Unclear Documentation on Attaching eBPF Programs to Specific cgroups #115
Comments
|
Thank you for the feedback. The userspace aspect of the docs certainly need a bit of love. I hope to get to that soon. So in this case you would use the LIBBPF_API struct bpf_link * bpf_program__attach_cgroup (const struct bpf_program *prog, int cgroup_fd)It needs a file descriptor of a cGroup. cGroups are represented as nested directories in the root, which is typically mounted at You simply open the directory (not a file) that corresponds to the cGroup you would like to attach, which should give you a file descriptor. And you pass this descriptor to the attach function. Here are some resources on cGroups which also explains the file system bits: |
|
Thank you very much, Dylan, for your answers on these two issues! They are very clear and have helped me a lot to clear my confusion. :) Once I feel more comfortable with the eBPF technology, I'll definitely make an effort to contribute here! |
While reading the documentation on cgroup eBPF program types, I found it unclear how to attach a program to a specific cgroup. The provided examples always demonstrate attaching to a generic cgroup hook, without specifying which cgroup the program is actually attached to.
For instance, in the example for attaching an eBPF program of type CGROUP_SOCK, the SEC macro defines the program like this:
SEC("cgroup/sock_create")However, it's unclear whether "cgroup" here refers to the type of eBPF program attachment (such as 'lsm' for LSM eBPF programs) or to the root cgroup of the system (/sys/fs/cgroup/). There is no explanation on how to target specific cgroups beyond the root.
I suggest to add at the root of the folder (https://docs.ebpf.io/linux/program-type/), in the
cGroup program typessection, a detailed examples on how to attach eBPF programs to cgroups other than the root.The text was updated successfully, but these errors were encountered: