On Tue, Dec 8, 2020, at 2:40 AM, Gilad Reti wrote: > Hello everyone, > > Are there any plans on extending the cgroup program types to include > more probe types (or possibly allow restricting any probe type to a > specific cgroup)? > > For a use case example, this will allow attaching programs to the > "docker" cgroup and thus tracing events from containers only (or even > enforcing eBPF LSM on docker containers only). Based on my understanding, this may not be possible. For example, the kernel may lose information about cgroups on deferred work. When the work is later executed, the cgroup may lose information on work it technically initiated. Daniel
