tools: bpftool: Allow unprivileged users to probe features

[linux-2.6-block.git] / tools / bpf / bpftool / Documentation / bpftool-feature.rst

diff --git a/tools/bpf/bpftool/Documentation/bpftool-feature.rst b/tools/bpf/bpftool/Documentation/bpftool-feature.rst
index b04156cfd7a35d03e90889a8e851087f258564dd..ca085944e4cf1fa462583c97ef7ea136fecee58a 100644 (file)
--- a/tools/bpf/bpftool/Documentation/bpftool-feature.rst
+++ b/tools/bpf/bpftool/Documentation/bpftool-feature.rst
@@ -19,7 +19,7 @@ SYNOPSIS
 FEATURE COMMANDS
 ================
 
-|      **bpftool** **feature probe** [*COMPONENT*] [**full**] [**macros** [**prefix** *PREFIX*]]
+|      **bpftool** **feature probe** [*COMPONENT*] [**full**] [**unprivileged**] [**macros** [**prefix** *PREFIX*]]
 |      **bpftool** **feature help**
 |
 |      *COMPONENT* := { **kernel** | **dev** *NAME* }
@@ -49,6 +49,14 @@ DESCRIPTION
                  Keyword **kernel** can be omitted. If no probe target is
                  specified, probing the kernel is the default behaviour.
 
+                 When the **unprivileged** keyword is used, bpftool will dump
+                 only the features available to a user who does not have the
+                 **CAP_SYS_ADMIN** capability set. The features available in
+                 that case usually represent a small subset of the parameters
+                 supported by the system. Unprivileged users MUST use the
+                 **unprivileged** keyword: This is to avoid misdetection if
+                 bpftool is inadvertently run as non-root, for example.
+
        **bpftool feature probe dev** *NAME* [**full**] [**macros** [**prefix** *PREFIX*]]
                  Probe network device for supported eBPF features and dump
                  results to the console.