pyfanotify
Note
Requires execution from ROOT!
- class pyfanotify.Fanotify[source]
Wrapper for Linux fanotify. Runs in a new process.
- __init__(init_fid=False, log=None, fn=None, fn_args=(), fn_timeout=0)[source]
- Parameters:
init_fid (bool) – Enable filesystem events to watch (FAN_CREATE, FAN_DELETE, FAN_MOVE, FAN_ATTRIB). See man fanotify_init for FAN_REPORT_FID and FAN_REPORT_DIR_FID
log (Optional[Logger]) – Logger
fn (Optional[Callable]) – Function that will be called after the specified fn_timeout
fn_args (Tuple) – Arguments for fn
fn_timeout (int) – Timeout for fn
- Raises:
OSError – if fanotify is not set in kernel or other fanotify error (see man fanotify_init)
TypeError – if fn is not callable or fn_args is not tuple
- property with_fid: bool
- connect(rule)[source]
Add
FanoRuleto receive events on it- Parameters:
rule (FanoRule) –
- Return type:
None
- disconnect(rule)[source]
Delete the
FanoRuleso as not to receive events for it- Parameters:
rule (FanoRule) –
- Return type:
None
- mark(path, ev_types=FAN_ALL_EVENTS, is_type='', dont_follow=False, as_ignore=False, remove=False)[source]
To detail see man fanotify_mark
Adds, removes, or modifies an fanotify mark on a filesystem object. The caller must have read permission on the filesystem object that is to be marked. ev_types must be nonempty
- Parameters:
path (Iterable) – path to be marked
ev_types (int) – defines which events shall be listened for (or which shall be ignored). It is a bit mask composed values. See man
is_type (str) –
type of path. It can be:
'mp'- is mount point'fs'- is filesystem'dir'- is directory
dont_follow (bool) – if path is a symbolic link, mark the link itself, rather than the file to which it refers.
as_ignore (bool) – if True add/remove to/from ignore mask.
remove (bool) – if True, events in ev_types will be removed from the mark mask (or from ignore mask); else events will be added to the mark mask (or to ignore mask).
- Return type:
None
- flush(do_non_mounts=True, do_mounts=True, do_fs=True)[source]
To detail see man fanotify_mark for FAN_MARK_FLUSH
Remove either all marks for filesystems, all marks for mounts, or all marks for directories and files from the fanotify group.
- Parameters:
do_non_mounts – Remove all marks for directories and files
do_mounts – Remove all marks for mounts
do_fs – Remove all marks for filesystems (since Linux 4.20)
- Return type:
None
- class pyfanotify.FanoRule
FanoRule(name, pids=(), ev_types=0, exe_pattern=None, cwd_pattern=None, path_pattern=None, pass_fd=False)
Rule to receive events on it via fanotify. At least one rule parameter must be specified (other than the required name and optional pass_fd)
- Parameters:
name (AnyStr) – Name of rule
pids (Iterable[Union[int, AnyStr]]) – PIDS
ev_types (int) – Event types mask
exe_pattern (AnyStr) – exe
cwd_pattern (AnyStr) – cwd
path_pattern (AnyStr) – path
pass_fd (bool) – Pass file descriptor
- Raises:
TypeError – if pids is not a set, list or tuple
ValueError – if no one rule parameter are specified
- class pyfanotify.FanotifyClient[source]
Client for easy use and getting data via Fanotify.
- close()[source]
Close the connection to the Fanotify object. The data will no longer be received.
- Return type:
None
- class pyfanotify.FanotifyData[source]
Contains fanotify event information
- fd: int = -1
File descriptor if passed, -1 otherwise
- pid: int = 0
PID of caused process
- ev_types: int = 0
Event types of fanotify event
- exe: str = None
EXE of the event caused process if passed,
Noneotherwise
- cwd: str = None
CWD of the event caused process if passed,
Noneotherwise
- path: str = None
PATH of the event caused file if passed,
Noneotherwise
- __init__(fd=-1, pid=0, ev_types=0, exe=None, cwd=None, path=None)[source]
- Parameters:
fd (int) – File descriptor if passed
pid (int) – PID of caused process
ev_types (int) – Event types of fanotify event
exe (Optional[str]) – EXE of the event caused process if passed
cwd (Optional[str]) – CWD of the event caused process if passed
path (Optional[str]) – PATH of the event caused file if passed