On Tue, Dec 8, 2020 at 12:38 PM Daniel Xu <dxu@xxxxxxxxx> wrote: > > On Tue, Dec 8, 2020, at 2:40 AM, Gilad Reti wrote: > > Hello everyone, > > > > Are there any plans on extending the cgroup program types to include > > more probe types (or possibly allow restricting any probe type to a > > specific cgroup)? This kind of feature was requested earlier. The rough idea was to add a program hook in the cgroup attach path. So that prog can decide which progs to which cgroups are ok. It's a bit tautological and not everyone was happy with the idea. No patches were produced either. Other ideas of extending existing default/override/multi logic were rejected as not flexible and not generic enough. > > For a use case example, this will allow attaching programs to the > > "docker" cgroup and thus tracing events from containers only (or even > > enforcing eBPF LSM on docker containers only). > > Based on my understanding, this may not be possible. For example, the > kernel may lose information about cgroups on deferred work. When the > work is later executed, the cgroup may lose information on work it technically > initiated. > > Daniel
