Worst superhero ever

i get that bpfman is meant to help enable/disable eBPFs that you have available locally...

...and that it allows loading custom-built eBPFs so each user can make and use their own (only for their turf)...

...and that it seems to focus on making it possible for a user to interact with sandboxed stuff like kubernetes...

...but given how far ranging eBPFs applications can be, i wonder if eBPF installs and updates can be integrated into a distro's "apps store" and "updates manager" GUIs

i say this because i use linux mint, where flatpaks can be installed from Software Manager along and (auto)updated from Updates Manager along apt packages, kernels and iirc also firmware (lvfs)... so it's only natural to want the same to happen to this new thing...

...and i also wonder if some of them can get distributed via apt from a distro's repos without complications


on a slightly different focus i also wonder if eBPF can be easily signed by their devs then verified for integrity and chain-of-trust by a user... it seems like an easy-to-fetch-and-deply file that executes close-to-kernel functions and touts customized app loading as a welcome feature is inviting malware actors to flood the internet with convenience eBPFs that do more than they should along easy to follow instructions that cater to naive users and the classic bad windows habit of "installing .exe from website"

maybe something like flathub.org is gonna be needed to combat such bad habits, along practical verification tooling?


edit: in a third related note, I also don't know how it's gonna work if an eBPF is flawed... it can probably crash the OS, right? what happens on next boot? does a crash cause the system to boot without the offending eBPF? or without any eBPFs?bor will it try again and again? and if the later, will there be a safety boot mode where they don't get loaded? an interactive boot mode where you can choose some?

What are the advantages of running anything with this level of privilege? Performance?

Yes, especially for firewall and sandbox, and there are plans to use it for userspace scheduler.

IIRC some Linux devs are discussing moving one-line driver (mostly workarounds) to eBPF.

IMO eBPF is often distributed along with the app as read-only data, so if the app is managed by distro then eBPF would also be managed by distro.

Thus signing would just be signing the application.


AFAIK eBPF has a verifier, which checks the program before it is compiled and run (or interpreted).

It disallows loop, out-of-bound access, and only allow calling into lists of functions specified by the kernel.

There's a CVE discovered for eBPF verifier though:

From https://www.forbes.com/sites/forbest...h=49ba61e919b9

Well, it's not supposed to, but I've managed to hang my machine by doing something stupid in bpftrace modifying non-percpu maps from kfunc traces before, so...

It's a lot harder to crash the OS than it is by writing a kernel module, though.