Linus Torvalds writes: (Summary) If Kees doesn't trust the files to be loaded, an
executable - even if it's running with root privileges and in the
initns - is still fundamentally weaker than a kernel module.
The executable loading does all the same security checks that the
module loading does, including the signing check.
module loading does, including the signing check.
And the whole point is that we can now do things with building and loading a ebpf rule instead of having a full module. loading a ebpf rule instead of having a full module.
module loading does, including the signing check.
And the whole point is that we can now do things with building and loading a ebpf rule instead of having a full module. loading a ebpf rule instead of having a full module.