Securing Code Execution with eBPF
In Chapter 3, Navigating the Linux Kernel, we learned that the Linux kernel has many responsibilities, including managing the execution of different applications and providing an interface for the underlying hardware to these applications. We also learned that if we wish to change the behavior of the Linux kernel, we either need to modify a portion of the kernel itself or a kernel module that gets loaded by the Linux kernel. As we saw in that chapter, this process can be arduous. We need to recompile either the entire kernel or the individual kernel module, install the kernel or module onto our system, and reboot the system. If we are modifying the Linux kernel or module to resolve a bug or implement a feature, we may need to go through this process numerous times to ensure our modification. This process can also be destructive. If we make an incorrect change to the Linux kernel, our system may be unable to boot. However, eBPF, which is what we will...