Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

What is eBPF ?

eBPF (extended Berkeley Packet Filter) [Sharaf et al. 2022] is a technology that allows the execution of custom programs in the Linux kernel without changing the kernel source code or loading kernel modules. In RootAsRole, we use eBPF to implement the capable command. This command allows you to check if a process requests any capability.