BPF Tokens are a new Linux kernel mechanism for delegating restricted eBPF privileges to unprivileged processes. This talk explains how distributions can adopt them to provide safer access to tracing, observability, and networking tools—without granting root or CAP_SYS_ADMIN.

We’ll show how token-based delegation could reshape developer workflows, container runtimes, and system services in Fedora or other distros.

The session includes a walkthrough of real token policies and discusses how distributions can help build a secure, less-privileged eBPF ecosystem.