BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.all-systems-go.io//all-systems-go-2025//8LMEHZ
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-all-systems-go-2025-TEH3QN@cfp.all-systems-go.io
DTSTART;TZID=CET:20250930T104500
DTEND;TZID=CET:20250930T111000
DESCRIPTION:Running **BPF** programs today requires *CAP_BPF* capability\, 
 which is an all or nothing BPF capability\, and it's ignored in containers
  anyway.\nBut BPF nowadays spans a large area\, from simple monitoring to 
 potentially invasive fields like network or tracing.\n\nBPF Tokens aims to
  add fine grained BPF capabilities to systemd units and containers\, avoid
 ing to give the whole *CAP_BPF* capability or even worse running the servi
 ce as privileged user.\n\nReferences:\nhttps://lwn.net/Articles/947173/\nh
 ttps://github.com/systemd/systemd/pull/36134
DTSTAMP:20260315T022856Z
LOCATION:Loft
SUMMARY:BPF Tokens in systemd - Matteo Croce
URL:https://cfp.all-systems-go.io/all-systems-go-2025/talk/TEH3QN/
END:VEVENT
END:VCALENDAR