Disable unprivileged BPF
Originally created by @cypherpunks on #11827 (Redmine)
Since upgrading to kernel 4.6, unprivileged users can use the bpf() syscall, which is a security concern, even with JIT disabled. Tails should set the kernel.unprivileged_bpf_disabled sysctl to 1. No programs on Tails use it, so this won’t cause any regressions, and will increase security quite a bit.
Feature Branch: feature/11827-disable-unprivileged-bpf