Helper function bpf_get_current_cgroup_id
Definition
Copyright (c) 2015 The Libbpf Authors. All rights reserved.
Get the current cgroup id based on the cgroup within which the current task is running.
Returns
A 64-bit integer containing the current cgroup id based on the cgroup within which the current task is running.
static __u64 (* const bpf_get_current_cgroup_id)(void) = (void *) 80;
Usage
The bpf_get_current_cgroup_id helper function retrieves the cGroup ID of the cGroup in which the current task is running. This ID corresponds to the cGroup's file descriptor in the cGroup filesystem (/sys/fs/cgroup) and uniquely identifies a cGroup. It may be used to distinguish between containers, as container runtimes rely on cGroups for resource isolation and attribute a unique cGroup to each container. This helper function also enables enforcing cGroup-specific policies.
Program types
This helper call can be used in the following program types:
BPF_PROG_TYPE_CGROUP_DEVICEBPF_PROG_TYPE_CGROUP_SKBv6.4BPF_PROG_TYPE_CGROUP_SOCKBPF_PROG_TYPE_CGROUP_SOCKOPTBPF_PROG_TYPE_CGROUP_SOCK_ADDRBPF_PROG_TYPE_CGROUP_SYSCTLBPF_PROG_TYPE_FLOW_DISSECTORv6.4BPF_PROG_TYPE_KPROBEBPF_PROG_TYPE_LSMBPF_PROG_TYPE_LWT_INv6.4BPF_PROG_TYPE_LWT_OUTv6.4BPF_PROG_TYPE_LWT_SEG6LOCALv6.4BPF_PROG_TYPE_LWT_XMITv6.4BPF_PROG_TYPE_NETFILTERv6.4BPF_PROG_TYPE_PERF_EVENTBPF_PROG_TYPE_RAW_TRACEPOINTBPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLEBPF_PROG_TYPE_SCHED_ACTv6.4BPF_PROG_TYPE_SCHED_CLSv6.4BPF_PROG_TYPE_SK_LOOKUPv6.4BPF_PROG_TYPE_SK_MSGBPF_PROG_TYPE_SK_REUSEPORTv6.4BPF_PROG_TYPE_SK_SKBv6.4BPF_PROG_TYPE_SOCKET_FILTERv6.4BPF_PROG_TYPE_SOCK_OPSv6.4BPF_PROG_TYPE_STRUCT_OPSv6.4BPF_PROG_TYPE_SYSCALLBPF_PROG_TYPE_TRACEPOINTBPF_PROG_TYPE_TRACINGBPF_PROG_TYPE_XDPv6.4
Example
#include <vmlinux.h>
#include <bpf/bpf_helpers.h>
SEC("lsm_cgroup/inode_create")
int BPF_PROG(lsm_pre_bpf_file) {
__u64 cgroup_id = bpf_get_current_cgroup_id();
if (cgroup_id == 12092) {
bpf_printk("Task from the target cgroup has created an inode!\n");
}
return 0;
}