1Allows a process to manipulate aspects of the kernel 2enhanced Berkeley Packet Filter (BPF) system. This is 3an execution subsystem of the kernel, that manages BPF 4programs. CAP_BPF permits a process to: 5 - create all types of BPF maps 6 - advanced verifier features: 7 - indirect variable access 8 - bounded loops 9 - BPF to BPF function calls 10 - scalar precision tracking 11 - larger complexity limits 12 - dead code elimination 13 - potentially other features 14 15Other capabilities can be used together with CAP_BFP to 16further manipulate the BPF system: 17 - CAP_PERFMON relaxes the verifier checks as follows: 18 - BPF programs can use pointer-to-integer 19 conversions 20 - speculation attack hardening measures can be 21 bypassed 22 - bpf_probe_read to read arbitrary kernel memory is 23 permitted 24 - bpf_trace_printk to print the content of kernel 25 memory 26 - CAP_SYS_ADMIN permits the following: 27 - use of bpf_probe_write_user 28 - iteration over the system-wide loaded programs, 29 maps, links BTFs and convert their IDs to file 30 descriptors. 31 - CAP_PERFMON is required to load tracing programs. 32 - CAP_NET_ADMIN is required to load networking 33 programs. 34