man/systemd.exec: update documentation for PrivateBPF= (#38142)

Follow-up for #36134 Add a short description about what PrivateBPF=yes does and how it can be useful.
2026-04-14 00:14:32 +09:00 · 2025-07-10 13:13:54 +09:00
parent 733454ae8f 7baf403430
commit 6e619d6c8d
2 changed files with 7 additions and 3 deletions
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -2559,8 +2559,12 @@ RestrictNamespaces=~cgroup net</programlisting>
        <term><varname>PrivateBPF=</varname></term>

        <listitem><para>Takes a boolean argument. If set, mount a private instance of the BPF filesystem
-        on <filename>/sys/fs/bpf/</filename>. Otherwise, if <varname>ProtectKernelTunables=</varname> is set,
-        the instance from the host is inherited but mounted read-only. Defaults to false.</para>
+        on <filename>/sys/fs/bpf/</filename>, effectively hiding the host bpffs which contains informations
+        about loaded programs and maps. Otherwise, if <varname>ProtectKernelTunables=</varname> is set, the
+        instance from the host is inherited but mounted read-only.</para>
+
+        <para>This can be used together with the BPF delegate feature to choose what BPF functions are
+        available to the unit's processes. Defaults to false.</para>

        <xi:include href="version-info.xml" xpointer="v258"/></listitem>
      </varlistentry>
--- a/src/basic/generate-bpf-delegate-configs.py
+++ b/src/basic/generate-bpf-delegate-configs.py
@@ -56,7 +56,7 @@ with open(header) as file:
                    if output == 'code':
                        print(f'\t"{enumValue}",')
                    else:
-                        print(f'<literal>{enumValue}</literal>')
+                        print(f'<constant>{enumValue}</constant>')
                if output == 'code':
                    print('};')
                else: