diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 31a220e38..51a804043 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -111,3 +111,6 @@ kernel.perf_event_paranoid = 3
 
 # Only processes with CAP_SYS_PTRACE may use ptrace
 kernel.yama.ptrace_scope = 2
+
+# Disable unprivileged calls to bpf() without option to enable during runtime
+kernel.unprivileged_bpf_disabled = 1