Skip to content

[REQUEST]: Add Linux Endpoint Malware Protection btrfs sub-volume documentation #913

New issue
New issue
Open
Open
[REQUEST]: Add Linux Endpoint Malware Protection btrfs sub-volume documentation#913
Labels
Team:ExperienceIssues owned by the Experience Docs Team
@nicholasberlin

Description

@nicholasberlin
nicholasberlin
opened on Mar 25, 2025

Description

What: The underlying technology, fanotify, used by Elastic Endpoint (Defend) to provide Malware Protections is incapable of monitoring btrfs subvolumes. However, fanotify is capable of monitoring the root of the subvolumes. Some customer configurations only mount btrfs subvolumes, and we would like documentation instructing them to mount the root volume as well.

Here's an unrelated product, fatrace, experiencing the same issue and a discussion of what to do: martinpitt/fatrace#3 (comment).

Resources

Elastic Endpoint issue: https://github.com/elastic/endpoint-dev/issues/15949

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

All Endpoint versions are affected by this.

What release is this request related to?

N/A

Collaboration model

Unknown

Point of contact.

Main contact: @nicholasberlin

Stakeholders:
@nfritts

Metadata

Metadata

Assignees

No one assigned

    Labels

    Team:ExperienceIssues owned by the Experience Docs Team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions