOrDirDeleted event when a file or directory has been deleted
+	// Requires Linux kernel 5.1 or later (requires FID)
+	FileOrDirDeleted Action = unix.FAN_DELETE | unix.FAN_ONDIR
+
+	// WatchedFileDeleted event when a watched file has been deleted
+	// Requires Linux kernel 5.1 or later (requires FID)
+	WatchedFileDeleted Action = unix.FAN_DELETE_SELF
+
+	// WatchedFileOrDirDeleted event when a watched file or directory has been deleted
+	// Requires Linux kernel 5.1 or later (requires FID)
+	WatchedFileOrDirDeleted Action = unix.FAN_DELETE_SELF | unix.FAN_ONDIR
+
+	// FileMovedFrom event when a file has been moved from the watched directory
+	// Requires Linux kernel 5.1 or later (requires FID)
+	FileMovedFrom Action = unix.FAN_MOVED_FROM
+
+	// FileOrDirMovedFrom event when a file or directory has been moved from the watched directory
+	// Requires Linux kernel 5.1 or later (requires FID)
+	FileOrDirMovedFrom Action = unix.FAN_MOVED_FROM | unix.FAN_ONDIR
+
+	// FileMovedTo event when a file has been moved to the watched directory
+	// Requires Linux kernel 5.1 or later (requires FID)
+	FileMovedTo Action = unix.FAN_MOVED_TO
+
+	// FileOrDirMovedTo event when a file or directory has been moved to the watched directory
+	// Requires Linux kernel 5.1 or later (requires FID)
+	FileOrDirMovedTo Action = unix.FAN_MOVED_TO | unix.FAN_ONDIR
+
+	// WatchedFileMoved event when a watched file has moved
+	// Requires Linux kernel 5.1 or later (requires FID)
+	WatchedFileMoved Action = unix.FAN_MOVE_SELF
+
+	// WatchedFileOrDirMoved event when a watched file or directory has moved
+	// Requires Linux kernel 5.1 or later (requires FID)
+	WatchedFileOrDirMoved Action = unix.FAN_MOVE_SELF | unix.FAN_ONDIR
 )