{"guid":"a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711","title":"BPF Tokens in systemd","subtitle":null,"slug":"all-systems-go-2025-363-bpf-tokens-in-systemd","link":"https://cfp.all-systems-go.io/all-systems-go-2025/talk/TEH3QN/","description":"Running **BPF** programs today requires *CAP_BPF* capability, which is an all or nothing BPF capability.\nBut BPF nowadays spans a large area, from simple monitoring to potentially invasive fields like network or tracing.\n\nBPF Tokens aims to add fine grained BPF capabilities to systemd units and containers, avoiding to give the whole *CAP_BPF* capability or even worse running the service as privileged user.\n\nReferences:\nhttps://lwn.net/Articles/947173/\nhttps://github.com/systemd/systemd/pull/36134\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Matteo Croce"],"tags":["363","2025","asg2025","Loft","asg2025-eng","asg2025","Day 1"],"view_count":208,"promoted":false,"date":"2025-09-30T10:45:00.000+02:00","release_date":"2025-09-30T00:00:00.000+02:00","updated_at":"2026-04-07T18:30:07.095+02:00","length":1430,"duration":1430,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2025/363-a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2025/363-a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2025/363-a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2025/363-a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2025-363-bpf-tokens-in-systemd","url":"https://api.media.ccc.de/public/events/a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711","conference_title":"All Systems Go! 2025","conference_url":"https://api.media.ccc.de/public/conferences/asg2025","related":[],"recordings":[{"size":141,"length":1430,"mime_type":"video/webm;codecs=av01","language":"eng","filename":"asg2025-363-eng-BPF_Tokens_in_systemd_av1-hd.webm","state":"new","folder":"av1-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-09-30T14:37:36.333+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2025/av1-hd/asg2025-363-eng-BPF_Tokens_in_systemd_av1-hd.webm","url":"https://api.media.ccc.de/public/recordings/91720","event_url":"https://api.media.ccc.de/public/events/a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711","conference_url":"https://api.media.ccc.de/public/conferences/asg2025"},{"size":17,"length":1430,"mime_type":"audio/opus","language":"eng","filename":"asg2025-363-eng-BPF_Tokens_in_systemd_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2025-09-30T14:34:55.178+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2025/opus/asg2025-363-eng-BPF_Tokens_in_systemd_opus.opus","url":"https://api.media.ccc.de/public/recordings/91719","event_url":"https://api.media.ccc.de/public/events/a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711","conference_url":"https://api.media.ccc.de/public/conferences/asg2025"},{"size":21,"length":1430,"mime_type":"audio/mpeg","language":"eng","filename":"asg2025-363-eng-BPF_Tokens_in_systemd_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2025-09-30T14:34:46.154+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2025/mp3/asg2025-363-eng-BPF_Tokens_in_systemd_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/91718","event_url":"https://api.media.ccc.de/public/events/a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711","conference_url":"https://api.media.ccc.de/public/conferences/asg2025"},{"size":62,"length":1430,"mime_type":"video/webm","language":"eng","filename":"asg2025-363-eng-BPF_Tokens_in_systemd_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-09-30T14:53:30.724+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2025/webm-sd/asg2025-363-eng-BPF_Tokens_in_systemd_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/91734","event_url":"https://api.media.ccc.de/public/events/a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711","conference_url":"https://api.media.ccc.de/public/conferences/asg2025"},{"size":174,"length":1430,"mime_type":"video/webm","language":"eng","filename":"asg2025-363-eng-BPF_Tokens_in_systemd_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-09-30T14:52:34.273+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2025/webm-hd/asg2025-363-eng-BPF_Tokens_in_systemd_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/91731","event_url":"https://api.media.ccc.de/public/events/a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711","conference_url":"https://api.media.ccc.de/public/conferences/asg2025"},{"size":47,"length":1430,"mime_type":"video/mp4","language":"eng","filename":"asg2025-363-eng-BPF_Tokens_in_systemd_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-09-30T14:34:40.412+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2025/h264-sd/asg2025-363-eng-BPF_Tokens_in_systemd_sd.mp4","url":"https://api.media.ccc.de/public/recordings/91717","event_url":"https://api.media.ccc.de/public/events/a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711","conference_url":"https://api.media.ccc.de/public/conferences/asg2025"},{"size":143,"length":1430,"mime_type":"video/mp4","language":"eng","filename":"asg2025-363-eng-BPF_Tokens_in_systemd_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-09-30T14:30:59.823+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2025/h264-hd/asg2025-363-eng-BPF_Tokens_in_systemd_hd.mp4","url":"https://api.media.ccc.de/public/recordings/91715","event_url":"https://api.media.ccc.de/public/events/a4ce5c99-0ecb-5d76-9d1c-5d0694e3a711","conference_url":"https://api.media.ccc.de/public/conferences/asg2025"}]}