rafaelroquetto
commented
3 days ago Because the bpf programs tc_ingress and tc_egress are part of ktracer, they are being unconditionally loaded. When fixing this issue, we need to make sure they are not loaded when cfg.EBPF.UseLinuxTC is set to false, as the loading of these programs is what requires CAP_NET_ADMIN.
In the error message that Beyla shows when some capabilities are missing, it is not currently showing that CAP_NET_ADMIN is required, as tc_ingress and tc_egress ebpf programs require that extra capability.