The BPF syscalls don't require cap sys admin. Only specific invocations. You can... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sargun on July 9, 2017 \| parent \| context \| favorite \| on: Linux tracing systems and how they fit together The BPF syscalls don't require cap sys admin. Only specific invocations. You can setup a socket filter without sys admin, and a device or XDP filter with net admin.

dangisafascist on July 9, 2017 [–]

Sure but how common is that case? How common are multi-tenant Linux systems with untrusted users that give those specific permissions? Do you want untrusted users sniffing the packets of others?

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact