From 7baf4034304e2e658473a48a0ccbe0656da7f2f6 Mon Sep 17 00:00:00 2001
From: Matteo Croce <teknoraver@meta.com>
Date: Thu, 10 Jul 2025 00:12:36 +0200
Subject: [PATCH] man/systemd.exec: update documentation for PrivateBPF=

Add a short description about what PrivateBPF=yes does
and how it can be useful.
---
 man/systemd.exec.xml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index f6a9e0cdab0..a78187e0ebe 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -2559,8 +2559,12 @@ RestrictNamespaces=~cgroup net</programlisting>
         <term><varname>PrivateBPF=</varname></term>
 
         <listitem><para>Takes a boolean argument. If set, mount a private instance of the BPF filesystem
-        on <filename>/sys/fs/bpf/</filename>. Otherwise, if <varname>ProtectKernelTunables=</varname> is set,
-        the instance from the host is inherited but mounted read-only. Defaults to false.</para>
+        on <filename>/sys/fs/bpf/</filename>, effectively hiding the host bpffs which contains informations
+        about loaded programs and maps. Otherwise, if <varname>ProtectKernelTunables=</varname> is set, the
+        instance from the host is inherited but mounted read-only.</para>
+
+        <para>This can be used together with the BPF delegate feature to choose what BPF functions are
+        available to the unit's processes. Defaults to false.</para>
 
         <xi:include href="version-info.xml" xpointer="v258"/></listitem>
       </varlistentry>
-- 
2.47.3