[PATCH 1/1] Enable fanotify API by default.

From: xypron . glpk
Date: Sat Jun 15 2013 - 12:19:41 EST

Next message: Alex Williamson: "[PATCH] intel-iommu: Fix leaks in pagetable freeing"
Previous message: diego fanesi: "Fwd: bug report about acpiphp"
Next in thread: Greg KH: "Re: [PATCH 1/1] Enable fanotify API by default."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Heinrich Schuchardt <xypron.glpk@xxxxxx>

The fanotify interface is the basis for on access malware detection
in the Linux kernel. The development of a prior solution (DazukoFS)
has been stopped therefore.

Both free (ClamAV) as well as commercial viurs scanners (Sophos
Anti-Virus, AVG) using this interface exist.

Since kernel version 3.8.0 the implementationof the fanotify inter-
face is errorfree enough to be used on a productive system.
Personally I have been using it for virus scanning on multiple
systems for several months without issues while a developing a
wrapper around ClamAV, see
https://github.com/xypron/skyldav

A large scale usage of the fanotify interface can only expected if
the API is enabled by default.

Hence I recommend to change the Kconfig file accordingly.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@xxxxxx>
---
fs/notify/fanotify/Kconfig | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/notify/fanotify/Kconfig b/fs/notify/fanotify/Kconfig
index e5f911b..929ad74 100644
--- a/fs/notify/fanotify/Kconfig
+++ b/fs/notify/fanotify/Kconfig
@@ -2,7 +2,7 @@ config FANOTIFY
bool "Filesystem wide access notification"
select FSNOTIFY
select ANON_INODES
- default n
+ default y
---help---
Say Y here to enable fanotify support. fanotify is a file access
notification system which differs from inotify in that it sends
@@ -15,7 +15,7 @@ config FANOTIFY_ACCESS_PERMISSIONS
bool "fanotify permissions checking"
depends on FANOTIFY
depends on SECURITY
- default n
+ default y
---help---
Say Y here is you want fanotify listeners to be able to make permissions
decisions concerning filesystem events. This is used by some fanotify
@@ -23,4 +23,4 @@ config FANOTIFY_ACCESS_PERMISSIONS
use those files. This is used by some anti-malware vendors and by some
hierarchical storage managent systems.

- If unsure, say N.
+ If unsure, say Y.
--
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alex Williamson: "[PATCH] intel-iommu: Fix leaks in pagetable freeing"
Previous message: diego fanesi: "Fwd: bug report about acpiphp"
Next in thread: Greg KH: "Re: [PATCH 1/1] Enable fanotify API by default."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]