From 19bca2118b52b176eb644596a7e13e467a30fab7 Mon Sep 17 00:00:00 2001
From: AliDatadog <ali.benabdallah@datadoghq.com>
Date: Mon, 18 Mar 2024 12:26:15 +0100
Subject: [PATCH 1/2] fix cgroupv1 origin detection

---
 statsd/container_linux.go | 11 +++++++----
 statsd/container_test.go  | 20 ++++++++++++++++++--
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/statsd/container_linux.go b/statsd/container_linux.go
index d7a68f79..f7ec30bc 100644
--- a/statsd/container_linux.go
+++ b/statsd/container_linux.go
@@ -198,13 +198,16 @@ func readCIDOrInode(userProvidedID, cgroupPath, selfMountInfoPath, defaultCgroup
 	}
 
 	if cgroupFallback {
-		if isHostCgroupNs {
-			containerID = readContainerID(cgroupPath)
+		containerID = readContainerID(cgroupPath)
+		if containerID != "" {
 			return
 		}
+
 		containerID = readMountinfo(selfMountInfoPath)
-		if containerID == "" {
-			containerID = getCgroupInode(defaultCgroupMountPath, cgroupPath)
+		if containerID != "" || isHostCgroupNs {
+			return
 		}
+
+		containerID = getCgroupInode(defaultCgroupMountPath, cgroupPath)
 	}
 }
diff --git a/statsd/container_test.go b/statsd/container_test.go
index 4e120592..a2aa0896 100644
--- a/statsd/container_test.go
+++ b/statsd/container_test.go
@@ -416,18 +416,34 @@ func TestReadCIDOrInode(t *testing.T) {
 			isHostCgroupNs:        true,
 			expectedResult:        "8c046cb0b72cd4c99f51b5591cd5b095967f58ee003710a45280c28ee1a9c7fa", // Will be formatted with inode number
 		},
-
+		{
+			description:           "extract container-id from /proc/self/cgroup in private cgroup ns",
+			procSelfCgroupContent: "4:blkio:/kubepods/burstable/podfd52ef25-a87d-11e9-9423-0800271a638e/8c046cb0b72cd4c99f51b5591cd5b095967f58ee003710a45280c28ee1a9c7fa\n",
+			expectedResult:        "8c046cb0b72cd4c99f51b5591cd5b095967f58ee003710a45280c28ee1a9c7fa", // Will be formatted with inode number
+		},
+		{
+			description:      "extract container-id from mountinfo in private cgroup ns",
+			mountInfoContent: "2282 2269 8:1 /var/lib/containerd/io.containerd.grpc.v1.cri/sandboxes/c0a82a3506b0366c9666f6dbe71c783abeb26ba65e312e918a49e10a277196d0/hostname /host/var/run/containerd/io.containerd.runtime.v2.task/k8s.io/fc7038bc73a8d3850c66ddbfb0b2901afa378bfcbb942cc384b051767e4ac6b0/rootfs/etc/hostname rw,nosuid,nodev,relatime - ext4 /dev/sda1 rw,commit=30\n",
+			expectedResult:   "fc7038bc73a8d3850c66ddbfb0b2901afa378bfcbb942cc384b051767e4ac6b0",
+		},
 		{
 			description:      "extract container-id from mountinfo",
 			mountInfoContent: "2282 2269 8:1 /var/lib/containerd/io.containerd.grpc.v1.cri/sandboxes/c0a82a3506b0366c9666f6dbe71c783abeb26ba65e312e918a49e10a277196d0/hostname /host/var/run/containerd/io.containerd.runtime.v2.task/k8s.io/fc7038bc73a8d3850c66ddbfb0b2901afa378bfcbb942cc384b051767e4ac6b0/rootfs/etc/hostname rw,nosuid,nodev,relatime - ext4 /dev/sda1 rw,commit=30\n",
 			expectedResult:   "fc7038bc73a8d3850c66ddbfb0b2901afa378bfcbb942cc384b051767e4ac6b0",
+			isHostCgroupNs:   true,
 		},
 		{
-			description:           "extract inode",
+			description:           "extract inode only in private cgroup ns",
 			cgroupNodeDir:         "system.slice/docker-abcdef0123456789abcdef0123456789.scope",
 			procSelfCgroupContent: "0::/system.slice/docker-abcdef0123456789abcdef0123456789.scope\n",
 			expectedResult:        "in-%d",
 		},
+		{
+			description:           "do not extract inode in host cgroup ns",
+			cgroupNodeDir:         "system.slice/docker-abcdef0123456789abcdef0123456789.scope",
+			procSelfCgroupContent: "0::/system.slice/docker-abcdef0123456789abcdef0123456789.scope\n",
+			isHostCgroupNs:        true,
+		},
 	}
 
 	for _, tc := range tests {

From 6684f58034ef59df52561de525f070159e9ba9da Mon Sep 17 00:00:00 2001
From: AliDatadog <ali.benabdallah@datadoghq.com>
Date: Mon, 18 Mar 2024 15:48:17 +0100
Subject: [PATCH 2/2] added dedicated codepath + comment

---
 statsd/container_linux.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/statsd/container_linux.go b/statsd/container_linux.go
index f7ec30bc..bc5af6d2 100644
--- a/statsd/container_linux.go
+++ b/statsd/container_linux.go
@@ -204,7 +204,13 @@ func readCIDOrInode(userProvidedID, cgroupPath, selfMountInfoPath, defaultCgroup
 		}
 
 		containerID = readMountinfo(selfMountInfoPath)
-		if containerID != "" || isHostCgroupNs {
+		if containerID != "" {
+			return
+		}
+
+		// If we're in the host cgroup namespace, the cid should be retrievable in /proc/self/cgroup
+		// In private cgroup namespace, we can retrieve the cgroup controller inode.
+		if containerID == "" && isHostCgroupNs {
 			return
 		}