# Only apply eBPF JIT hardening to programs loaded by unprivileged users. JIT
# hardening prevents existing programs from being read. libnvidia-container-go
# needs a read/modify/write cycle of device eBPF programs attached to a cgroup
# to allowlist GPUs on a cgroup v2 host.
net.core.bpf_jit_harden = 1