Re: [RFC][PATCH] Inotify kernel API

Attached is a patch (against Linus' git tree) that implements a basic kernel API for inotify. Here is a description of the patch: The Inotify kernel API provides these functions: inotify_init - initialize an inotify instance inotify_add_watch - add a watch on an inode inotify_ignore - remove a watch on an inode inotify_free - destroy an inotify instance The kernel API differs from the userspace API in the following ways: - Instead of a file descriptor, inotify_init() returns a pointer to struct inotify_dev, which is an incomplete type to kernel consumers. - The consumer provides a callback to inotify_init(), which is used for filesystem event notification instead of the kevents used for userspace. - Watches are added on inodes rather than paths.

- inotify_add_watch() takes a callback argument, which is used to provide the consumer with a quick-access method back to its own data structure, rather than needing to hash the watch descriptor or walk a list. - The path is given to the event callback as an additional argument rather than being appended to the inotify_event structure; inotify_event.len is unused.

- User-based limits on number of watches, etc. are ignored. Here is a list of other things I've been working on, but are not included in this patch: - Adding inode information to the event callback. - Allowing for adding/removing inotify watches from an event callback. I've also sketched out some data structures and written some prototype audit code that makes use of this patch.

Please take a look and let me know what you think! Regards, Amy