[$] Managing sysctl knobs with BPF

"Sysctl" is the kernel's mechanism for exposing tunable parameters to userspace. Every sysctl knob is presented as a virtual file in a hierarchyunder /proc/sys; current values can be queried by reading thosefiles, and a suitably privileged user can change a value by writing to itsassociated file. What happens, though, when a system administrator wouldlike to limit access to sysctl, even for privileged users? Currently thereis no solution to this problem other than blocking access to /procentirely. That may change, though, if this patchset from Andrey Ignatov makes its way into the mainline.