opensnoop: fix --cgroupmap with kfunc Commit c347fe6c9f75 ("Support kfunc in opensnoop.py") introduces an alternative probe on do_sys_open() with kfuncs instead of kprobes. This new implementation is used if the kernel supports it. But it removed the --cgroupmap filter added in commit b2aa29fa3269 ("tools: cgroup filtering in execsnoop/opensnoop"). This patch adds the --cgroupmap filter in the kfunc implementation.

commit: 510fc7425ccd0bc53d53a56ae847d786eb15e1ce [log] [tgz]
author: Alban Crequy <alban@kinvolk.io> Thu Mar 19 14:07:38 2020 +0100
committer: yonghong-song <ys114321@gmail.com> Thu Mar 19 23:23:36 2020 -0700
tree: 3159e148cd4068e68836f438a4a29e70c52dd41a
parent: c2772a334bd10f6e7f66b7d79c269ab9ca5e525c [diff] [blame]
diff --git a/tools/opensnoop.py b/tools/opensnoop.py
index 4f94d01..b28d7d5 100755
--- a/tools/opensnoop.py
+++ b/tools/opensnoop.py

@@ -177,6 +177,12 @@
     PID_TID_FILTER
     UID_FILTER
     FLAGS_FILTER
+#if CGROUPSET
+    u64 cgroupid = bpf_get_current_cgroup_id();
+    if (cgroupset.lookup(&cgroupid) == NULL) {
+      return 0;
+    }
+#endif
 
     struct data_t data = {};
     bpf_get_current_comm(&data.comm, sizeof(data.comm));
commit	510fc7425ccd0bc53d53a56ae847d786eb15e1ce	[log] [tgz]
author	Alban Crequy <alban@kinvolk.io>	Thu Mar 19 14:07:38 2020 +0100
committer	yonghong-song <ys114321@gmail.com>	Thu Mar 19 23:23:36 2020 -0700
tree	3159e148cd4068e68836f438a4a29e70c52dd41a
parent	c2772a334bd10f6e7f66b7d79c269ab9ca5e525c [diff] [blame]