[$] Managing sysctl knobs with BPF

'Sysctl' is the kernel's mechanism for exposing tunable parameters to user
space. Every sysctl knob is presented as a virtual file in a hierarchy
under /proc/sys; current values can be queried by reading those
files, and a suitably privileged user can change a value by writing to its
associated file. What happens, though, when a system administrator would
like to limit access to sysctl, even for privileged users? Currently there
is no solution to this problem other than blocking access to /proc
entirely. That may change, though, if this patch
set from Andrey Ignatov makes its way into the mainline.