Skip to content

Commit

Permalink
opensnoop: fix --cgroupmap with kfunc
Browse files Browse the repository at this point in the history 
Commit c347fe6 ("Support kfunc in opensnoop.py") introduces an
alternative probe on do_sys_open() with kfuncs instead of kprobes. This
new implementation is used if the kernel supports it. But it removed the
--cgroupmap filter added in commit b2aa29f ("tools: cgroup
filtering in execsnoop/opensnoop").

This patch adds the --cgroupmap filter in the kfunc implementation.
  • Loading branch information
@alban @yonghong-song
alban authored and yonghong-song committed Mar 20, 2020
1 parent c2772a3 commit 510fc74
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions tools/opensnoop.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,12 @@
PID_TID_FILTER
UID_FILTER
FLAGS_FILTER
#if CGROUPSET
u64 cgroupid = bpf_get_current_cgroup_id();
if (cgroupset.lookup(&cgroupid) == NULL) {
return 0;
}
#endif
struct data_t data = {};
bpf_get_current_comm(&data.comm, sizeof(data.comm));
Expand Down

0 comments on commit 510fc74

Please sign in to comment.