Remove CAP_NET_ADMIN requirement and eliminate need for CAP_SYS_ADMIN on
modern kernels by using non-promiscuous mode for packet capture. This
significantly reduces security surface by following principle of least privilege.
Make eBPF the default build configuration on Linux for better
performance and lower overhead process identification.
Changes:
- Set default features to include ebpf in Cargo.toml
- Remove explicit --features linux-default from build configs
- Update all documentation to reflect eBPF is now default
- Add instructions for building without eBPF (--no-default-features)
eBPF automatically falls back to procfs if it fails to load.
Closes#32
Marco Cadetg