[$] Delegating privilege with BPF tokens

The quest to enable limited use of BPF features in unprivileged processescontinues. In the previous episode, anattempt to use authoritative Linux security module (LSM) hooks for thispurpose was strongly rejected by the LSM developers. BPF developer AndriiNakryiko has now returned with a new mechanism based on aprivilege-conveying token. That approach, too, has run into someresistance, but a solution for the strongest concerns might be in sight.