|
|
|
|
|
|
by uticus
703 days ago
|
|
|
> eBPF programs cannot crash the entire system because they are safety-checked by a software verifier and are effectively run in a sandbox. Isn’t one of the purposes of an OS to police software? I get that this has to do with the OS itself, but what does watching the watchers accomplish other than adding a layer which must then be watched? Why not reduce complexity instead of naively trusting that the new complexity will be better long term? |
|
|
Old way: Load kernel driver, hook into bazillions of system calls (doing whatever it is you want to do), pray you don't screw anything up (otherwise you can get a panic though not necessarily--Linux is quite robust).
eBPF way: Just ask eBPF to tell you what you want by giving it some eBPF-specific instructions.
There's a rundown on how it works here: https://ebpf.io/what-is-ebpf/