On Tue, Aug 27, 2019 at 07:00:40PM -0700, Andy Lutomirski wrote: > > Let me put this a bit differently. Part of the point is that > CAP_TRACING should allow a user or program to trace without being able > to corrupt the system. CAP_BPF as you’ve proposed it *can* likely > crash the system.
Really? I'm still waiting for your example where bpf+kprobe crashes the system...
