Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFE: BPF programs on cgroups #10227

Closed
jaymzh opened this issue Oct 1, 2018 · 1 comment · Fixed by #12419
Closed

RFE: BPF programs on cgroups #10227

jaymzh opened this issue Oct 1, 2018 · 1 comment · Fixed by #12419
Labels

Comments

@jaymzh
Copy link

@jaymzh jaymzh commented Oct 1, 2018

At ASG2018 hack we discussed a path to allow users to ask Systemd to install BPF programs into cgroups. This issue is to document that design as an RFE.

The motivation is to allow users to associate a BPF program with a unit file so that systemd can install them after the cgroup is setup.

The design we came up with was:

The user would be responsible for creating any maps, loading the program and associating any maps with the program. At this point the user simply needs to pass the FD for the BPF program to systemd. The suggested name for this was BPFProgramPath. In this case, the suggested way of doing this was via /proc/$PID/fds/<appropriate FD>.

An option to systemd-nspawn could then be made to expose this as well.

@jaymzh jaymzh changed the title BPF programs on cgroups RFI: BPF programs on cgroups Oct 1, 2018
@jaymzh jaymzh changed the title RFI: BPF programs on cgroups RFE: BPF programs on cgroups Oct 1, 2018
@alban

This comment has been minimized.

Copy link
Member

@alban alban commented Nov 29, 2018

Here is a previous discussion:
#6764 (comment)
where I suggest to use eBPF programs on the BPF filesystem as an alternative to /proc/$PID/fd/<appropriate FD>. We also need to be able to speify different eBPF programs for egress and ingress.

pothos added a commit to pothos/systemd that referenced this issue Apr 26, 2019
…ress)=

Takes a single /sys/fs/bpf/pinned_prog string as argument but may be
specified multiple times.

systemd#10227
pothos added a commit to pothos/systemd that referenced this issue Apr 26, 2019
…ress)=

Takes a single /sys/fs/bpf/pinned_prog string as argument but may be
specified multiple times.

systemd#10227
pothos added a commit to pothos/systemd that referenced this issue May 2, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
pothos added a commit to pothos/systemd that referenced this issue May 3, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
pothos added a commit to pothos/systemd that referenced this issue May 3, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
pothos added a commit to pothos/systemd that referenced this issue May 3, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
pothos added a commit to pothos/systemd that referenced this issue May 3, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
pothos added a commit to pothos/systemd that referenced this issue May 31, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
pothos added a commit to pothos/systemd that referenced this issue Jun 21, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
pothos added a commit to pothos/systemd that referenced this issue Jun 24, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
pothos added a commit to pothos/systemd that referenced this issue Jun 24, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
pothos added a commit to pothos/systemd that referenced this issue Jun 24, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
poettering added a commit that referenced this issue Jun 25, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes #10227
edevolder added a commit to edevolder/systemd that referenced this issue Jun 26, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
edevolder added a commit to edevolder/systemd that referenced this issue Jun 26, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
zachsmith added a commit to zachsmith/systemd that referenced this issue Jul 26, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd#10227
Yamakuzure added a commit to elogind/elogind that referenced this issue Sep 23, 2019
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes systemd/systemd#10227
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
3 participants
You can’t perform that action at this time.