diff --git a/docs/ebpf.md b/docs/ebpf.md
index 7f9057aa2..ed5a893a7 100644
--- a/docs/ebpf.md
+++ b/docs/ebpf.md
@@ -15,3 +15,8 @@ You probably want to run with
 interactive use as some things use debugfs. You need at least `CAP_SYS_ADMIN` to do anything.
 There are examples in `bcc/examples` that should generally just work, I have tried several of
 the Lua ones.
+
+Some of the `iovisor/bcc` samples try to access the kernel symbols. For them to work correctly you should also execute:
+```sh
+echo 0 > /proc/sys/kernel/kptr_restrict
+```