The kernel module technology works great, but there are some environments where we don't are allowed to load kernel modules, so we need to offer an alternative way to capture system calls.
The default strategy is the kernel loading module, but we are allowed to use --ebpf to use eBPF.
The kernel module technology works great, but there are some environments where we don't are allowed to load kernel modules, so we need to offer an alternative way to capture system calls.
The default strategy is the kernel loading module, but we are allowed to use --ebpf to use eBPF.