The API doesn't provide root access, it's typically a simple "is this game running in a secure environment" read API.

I really hate "it's a rootkit!" posts like this because it diminishes the severity of actual rootkits.

Can you please clarify how an API which runs in the kernel does not have root access? Because I don't believe that's possible, but perhaps I'm wrong.

The API itself has root access, but does not give user space root access, is what I think the commenter is trying to say.

That's the promise of eBPF.

I'm already counting down the days for eBPF to blow up in our face. But admittedly, it's the cheapest way of gaining more capabilities and privileges than you need, thus it's here to stay.

How do you think it is able to tell if the game is "running in a secure environment" without having root access itself?