Finding init process of namespace at global level using BPF

From: K V V
Date: Fri Jan 17 2025 - 09:18:57 EST

Next message: Tudor Ambarus: "[PATCH v2 0/4] soc: qcom: ice: fix dev reference leaked through of_qcom_ice_get"
Previous message: Sasha Finkelstein: "Re: [PATCH v4 2/5] drm: adp: Add Apple Display Pipe driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Christian, experts,

Need help in finding the first process of pid namespace using BPF
program when an unshare(unshare -p -f --mount-proc /bin/bash) call is
made. Am using a ubuntu(20.04) machine. Kernel version: 5.15

>From documentation, it is found that child_reaper would give this info
from pid_namespace structure. From shell, I see that pid namespace is
created and and a new process is also forked.

But while accessing child_reaper, it is found NULL.

I am using the following prog to get it, but it is unsuccessful.

struct pid_namespace *pid_ns = BPF_CORE_READ(current_task_struct,
nsproxy, pid_ns_for_children);

if (pid_ns) {
// Access the child_reaper process
struct task_struct *child_reaper =
BPF_CORE_READ(pid_ns, child_reaper);
if (child_reaper) {
// Get the global PID of the child_reaper process
pid2 = BPF_CORE_READ(child_reaper, pid);
} else {
pid2 = 100;
}
} else {
pid2 = 10;
}

May I know how I can retrieve the init process of a new namespace
using a BPF program ?

Thanks in advance.

--Krishna Vivek

Next message: Tudor Ambarus: "[PATCH v2 0/4] soc: qcom: ice: fix dev reference leaked through of_qcom_ice_get"
Previous message: Sasha Finkelstein: "Re: [PATCH v4 2/5] drm: adp: Add Apple Display Pipe driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]