Small addentum: Of course I failed to realize this bpfilter helper is also mentioned in the kernel log:
kern.info: [ 8.997711] bpfilter: Loaded bpfilter_umh pid 920 It also seems to be absolutely required when CONFIG_BPFILTER is enabled, that is I tried blacklisting the module bpfilter, but then other things (e.g. iptables-restore) just fail to work. So the process is required, never ends and prevents umouting the rootfs on shutdown. Unless I'm missing something, there's definitely a bug there? Thanks,
