From: Matteo Croce <teknoraver@meta.com>
Date: Wed, 9 Jul 2025 22:12:36 +0000 (+0200)
Subject: man/systemd.exec: update documentation for PrivateBPF=
X-Git-Tag: v258-rc1~129^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F38142%2Fhead;p=thirdparty%2Fsystemd.git

man/systemd.exec: update documentation for PrivateBPF=

Add a short description about what PrivateBPF=yes does
and how it can be useful.
---

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index f6a9e0cdab0..a78187e0ebe 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -2559,8 +2559,12 @@ RestrictNamespaces=~cgroup net</programlisting>
         <term><varname>PrivateBPF=</varname></term>
 
         <listitem><para>Takes a boolean argument. If set, mount a private instance of the BPF filesystem
-        on <filename>/sys/fs/bpf/</filename>. Otherwise, if <varname>ProtectKernelTunables=</varname> is set,
-        the instance from the host is inherited but mounted read-only. Defaults to false.</para>
+        on <filename>/sys/fs/bpf/</filename>, effectively hiding the host bpffs which contains informations
+        about loaded programs and maps. Otherwise, if <varname>ProtectKernelTunables=</varname> is set, the
+        instance from the host is inherited but mounted read-only.</para>
+
+        <para>This can be used together with the BPF delegate feature to choose what BPF functions are
+        available to the unit's processes. Defaults to false.</para>
 
         <xi:include href="version-info.xml" xpointer="v258"/></listitem>
       </varlistentry>