docs and comment updates

adds sorting to syscall list in firejail man page
author: smitsohu <smitsohu@gmail.com> 2018-04-20 20:32:43 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-04-20 20:41:13 +0200
commit: 5395e525f68f2fcf78e933f731b1da0009f64149 (patch)
tree: d482748f7b8eaf3d41db03ea435dee2a52c8d98b /src/man/firejail.txt
parent: merges (diff)
download: firejail-5395e525f68f2fcf78e933f731b1da0009f64149.tar.gz
firejail-5395e525f68f2fcf78e933f731b1da0009f64149.tar.zst
firejail-5395e525f68f2fcf78e933f731b1da0009f64149.zip
1 files changed, 11 insertions, 15 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 2e410061d..d8fed1f31 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1602,20 +1602,16 @@ $ firejail \-\-net=eth0 \-\-scan
 .TP
 \fB\-\-seccomp
 Enable seccomp filter and blacklist the syscalls in the default list (@default). The default list is as follows:
-mount, umount2, ptrace, kexec_load, kexec_file_load, name_to_handle_at, open_by_handle_at, create_module, init_module, finit_module, delete_module,
+_sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime,
-iopl, ioperm, ioprio_set, swapon, swapoff, syslog, process_vm_readv, process_vm_writev,
+create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module,
-sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp,
+io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load,
-add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup,
+kexec_load, keyctl, lock, lookup_dcookie, mbind, mfsservctl, migrate_pages, modify_ldt, mount, move_pages, mpx,
-io_destroy, io_getevents, io_submit, io_cancel,
+name_to_handle_at, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open,
-remap_file_pages, mbind, set_mempolicy,
+personality, pivot_root, process_vm_readv, process_vm_writev, process_vm_writev, prof, profil, ptrace, putpmsg,
-migrate_pages, move_pages, vmsplice, chroot,
+query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr,
-tuxcall, reboot, mfsservctl, get_kernel_syms,
+security, set_mempolicy, setdomainname, sethostname, settimeofday, sgetmask, ssetmask, stime, stty, subpage_prot,
-bpf, clock_settime, personality, process_vm_writev, query_module,
+swapoff, swapon, switch_endian, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup,
-settimeofday, stime, umount, userfaultfd, ustat, vm86, vm86old,
+vm86, vm86old, vmsplice and vserver.
-afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read,
-pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write,
-security, setdomainname,  sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian,
-ulimit, vhangup and vserver.
 .br
 To help creating useful seccomp filters more easily, the following
@@ -1698,7 +1694,7 @@ Bad system call
 .br
 .TP
-\fB\-\-seccomp.block_secondary
+\fB\-\-seccomp.block-secondary
 Enable seccomp filter and filter system call architectures so that
 only the native architecture is allowed. For example, on amd64, i386
 and x32 system calls are blocked as well as changing the execution
author	smitsohu <smitsohu@gmail.com>	2018-04-20 20:32:43 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-04-20 20:41:13 +0200
commit	5395e525f68f2fcf78e933f731b1da0009f64149 (patch)
tree	d482748f7b8eaf3d41db03ea435dee2a52c8d98b /src/man/firejail.txt
parent	merges (diff)
download	firejail-5395e525f68f2fcf78e933f731b1da0009f64149.tar.gz firejail-5395e525f68f2fcf78e933f731b1da0009f64149.tar.zst firejail-5395e525f68f2fcf78e933f731b1da0009f64149.zip

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 2e410061d..d8fed1f31 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -1602,20 +1602,16 @@ $ firejail \-\-net=eth0 \-\-scan
1602	.TP	1602	.TP
1603	\fB\-\-seccomp	1603	\fB\-\-seccomp
1604	Enable seccomp filter and blacklist the syscalls in the default list (@default). The default list is as follows:	1604	Enable seccomp filter and blacklist the syscalls in the default list (@default). The default list is as follows:
1605	mount, umount2, ptrace, kexec_load, kexec_file_load, name_to_handle_at, open_by_handle_at, create_module, init_module, finit_module, delete_module,	1605	_sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime,
1606	iopl, ioperm, ioprio_set, swapon, swapoff, syslog, process_vm_readv, process_vm_writev,	1606	create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module,
1607	sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp,	1607	io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load,
1608	add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup,	1608	kexec_load, keyctl, lock, lookup_dcookie, mbind, mfsservctl, migrate_pages, modify_ldt, mount, move_pages, mpx,
1609	io_destroy, io_getevents, io_submit, io_cancel,	1609	name_to_handle_at, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open,
1610	remap_file_pages, mbind, set_mempolicy,	1610	personality, pivot_root, process_vm_readv, process_vm_writev, process_vm_writev, prof, profil, ptrace, putpmsg,
1611	migrate_pages, move_pages, vmsplice, chroot,	1611	query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr,
1612	tuxcall, reboot, mfsservctl, get_kernel_syms,	1612	security, set_mempolicy, setdomainname, sethostname, settimeofday, sgetmask, ssetmask, stime, stty, subpage_prot,
1613	bpf, clock_settime, personality, process_vm_writev, query_module,	1613	swapoff, swapon, switch_endian, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup,
1614	settimeofday, stime, umount, userfaultfd, ustat, vm86, vm86old,	1614	vm86, vm86old, vmsplice and vserver.
1615	afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read,
1616	pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write,
1617	security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian,
1618	ulimit, vhangup and vserver.
1619		1615
1620	.br	1616	.br
1621	To help creating useful seccomp filters more easily, the following	1617	To help creating useful seccomp filters more easily, the following
@@ -1698,7 +1694,7 @@ Bad system call
1698	.br	1694	.br
1699		1695
1700	.TP	1696	.TP
1701	\fB\-\-seccomp.block_secondary	1697	\fB\-\-seccomp.block-secondary
1702	Enable seccomp filter and filter system call architectures so that	1698	Enable seccomp filter and filter system call architectures so that
1703	only the native architecture is allowed. For example, on amd64, i386	1699	only the native architecture is allowed. For example, on amd64, i386
1704	and x32 system calls are blocked as well as changing the execution	1700	and x32 system calls are blocked as well as changing the execution