A new command-line tool called psc offers a modern alternative to classic Linux utilities like `ps` and `lsof`. Built on eBPF iterators, it reads process and network data directly from the kernel, bypassing the `/proc` filesystem. This approach provides visibility that can't be subverted by userland rootkits or `LD_PRELOAD` attacks, offering a more secure view of system state.

Instead of piping commands through `grep` and `awk`, psc uses Google's CEL (Common Expression Language) for filtering. Users can write simple queries to find processes by name, user, or container runtime. It also integrates full container context, allowing you to inspect Docker or Podman containers directly from the host, a common pain point for developers and sysadmins managing containerized workloads.

The tool requires Linux kernel 5.8 or later, along with Go and standard build tools. It highlights the growing trend of using eBPF for advanced system introspection and security monitoring. For teams managing complex, container-heavy environments, psc could simplify debugging and auditing by providing a unified, queryable view of all running processes, their network connections, and their container origins.