Cool introduction to ebpfguard and writing Linux security policies in Rust. It's using #eBPF#LSM and https://aya-rs.dev. but without necessity to use them directly - ebpfguard is an abstraction layer built on top of them.
Introducing bpftune, an automatic configurator that monitors your workloads and sets the correct [#Linux] #kernel parameter values! […] using #BPF […] pluggable infrastructure that is open to contributions. […]#eBPF#LinuxKernel
The recording of my talk at #lsfmmbpf is now online: https://youtu.be/9p4qviq60z8 I talk about a proof of concept which explores how we could make #ebpf safer without having to rely on signing BPF itself. Uses kfuncs, BPF LSM, #fsverity and IMA under the hood.
"'"[…] #eBPF programs are compiled down to eBPF bytecode and attached to hooks in the kernel via a syscall. This is tedious; so many libraries for eBPF allow you to write applications using and interacting with eBPF in C++, Rust, Go, Python, and even Lua.
But there are none for #Java, which is a pity. So… I decided to write bindings using the new Foreign Function API (Project Panama, preview in 21) and #bcc […]"'"
Exciting times, we're looking for a software engineer to join Polar Signals and work on all things #eBPF & profiling. Come and join an amazing team! 🧊 #jobs
At #LinuxPlumbers, Yusheng Zheng presents bpftime, by far the userspace #eBPF runtime with the largest kernel compatibility! This should help avoid the huge overhead of kernel uprobes.
In his talk, Masami Hiramatsu provides a nice overview of the various tracing #eBPF probes, what tracing mechanism they use, and what context they have.
He proposes to use ftrace_regs across the board, to reduce overhead. #LinuxPlumbers
Here's a concrete example of why I think #eBPF is the wave of the future.
This little script, written in the training wheels bpftrace language, monitors for shell executions on the system. It reports shell invocations and full command lines, and also alerts when service users (uid < 1000) invoke a shell. It also can be invoked in KILL MODE, which will murdalize those unauthorized shells.
This effectively stops most webshells in their tracks. It's not perfect, but as a demo of what's possible, I think pretty neat!
Cisco hat #eBPF im Jahre 2024 für sich entdeckt, mit #KI Glitzer-Hypes garniert und viel Blahfasel drum herum gewirsingt... alles komplettes Tralala Hypershield HyperHyper CyberCyber 🙄🤦♀️
Suggest some beginner-friendly resources for learning about Linux kernel features like LSM (SElinux, Yama Landlock, Lockdown), Netfilter, eBPF, Cgroups, Namespaces, and KVM :D
"'"In this blog, we'll demonstrate how #eBPF can be practically used for function #tracing. […]
We'll begin by covering the basics of eBPF and #uprobes. Following that, we'll apply these concepts in a real-world example. […]
Our example involves a user-space program calling a function with randomized parameters. Our eBPF program will track how many times each parameter is called. […]"'"
The "#eBPF for #Linux Admins" series from Ansil Hameed grew and right now contains seven parts.
It among others covers how to write a "eBPF program to block all packets via XDP"[1] and how to "block a TCP port of an interface instead of all packet"[2].
This article series based on his "journey to demystify eBPF" also covers some eBPF basics and things related to it: https://ansilh.com/tags/ebpf/
Daniel Borkmann presents the new netkit Linux devices, a pair of virtual devices programmed by #eBPF.
This will replace veth devices in Cilium and bring container performance on par with the host. #LinuxPlumbers
This one was about #GamingOnLinux! Our colleague @multics69 has been on a quest to remove stuttering from games, by going all the way down to the kernel process scheduler. He's been working on a new gaming-oriented scheduler that has potential to also improve other kinds of interactive workloads. And it's implemented in #eBPF 🤯
Prompted by the recent thread/inquiry by @Patricia with @HalvarFlake’s reply I went to see if somebody was now working on applying formal methods to the eBPF verifier. Turns out there are some folks at the University of Texas at Austin that released a paper titled “Formal Verification of the Linux Kernel eBPF Verifier Range Analysis”