From 6b099b8369ac6b5eea7cefeeaf123123bfe3ef4b Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Thu, 10 Jul 2025 01:25:48 +0200 Subject: [PATCH 1/2] man/systemd.exec: use constant instead of literal Use instead of otherwise every configuration item is wrapped in double quotes. --- src/basic/generate-bpf-delegate-configs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/generate-bpf-delegate-configs.py b/src/basic/generate-bpf-delegate-configs.py index a358a69e76..200c913b8a 100755 --- a/src/basic/generate-bpf-delegate-configs.py +++ b/src/basic/generate-bpf-delegate-configs.py @@ -56,7 +56,7 @@ with open(header) as file: if output == 'code': print(f'\t"{enumValue}",') else: - print(f'{enumValue}') + print(f'{enumValue}') if output == 'code': print('};') else: From 7baf4034304e2e658473a48a0ccbe0656da7f2f6 Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Thu, 10 Jul 2025 00:12:36 +0200 Subject: [PATCH 2/2] man/systemd.exec: update documentation for PrivateBPF= Add a short description about what PrivateBPF=yes does and how it can be useful. --- man/systemd.exec.xml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index f6a9e0cdab..a78187e0eb 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -2559,8 +2559,12 @@ RestrictNamespaces=~cgroup net PrivateBPF= Takes a boolean argument. If set, mount a private instance of the BPF filesystem - on /sys/fs/bpf/. Otherwise, if ProtectKernelTunables= is set, - the instance from the host is inherited but mounted read-only. Defaults to false. + on /sys/fs/bpf/, effectively hiding the host bpffs which contains informations + about loaded programs and maps. Otherwise, if ProtectKernelTunables= is set, the + instance from the host is inherited but mounted read-only. + + This can be used together with the BPF delegate feature to choose what BPF functions are + available to the unit's processes. Defaults to false.