12 May
2021
12 May
'21
9:54 p.m.
I wrote:
eBPF (Extended Berkeley Packet Filter) is a programmable, high-performance packet-filtering engine built into the Linux kernel, into which you can load custom programs for controlling and monitoring the behaviour of the network stack.
I was wrong. It’s a whole lot more than that. It can also hook into filesystem access as well, among other things. Here <https://kinvolk.io/blog/2021/04/extending-systemd-security-features-with-ebpf/> are some examples of it in use with systemd to provide various security features.