Y
Hacker News
new
|
ask
|
show
|
jobs
by
saagarjha
1098 days ago
Ok but you can like put a tracepoint on read/write and peek at what’s going through those, no?
2 comments
madog
1097 days ago
Nope. Tracepoint eBPF programs require root to load always. For eBPF you select a program type, and that limits what you can do (aka what helper functions are available to you) and what privileges are required.
link
tptacek
1098 days ago
I have no idea, because every system I've ever worked on has disabled unprivileged eBPF.
link