Merge pull request #515 from avoidr/manpage_fix

update seccomp default list in firejail-profile

1 files changed, 9 insertions, 4 deletions

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 0e9614ab6..8f9eedbd3 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -222,10 +222,15 @@ first argument to socket system call. Recognized values: \fBunix\fR,
 \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR.
 .TP
 \fBseccomp
-Enable default seccomp filter.  The default list is as follows:
-mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module,
-iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev,
-sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp.
+Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows:
+mount, umount2, ptrace, kexec_load, kexec_file_load, open_by_handle_at, init_module, finit_module, delete_module,
+iopl, ioperm, swapon, swapoff, syslog, process_vm_readv, process_vm_writev,
+sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp,
+add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup,
+io_destroy, io_getevents, io_submit, io_cancel,
+remap_file_pages, mbind, get_mempolicy, set_mempolicy,
+migrate_pages, move_pages, vmsplice, perf_event_open, chroot,
+tuxcall, reboot, mfsservctl and get_kernel_syms.
 .TP
 \fBseccomp syscall,syscall,syscall
 Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter.