blumeops

History

Erich Blume 3a2913ba1f Allow BPF in privileged containers on ringtail NixOS defaults kernel.unprivileged_bpf_disabled=2, which blocks BPF syscalls outside the init namespace even with CAP_BPF. Set to 1 so privileged containers (Beyla/Alloy tracing) can create BPF maps. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-18 08:32:30 -07:00
..
ringtail	Allow BPF in privileged containers on ringtail	2026-04-18 08:32:30 -07:00

Erich Blume 3a2913ba1f Allow BPF in privileged containers on ringtail

NixOS defaults kernel.unprivileged_bpf_disabled=2, which blocks BPF
syscalls outside the init namespace even with CAP_BPF. Set to 1 so
privileged containers (Beyla/Alloy tracing) can create BPF maps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-18 08:32:30 -07:00

ringtail

Allow BPF in privileged containers on ringtail

2026-04-18 08:32:30 -07:00