I have installed PCLinuxOS and fanotify does not seem to be enabled, I was wondering how to enable it? As the talpha binary packs are not availble for PCLinuxOS.
This thread was automatically locked due to age.
I have installed PCLinuxOS and fanotify does not seem to be enabled, I was wondering how to enable it? As the talpha binary packs are not availble for PCLinuxOS.
Hello JamesSellars,
have you seen Sophos Anti-Virus for Linux v9: Fanotify Overview - or more important, did you use the savconfig command?
Christian
fanotify is split into two parts: monitor only, and monitor and block.
The demo program only uses the monitor part, SAV uses monitor and block mode.
It's possible the kernel has been compiled with only part of the fanotify functionality.
The kernel configuration options are:
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
You can check against your kernel with:
grep FANOTIFY /boot/config-$(config -r)
If your kernel doesn't support FANOTIFY_ACCESS_PERMISSIONS you'll need to get Talpa locally compiling.
You'll need to install gcc, make and linux-headers.
Thanks.
I had a look at the kernel options and;
CONFIG_FANOTIFY=y
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
I tried to build talpa and it failed to build, I have copied the output of build.log below:
[root@localhost talpa-1.21.5]# cat build.log
In file included from include/linux/notifier.h:13:0,
from include/linux/memory_hotplug.h:6,
from include/linux/mmzone.h:737,
from include/linux/gfp.h:5,
from include/linux/slab.h:14,
from /opt/sophos-av/talpa/build/talpa-1.21.5/src/components/services/linux_filesystem_impl/linux_file.c:23:
/opt/sophos-av/talpa/build/talpa-1.21.5/src/components/services/linux_filesystem_impl/linux_file.c: In function ‘unlink’:
/opt/sophos-av/talpa/build/talpa-1.21.5/src/components/services/linux_filesystem_impl/linux_file.c:624:31: error: ‘struct inode’ has no member named ‘i_mutex’
mutex_lock_nested(&parenti->i_mutex, I_MUTEX_PARENT);
^
include/linux/mutex.h:161:55: note: in definition of macro ‘mutex_lock_nested’
# define mutex_lock_nested(lock, subclass) mutex_lock(lock)
^
/opt/sophos-av/talpa/build/talpa-1.21.5/src/components/services/linux_filesystem_impl/linux_file.c:643:26: error: ‘struct inode’ has no member named ‘i_mutex’
mutex_unlock(&parenti->i_mutex);
^
make[4]: *** [/opt/sophos-av/talpa/build/talpa-1.21.5/src/components/services/linux_filesystem_impl/linux_file.o] Error 1
make[3]: *** [_module_/opt/sophos-av/talpa/build/talpa-1.21.5] Error 2
make[2]: *** [talpa_core.ko] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
How do I fix this? Or can I fix this??
PS. Some of the symbols in the copy & paste got messed up, I am using Windows to post reply. As I have not got a landline internet connection at home and have had to use the PC at the library.
Thanks for your reply.
Looks like you are using a 4.7 or 4.8 kernel, which Talpa 1.21 doesn't support.
You can download the talpa source from github and that has been updated to support more recent kernels.
We have a script to automatically download the source and deploy it:
https://gist.github.com/paperclip/7892031
Please try that.
I have got talpa to compile and on-access scanning is now working! Thanks for your help!