�
�������fk�������������������������������d���Z�d���Z�d���Z�y�)�c���������������������0�����|�s�y�d�}�|�j�������������������d�|���������S�)�NzV
static inline int _cgroup_filter() {
return 0;
}
z�
BPF_TABLE_PINNED("hash", u64, u64, cgroupset, 1024, "CGROUP_PATH");
static inline int _cgroup_filter() {
u64 cgroupid = bpf_get_current_cgroup_id();
return cgroupset.lookup(&cgroupid) == NULL;
}
��CGROUP_PATH����replace)�� cgroupmap��texts���� �0/usr/lib/python3/dist-packages/bcc/containers.py��_cgroup_filter_func_writerr �������s$�������������������D������<�<�
�y��1��1�����c���������������������0�����|�s�y�d�}�|�j�������������������d�|���������S�)�NzU
static inline int _mntns_filter() {
return 0;
}
a����
#include <linux/nsproxy.h>
#include <linux/mount.h>
#include <linux/ns_common.h>
/* see mountsnoop.py:
* XXX: struct mnt_namespace is defined in fs/mount.h, which is private
* to the VFS and not installed in any kernel-devel packages. So, let's
* duplicate the important part of the definition. There are actually
* more members in the real struct, but we don't need them, and they're
* more likely to change.
*/
struct mnt_namespace {
// This field was removed in https://github.com/torvalds/linux/commit/1a7b8969e664d6af328f00fe6eb7aabd61a71d13
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0)
atomic_t count;
#endif
struct ns_common ns;
};
/*
* To add mountsnoop support for --selector option, we need to call
* filter_by_containers().
* This function adds code which defines struct mnt_namespace.
* The problem is that this struct is also defined in mountsnoop BPF code.
* To avoid redefining it in mountnsoop code, we define
* MNT_NAMESPACE_DEFINED here.
* Then, in mountsnoop code, the struct mnt_namespace definition is guarded
* by:
* #ifndef MNT_NAMESPACE_DEFINED
* // ...
* #endif
*/
#define MNT_NAMESPACE_DEFINED
BPF_TABLE_PINNED("hash", u64, u32, mount_ns_set, 1024, "MOUNT_NS_PATH");
static inline int _mntns_filter() {
struct task_struct *current_task;
struct nsproxy *nsproxy;
struct mnt_namespace *mnt_ns;
unsigned int inum;
u64 ns_id;
current_task = (struct task_struct *)bpf_get_current_task();
if (bpf_probe_read_kernel(&nsproxy, sizeof(nsproxy), ¤t_task->nsproxy))
return 0;
if (bpf_probe_read_kernel(&mnt_ns, sizeof(mnt_ns), &nsproxy->mnt_ns))
return 0;
if (bpf_probe_read_kernel(&inum, sizeof(inum), &mnt_ns->ns.inum))
return 0;
ns_id = (u64) inum;
return mount_ns_set.lookup(&ns_id) == NULL;
}
�
MOUNT_NS_PATHr����)���mntnsmapr����s���� r������_mntns_filter_func_writerr����"���s%��������������
:���D�x�����<�<������2��2r
���c���������������������j�����d�}�t���������|�j���������������������������}�t���������|�j���������������������������}�|�|�z���|�z���S�)�Nzv
static inline int container_should_be_filtered() {
return _cgroup_filter() || _mntns_filter();
}
)�r ���r����r����r
���)���args��filter_by_containers_text��cgroupmap_text�
mntnsmap_texts���� r������filter_by_containersr����g���s9��������!��������0��������?�N��-�d�m�m��<�M����M��)�,E��E��Er
���N)�r ���r����r������r
���r������<module>r��������s�������������2�&C��3�J�
�F�r
��� |