An Kernel of an operating system is an [[Respect Levels of Abstraction|abstraction layer]] between the hardware (including virtual hardware) and the software user space. It is responsible for controlling which software gets access to the hardware and when. It also provides an API that applications can use to request resources. [^ebpf] ## Functions of a kernel ## Modifying a kernel There are a few ways to modify a kernel. ### Change the kernel source code Technically, the difficulty is not in changing the source code; it's in convincing the community to accept and adopt your change. It could take years before this new version is commonly used, even with a high adoption rate. [^ebpf] ### Create a kernel module The disadvantage of creating a kernel module is that it needs to be regularly updated as kernel versions are released. Kernel modules also have full access to the kernel, so it's easier to corrupt the kernel with your code. ### Create an [[eBPF]] program Creating an eBPF program is the easiest way to modify a kernel, because no approvals are necessary to create your own. You don't need to convince the rest of the community that your changes should be reflected in the core kernel code; users of your program are free to adopt it, or not, as they see fit. This approach is also more secure, because the kernel itself is never changed. [^ebpf]: _What is eBPF? An Introduction and Deep Dive into the eBPF Technology_. Retrieved from https://ebpf.io/what-is-ebpf/ . [[What Is eBPF|My highlights.]]