From f7d706ba9b573e9695b1a3494536e2297be98515 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Fri, 17 Apr 2020 11:55:13 +0200
Subject: [PATCH] bpf.2: srcfix: Add a note on check for unprivileged
 BPF_PROG_TYPE_SOCKET_FILTER programs

In Linux 4.4, the allowed BPF helper functions that could
be called was governed by a check in sk_filter_func_proto().
Nowadays (Linux 5.6), it is I think governed by the check in
sk_filter_func_proto().

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man2/bpf.2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/man2/bpf.2 b/man2/bpf.2
index 3af399be1..9dace35f5 100644
--- a/man2/bpf.2
+++ b/man2/bpf.2
@@ -1132,6 +1132,8 @@ an unprivileged user may create limited programs of type
 and associated maps.
 However they may not store kernel pointers within
 the maps and are presently limited to the following helper functions:
+.\" [Linux 5.6] mtk: The list of available functions is, I think, governed
+.\" by the check in net/core/filter.c::bpf_base_func_proto().
 .IP * 3
 get_random
 .PD 0