Tutorial :Which process was responsible for an event signalled by inotify?


I am using pyinotify to detect access, changes, etc. on files in a given directory. Is there an easier way to find out which process was responsible for that - without having to patch inotify?


No, you can't, that information isn't in the struct inotify_event sent by the kernel.

Actually there isn't any guarantee that the process responsible is still running when you get the event.


Assuming you are on Linux (pyinotify would tend to indicate this) you could use SELinux (running in permissive mode of course) to wrap a process(es) and log all their file access/creation/deletion/etc.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »