eBPF lets you run small verified programs inside the kernel at defined hooks, extending it safely without patching source or loading modules. It is not a userspace/kernel-bypass library, not the traditional kernel-module mechanism it was designed to avoid, and not a container runtime interface.
Official docs