Helper function bpf_get_current_uid_gid
Definition
Copyright (c) 2015 The Libbpf Authors. All rights reserved.
Get the current uid and gid.
Returns
A 64-bit integer containing the current GID and UID, and created as such: current_gid << 32 | current_uid.
static __u64 (* const bpf_get_current_uid_gid)(void) = (void *) 15;
Usage
The bpf_get_current_uid_gid helper function returns a 64-bit value containing the current task's UID in the lower 32 bits and GID in the upper 32 bits. This allows eBPF programs to identify the user and group context of the running task. It is useful for enforcing security policies, tracking actions by specific users or groups, and implementing per-UID or per-GID tracing.
Program types
This helper call can be used in the following program types:
BPF_PROG_TYPE_CGROUP_DEVICEBPF_PROG_TYPE_CGROUP_SOCKBPF_PROG_TYPE_CGROUP_SOCKOPTBPF_PROG_TYPE_CGROUP_SOCK_ADDRBPF_PROG_TYPE_CGROUP_SYSCTLBPF_PROG_TYPE_KPROBEBPF_PROG_TYPE_LSMBPF_PROG_TYPE_PERF_EVENTBPF_PROG_TYPE_RAW_TRACEPOINTBPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLEBPF_PROG_TYPE_SK_MSGBPF_PROG_TYPE_SYSCALLBPF_PROG_TYPE_TRACEPOINTBPF_PROG_TYPE_TRACING
Example
#include <vmlinux.h>
#include <bpf/bpf_helpers.h>
SEC("tp/syscalls/sys_enter_open")
int sys_open_trace(void *ctx) {
__u64 uid_gid = bpf_get_current_uid_gid();
__u32 uid = uid_gid >> 32;
__u32 gid = uid_gid & 0xFFFFFFFF;
bpf_printk("Hello from UID %u, GID %u\n", uid, gid);
return 0;
}