in rule/rule.go [321:366]
func addFileWatch(data *ruleData, rule *FileWatchRule) error {
path := filepath.Clean(rule.Path)
if !filepath.IsAbs(path) {
return fmt.Errorf("path must be absolute: %v", path)
}
watchType := "path"
if info, err := os.Stat(path); err == nil && info.IsDir() {
watchType = "dir"
}
var perms string
if len(rule.Permissions) == 0 {
perms = "rwxa"
} else {
perms = ""
for _, p := range rule.Permissions {
switch p {
case ReadAccessType:
perms += "r"
case WriteAccessType:
perms += "w"
case ExecuteAccessType:
perms += "x"
case AttributeChangeAccessType:
perms += "a"
}
}
}
// Build rule.
data.flags = exitFilter
data.action = alwaysAction
data.allSyscalls = true
if err := addFilter(data, watchType, "=", path); err != nil {
return err
}
if err := addFilter(data, "perm", "=", perms); err != nil {
return err
}
if err := addKeys(data, rule.Keys); err != nil {
return err
}
return nil
}