Best linux filesystem filter option? [closed]

问题

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.

Closed 8 years ago.

I need a linux filesystem filter with which to enforce ACL policy on filesystem calls dynamically (allow/deny read/writes based on stuff computed at runtime).

So far I have stumbled onto DazukoFS and Related Work.
What I dont like about DazukoFS is that it has to be compiled for each kernel release.

1. Is there some user-mode library that can filter filesystem calls dynamically?
2. If not, is there some kernel-mode library that can filter FS calls dynamically, and not compile it for each kernel release?
3. If not, what is the best choice among DazukoFS and others ?

回答1:

I have chosen RedirFS Redirecting Filesystem Framework.

• similar to windows minifilter drivers in many ways
• simple enough and featurefull
• has examples of programs
• nice docs (but scattered)

回答2:

If fanotify ever gets into the kernel, it would provide precisely what you're asking for.

But unfortunately it hasn't got in yet.

EDIT:

fanotify has been merged into 2.6.36.

Pull request was: http://lkml.org/lkml/2010/8/6/273

来源：https://stackoverflow.com/questions/3202431/best-linux-filesystem-filter-option