capabilities.7: Document CAP_BPF

author Michael Kerrisk <mtk.manpages@gmail.com>

Fri, 12 Jun 2020 10:15:02 +0000 (12:15 +0200)

committer Michael Kerrisk <mtk.manpages@gmail.com>

Fri, 12 Jun 2020 11:52:22 +0000 (13:52 +0200)
author Michael Kerrisk <mtk.manpages@gmail.com>
Fri, 12 Jun 2020 10:15:02 +0000 (12:15 +0200)
committer Michael Kerrisk <mtk.manpages@gmail.com>
Fri, 12 Jun 2020 11:52:22 +0000 (13:52 +0200)
diff --git a/man7/capabilities.7 b/man7/capabilities.7

index b0fdf275bbc42d048023274f37bae9b7f3db9d4c..8f212beadf75a7a861acf2a4a0c88fcb832ecc19 100644 (file)
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -90,6 +90,17 @@ Employ features that can block system suspend
  .BR EPOLLWAKEUP ,
  .IR /proc/sys/wake_lock ).
  .TP
+.BR CAP_BPF " (since Linux 5.8)"
+Employ privileged BPF operations; see
+.BR bpf (2)
+and
+.BR bpf-helpers (7).
+.IP
+This capability was added in Linux 5.8 to separate out
+BPF functionality from the overloaded
+.BR CAP_SYS_ADMIN
+capability.
+.TP
  .B CAP_CHOWN
  Make arbitrary changes to file UIDs and GIDs (see
  .BR chown (2)).
@@ -434,8 +445,9 @@ namespace);
  call
  .BR fanotify_init (2);
  .IP *
-call
-.BR bpf (2);
+perform varios BPF operations;
+see
+.BR CAP_BPF ;
  .IP *
  perform privileged
  .B KEYCTL_CHOWN
author	Michael Kerrisk <mtk.manpages@gmail.com>
	Fri, 12 Jun 2020 10:15:02 +0000 (12:15 +0200)
committer	Michael Kerrisk <mtk.manpages@gmail.com>
	Fri, 12 Jun 2020 11:52:22 +0000 (13:52 +0200)