man/systemd.exec: update documentation for PrivateBPF=

author Matteo Croce <teknoraver@meta.com>

Wed, 9 Jul 2025 22:12:36 +0000 (00:12 +0200)

committer Matteo Croce <teknoraver@meta.com>

Wed, 9 Jul 2025 23:57:14 +0000 (01:57 +0200)
author Matteo Croce <teknoraver@meta.com>
Wed, 9 Jul 2025 22:12:36 +0000 (00:12 +0200)
committer Matteo Croce <teknoraver@meta.com>
Wed, 9 Jul 2025 23:57:14 +0000 (01:57 +0200)
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml

index f6a9e0cdab0336dc200656dc8298d0da26f4dbc3..a78187e0ebe43d55eb8aca63430e06bac9dd42de 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -2559,8 +2559,12 @@ RestrictNamespaces=~cgroup net</programlisting>
          <term><varname>PrivateBPF=</varname></term>
  
          <listitem><para>Takes a boolean argument. If set, mount a private instance of the BPF filesystem
-        on <filename>/sys/fs/bpf/</filename>. Otherwise, if <varname>ProtectKernelTunables=</varname> is set,
-        the instance from the host is inherited but mounted read-only. Defaults to false.</para>
+        on <filename>/sys/fs/bpf/</filename>, effectively hiding the host bpffs which contains informations
+        about loaded programs and maps. Otherwise, if <varname>ProtectKernelTunables=</varname> is set, the
+        instance from the host is inherited but mounted read-only.</para>
+
+        <para>This can be used together with the BPF delegate feature to choose what BPF functions are
+        available to the unit's processes. Defaults to false.</para>
  
          <xi:include href="version-info.xml" xpointer="v258"/></listitem>
        </varlistentry>
author	Matteo Croce <teknoraver@meta.com>
	Wed, 9 Jul 2025 22:12:36 +0000 (00:12 +0200)
committer	Matteo Croce <teknoraver@meta.com>
	Wed, 9 Jul 2025 23:57:14 +0000 (01:57 +0200)