I think you need cap_sysadmin to load ebpf?
-
-
-
That's what the manpage says, but https://lwn.net/Articles/660331/ … says unprivileged BPF is a thing since Linux 4.4.
-
seccomp-pbf is what all modern sandboxing is built on. Chrome and Firefox both use it.
-
seccomp-bpf was originally defense-in-depth for proper sandboxing (Firefox is doing things kind of backwards, for reasons), and it was added in 3.5; it's always been unprivileged AFAIK. eBPF is not much like BPF and it's more of a dtrace replacement AIUI.
-
eBPF is used for various things, including tracing and monitoring like dtrace. But also for packet processing like the old BPF version. I expect seccomp will work with eBPF at some point.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.