Managing sysctl knobs with BPF

"Sysctl" is the kernel's mechanism for exposing tunable parameters to user space. Every sysctl knob is presented as a virtual file in a hierarchy under /proc/sys; current values can be queried by reading those files, and a suitably privileged user can change a value by writing to its associated file. What happens, though, when a system administrator would like to limit access to sysctl, even for privileged users? Currently there is no solution to this problem other than blocking access to /proc entirely. That may change, though, if this patch set from Andrey Ignatov makes its way into the mainline.

Full Story (comments: 34)