Don’t miss out! Join us at the next Open Source Summit in Seoul, South Korea (November 4-5). Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
Monitoring filesystems with fanotify inside containers – Amir Goldstein, CTERA Networks
Filesystem monitoring was added to fanotify in kernel 5.1
and the first HSM feature was added to fanotify in kernel 6.12.
See this Linux Plumbers talk by fanotify maintainer Jan Kara for a
good overview:
https://lpc.events/event/18/contributions/1717/attachments/1648/3404/fanotify.pdf
This talk will present our work towards making those features available inside containers using two different strategies:
1. For filesystems that were mounted inside userns or idmapped into userns, userns admin would be able to use fanotify to monitor those filesystems.
2. For filesystems that were mounted by the host, container users would be able to subscribe to a service on the host to receive filesystem monitoring events contained to the scope of the container.
