Small remark. If you expose /sys/fs/bpf from the host is can be a security issue. For example if we have a bpf iterator program loaded on the host and then pinned to a file in /sys/fs/bpf then this file will be accessible from inside the container and container can read data that should not supposed to be accessible by anyone except the host root user.
Small remark. If you expose /sys/fs/bpf from the host is can be a security issue. For example if we have a bpf iterator program loaded on the host and then pinned to a file in /sys/fs/bpf then this file will be accessible from inside the container and container can read data that should not supposed to be accessible by anyone except the host root user.