Dropify Drop <d.dropify@xxxxxxxxx> writes: > Hi, > I am playing around with eBPF + TC and wrote some eBPF code to > intercept egress and ingress traffic (clsact qdisc) . > All works great but while the eBPF program is still attached I can via > command line remove the associated clsact qdisc (tc qdisc del dev > <interface> clsact) and the eBPF program no longer receives the > traffic. It is kind of expected but any root user can silently disable > it. Well, any root user can also down the interface or do, well, anything, really, that's kinda the point of having root... So, erm, don't give root access to people you don't trust not to mess up your system? :) -Toke
