doc: Update metadata

Signed-off-by: Alexander Mikhalitsyn <[email protected]>
canonical · Feb 18, 2025 · cc5f336 · cc5f336
1 parent f00b7e6
commit cc5f336
Show file tree

Hide file tree

Showing 2 changed files with 95 additions and 0 deletions.
diff --git a/doc/metadata.txt b/doc/metadata.txt
@@ -2148,6 +2148,51 @@ If left empty, no limit is set.
 When enabling this option, set {config:option}`instance-security:security.secureboot` to `false`.
 ```
 
+```{config:option} security.delegate_bpf instance-security
+:condition: "unprivileged container"
+:defaultdesc: "`false`"
+:liveupdate: "no"
+:shortdesc: "Whether to enable eBPF delegation using BPF Token mechanism"
+:type: "bool"
+
+```
+
+```{config:option} security.delegate_bpf.attachs instance-security
+:condition: "unprivileged container"
+:defaultdesc: "`false`"
+:liveupdate: "no"
+:shortdesc: "Which eBPF attach types to allow with delegation mechanism"
+:type: "bool"
+
+```
+
+```{config:option} security.delegate_bpf.cmds instance-security
+:condition: "unprivileged container"
+:defaultdesc: "`false`"
+:liveupdate: "no"
+:shortdesc: "Which eBPF commands to allow with delegation mechanism"
+:type: "bool"
+
+```
+
+```{config:option} security.delegate_bpf.maps instance-security
+:condition: "unprivileged container"
+:defaultdesc: "`false`"
+:liveupdate: "no"
+:shortdesc: "Which eBPF maps to allow with delegation mechanism"
+:type: "bool"
+
+```
+
+```{config:option} security.delegate_bpf.progs instance-security
+:condition: "unprivileged container"
+:defaultdesc: "`false`"
+:liveupdate: "no"
+:shortdesc: "Which eBPF program types to allow with delegation mechanism"
+:type: "bool"
+
+```
+
 ```{config:option} security.devlxd instance-security
 :defaultdesc: "`true`"
 :liveupdate: "no"

diff --git a/lxd/metadata/configuration.json b/lxd/metadata/configuration.json
@@ -2425,6 +2425,56 @@
 							"type": "bool"
 						}
 					},
+					{
+						"security.delegate_bpf": {
+							"condition": "unprivileged container",
+							"defaultdesc": "`false`",
+							"liveupdate": "no",
+							"longdesc": "",
+							"shortdesc": "Whether to enable eBPF delegation using BPF Token mechanism",
+							"type": "bool"
+						}
+					},
+					{
+						"security.delegate_bpf.attachs": {
+							"condition": "unprivileged container",
+							"defaultdesc": "`false`",
+							"liveupdate": "no",
+							"longdesc": "",
+							"shortdesc": "Which eBPF attach types to allow with delegation mechanism",
+							"type": "bool"
+						}
+					},
+					{
+						"security.delegate_bpf.cmds": {
+							"condition": "unprivileged container",
+							"defaultdesc": "`false`",
+							"liveupdate": "no",
+							"longdesc": "",
+							"shortdesc": "Which eBPF commands to allow with delegation mechanism",
+							"type": "bool"
+						}
+					},
+					{
+						"security.delegate_bpf.maps": {
+							"condition": "unprivileged container",
+							"defaultdesc": "`false`",
+							"liveupdate": "no",
+							"longdesc": "",
+							"shortdesc": "Which eBPF maps to allow with delegation mechanism",
+							"type": "bool"
+						}
+					},
+					{
+						"security.delegate_bpf.progs": {
+							"condition": "unprivileged container",
+							"defaultdesc": "`false`",
+							"liveupdate": "no",
+							"longdesc": "",
+							"shortdesc": "Which eBPF program types to allow with delegation mechanism",
+							"type": "bool"
+						}
+					},
 					{
 						"security.devlxd": {
 							"defaultdesc": "`true`",