New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CONTINT-3554] Fix build on linux and do not send cgroup node inode if in host cgroup namespace #2453
Conversation
…'re not in the host cgroup namespace
BenchmarksBenchmark execution time: 2023-12-19 18:40:33 Comparing candidate commit d27c2f9 in PR branch Found 0 performance improvements and 1 performance regressions! Performance is the same for 38 metrics, 2 unstable metrics. scenario:BenchmarkSingleSpanRetention/with-rules/match-all-24
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! One change needed for the test file build tags (see my comment). Should someone with cgroups knowledge review the other changes?
internal/container_linux_test.go
Outdated
@@ -3,6 +3,8 @@ | |||
// This product includes software developed at Datadog (https://www.datadoghq.com/). | |||
// Copyright 2016 Datadog, Inc. | |||
|
|||
//go:build test && linux |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The test
build tag isn't defined, so these tests won't run. I think you just want the linux
tag.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I just removed it !
I also asked a review to my team members. They should have the knowledge necessary. Normally I am just aligning on what is done in dogstatsd DataDog/datadog-go#291
Changes look similar to the linked datadog-go changes, which were approved by someone with more knowledge, so LGTM |
What does this PR do?
This PR adds build flags in the logic that retrieves the container id since it only works on linux.
It also only retrieves the cgroup node inode if the sender not in the host cgroup namespace. Indeed it would mean either that:
Motivation
Fix build and do not emit data if not necessary (limit perf impact)
Reviewer's Checklist
For Datadog employees:
@DataDog/security-design-and-guidance
.Unsure? Have a question? Request a review!