diff --git a/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf b/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf
index db498738e..9e7f17dfa 100644
--- a/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf
+++ b/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf
@@ -26,3 +26,6 @@ kernel.dmesg_restrict = 1
 kernel.perf_event_paranoid = 3
 fs.protected_hardlinks = 1
 fs.protected_symlinks = 1
+# Prevent ebpf privilege escalation
+# see: https://lwn.net/Articles/742170
+kernel.unprivileged_bpf_disabled=1