A eBPF LSM solution to mandatory access control (MAC) and discretionary access control (DAC) security policies gives power to developers to code and load policies without the need to become familiar with current policy tooling and processes. Tools such as AppArmor and SELinux provide a great deal of flexibility at the cost of a learning curve. This topic will focus on finding and leveraging BPF LSM security hooks to implement MAC or DAC policies into the Linux kernel to suit your needs, and demonstrate how privilege escalation via user namespaces can be mitigated.