Add further seccomp groups

Get further seccomp group definitions from systemd.
author: Topi Miettinen <toiwoton@gmail.com> 2019-08-25 20:11:24 +0300
committer: Topi Miettinen <toiwoton@gmail.com> 2019-08-28 12:08:37 +0300
commit: ce4a3231479a29aa3dff44722b15bc315f68141d (patch)
tree: b1a1412f08790e9415cef2710b3b31a943ede85f /src/man
parent: Merge pull request #2921 from rusty-snake/allow-common-devel.inc (diff)
download: firejail-ce4a3231479a29aa3dff44722b15bc315f68141d.tar.gz
firejail-ce4a3231479a29aa3dff44722b15bc315f68141d.tar.zst
firejail-ce4a3231479a29aa3dff44722b15bc315f68141d.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 86b76f58f..b0c12ee11 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1776,9 +1776,11 @@ vm86, vm86old, vmsplice and vserver.
 .br
 To help creating useful seccomp filters more easily, the following
-system call groups are defined: @clock, @cpu-emulation, @debug,
+system call groups are defined: @aio, @basic-io, @chown, @clock,
-@default, @default-nodebuggers, @default-keep, @module, @obsolete,
+@cpu-emulation, @debug, @default, @default-nodebuggers, @default-keep,
-@privileged, @raw-io, @reboot, @resources and @swap. In addition, a
+@file-system, @io-event, @ipc, @keyring, @memlock, @module, @mount,
+@network-io, @obsolete, @privileged, @process, @raw-io, @reboot,
+@resources, @setuid, @swap, @sync, @system-service and @timer. In addition, a
 system call can be specified by its number instead of name with prefix
 $, so for example $165 would be equal to mount on i386.
author	Topi Miettinen <toiwoton@gmail.com>	2019-08-25 20:11:24 +0300
committer	Topi Miettinen <toiwoton@gmail.com>	2019-08-28 12:08:37 +0300
commit	ce4a3231479a29aa3dff44722b15bc315f68141d (patch)
tree	b1a1412f08790e9415cef2710b3b31a943ede85f /src/man
parent	Merge pull request #2921 from rusty-snake/allow-common-devel.inc (diff)
download	firejail-ce4a3231479a29aa3dff44722b15bc315f68141d.tar.gz firejail-ce4a3231479a29aa3dff44722b15bc315f68141d.tar.zst firejail-ce4a3231479a29aa3dff44722b15bc315f68141d.zip

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 86b76f58f..b0c12ee11 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -1776,9 +1776,11 @@ vm86, vm86old, vmsplice and vserver.
1776		1776
1777	.br	1777	.br
1778	To help creating useful seccomp filters more easily, the following	1778	To help creating useful seccomp filters more easily, the following
1779	system call groups are defined: @clock, @cpu-emulation, @debug,	1779	system call groups are defined: @aio, @basic-io, @chown, @clock,
1780	@default, @default-nodebuggers, @default-keep, @module, @obsolete,	1780	@cpu-emulation, @debug, @default, @default-nodebuggers, @default-keep,
1781	@privileged, @raw-io, @reboot, @resources and @swap. In addition, a	1781	@file-system, @io-event, @ipc, @keyring, @memlock, @module, @mount,
		1782	@network-io, @obsolete, @privileged, @process, @raw-io, @reboot,
		1783	@resources, @setuid, @swap, @sync, @system-service and @timer. In addition, a
1782	system call can be specified by its number instead of name with prefix	1784	system call can be specified by its number instead of name with prefix
1783	$, so for example $165 would be equal to mount on i386.	1785	$, so for example $165 would be equal to mount on i386.
1784		1786