

Another Linux file notification subsystem - unwind
http://lwn.net/Articles/339253/
From the article: a new notification system, sorta like inotify, only instead of an
arbitrary 'watch descriptor' which userspace has to know how to map back
to an object on the filesystem, fanotify provides an open read-only fd
back to the original object.
======
nailer
While it's not designed to _be_ post game-over security software itself - as
the author states - it's primarily designed to _support_ post game-over
security scanning software, which seems like a poor motivator to include it in
the Linux kernel.

A better solution to this problem would be:

* user education about why these solutions don't work

* ensure binaries and scripts are either signed or created locally

* ensure analysis is done from trusted environments (eg, another OS connected to the same SAN you're booting the suspect machine from).

------
jcapote
What's wrong with ionotify?

