From e39e42409d30c9e9e407c723ad3d3a4c48b55132 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Fri, 12 Jun 2020 11:50:57 +0200
Subject: [PATCH] capabilities.7: Add CAP_PERFMON

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/capabilities.7 | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/man7/capabilities.7 b/man7/capabilities.7
index 6254c0ac0..fb9960ec8 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -265,6 +265,23 @@ bind to any address for transparent proxying.
 .PD
 .\" Also various IP options and setsockopt(SO_BINDTODEVICE)
 .TP
+.BR CAP_PERFMON " (since Linux 5.8)"
+Employ various performance-monitoring mechanisms, including:
+.PD 0
+.RS
+.IP *2
+call
+.BR perf_event_open (2);
+.IP *
+employ various BPF operations that have performance implications.
+.RE
+.PD
+.IP
+This capability was added in Linux 5.8 to separate out
+performance monitoring functionality from the overloaded
+.BR CAP_SYS_ADMIN
+capability.
+.TP
 .B CAP_SETGID
 .RS
 .PD 0
@@ -399,8 +416,8 @@ and
 (but, since Linux 3.8,
 creating user namespaces does not require any capability);
 .IP *
-call
-.BR perf_event_open (2);
+employ various performance monitoring mechanisms (as for
+.BR CAP_PERFMON );
 .IP *
 access privileged
 .I perf