BPF Tokens in systemd
Presenters Matteo Croce Source All Systems Go! 2025 🚀 Level Up Your Container Security with BPF Tokens! 🛠️ Containers have revolutionized how we build and deploy applications, offering incredible flexibility and efficiency. But with great power comes great responsibility – especially when it comes to security. Traditional methods for running Berkeley Packet Filter (BPF) programs within containers often required root privileges or the broad cap_bpf capability, which frankly, is a bit like giving everyone a master key to the kingdom. Thankfully, there’s a new sheriff in town: BPF Tokens! ...