file change notifications for files outside the sandbox does not work

[mitchcapper]

I think this is probably a known limitation but using File system change events / FindFirstChangeNotification fails to notify about files in a folder that are not created/written by the sandbox itself.

https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-findfirstchangenotificationa
https://learn.microsoft.com/en-us/dotnet/api/system.io.filesystemwatcher?view=net-7.0

if you have c:\temp\test
and it has bob.txt on the host, if the sandbox watches the c:\temp\test folder it won't get any notifications when bob changes (as its listener is likely just silently attached to the redirected folder). One can likely force pass the folder through or hardlink the original target to the sandboxed directory but wanted to document it all the same.

Any software that uses the monitoring API will miss changes to files not made to the sandboxed overlay folder directly.

I doubt a sample is needed but here is a powershell script that can take a path to monitor and will notify when changes are made.

param ($Path)

	$watcher = New-Object -TypeName IO.FileSystemWatcher -ArgumentList $Path, '*' -Property @{
		IncludeSubdirectories = $false
		NotifyFilter = [IO.NotifyFilters]::LastWrite
	  }
	try
	{
		Write-Warning "FileSystemWatcher is monitoring $Path"
		do
		{
			$result = $watcher.WaitForChanged([System.IO.WatcherChangeTypes]::Changed, 1000)
			if ($result.TimedOut) { continue }
			Write-Host File Changed: ($result | Format-Table | Out-String)
		}
	  	while ($true)
	}
	finally
	{
	  # release the watcher and free its memory:
	  $watcher.Dispose()
	  Write-Warning 'FileSystemWatcher removed.'
	}  

Confirmed passing the folder writes through thus not creating the sandboxed version with OpenPipePath= will resolve this.