Afterwards, in the Wonder breakout room, we soaked up more of his Linux know-how. I had asked about running ebpf w/o root access, bpf packet tracing is allowed, but not kernel inspection.
Btw, I learned M1 does not support x86 emulation to run containers, so engineerings are hanging onto Intel Macbooks or switching over to Thinkpads.
We also learned the Windows kernel has an ebpf introspection feature (should have guessed).
This brought up a discussion on Microkernel vs Monokernel and security evolution versus say a new kernel to replace Darwin after M2? Unlikely, unless via IOT device OS.
I asked about a smaller security change, rewriting the Linux kernel in Rust. Apparently this was a robustly thrashed out by Tanenbaum–Torvalds debate
Rust, for it memory safety, is now supported by certain kernel processes page
</ToDo> edit after reading more thoroughly, free free to fork and improve.