Helper function bpf_get_current_cgroup_id

v4.18

Definition

Copyright (c) 2015 The Libbpf Authors. All rights reserved.

Get the current cgroup id based on the cgroup within which the current task is running.

Returns

A 64-bit integer containing the current cgroup id based on the cgroup within which the current task is running.

static __u64 (* const bpf_get_current_cgroup_id)(void) = (void *) 80;

Usage

The bpf_get_current_cgroup_id helper function retrieves the cGroup ID of the cGroup in which the current task is running. This ID corresponds to the cGroup's file descriptor in the cGroup filesystem (/sys/fs/cgroup) and uniquely identifies a cGroup. It may be used to distinguish between containers, as container runtimes rely on cGroups for resource isolation and attribute a unique cGroup to each container. This helper function also enables enforcing cGroup-specific policies.

Program types

This helper call can be used in the following program types:

• BPF_PROG_TYPE_CGROUP_DEVICE
• BPF_PROG_TYPE_CGROUP_SOCK
• BPF_PROG_TYPE_CGROUP_SOCKOPT
• BPF_PROG_TYPE_CGROUP_SOCK_ADDR
• BPF_PROG_TYPE_CGROUP_SYSCTL
• BPF_PROG_TYPE_KPROBE
• BPF_PROG_TYPE_LSM
• BPF_PROG_TYPE_PERF_EVENT
• BPF_PROG_TYPE_RAW_TRACEPOINT
• BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE
• BPF_PROG_TYPE_SK_MSG
• BPF_PROG_TYPE_SYSCALL
• BPF_PROG_TYPE_TRACEPOINT
• BPF_PROG_TYPE_TRACING

Example

#include <vmlinux.h>
#include <bpf/bpf_helpers.h>

SEC("lsm_cgroup/inode_create")
int BPF_PROG(lsm_pre_bpf_file) {
    __u64 cgroup_id = bpf_get_current_cgroup_id();
    if (cgroup_id == 12092) {
        bpf_printk("Task from the target cgroup has created an inode!\n");
    }
    return 0;
}