landlock: use "landlock.fs." prefix in filesystem commands

Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.

So use `landlock.fs.` as the prefix in the current filesystem-related
commands (and later `landlock.net.` for the network-related commands) to
keep them organized and to match what is used in the kernel.

Examples of filesystem and network access flags:

* `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file.
* `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content.
* `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port.
* `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a
  remote port.

Relates to #6078.

2 files changed, 13 insertions, 13 deletions

diff --git a/src/man/firejail-profile.5.in b/src/man/firejail-profile.5.in
index b6672c16b..e274a91d1 100644
--- a/src/man/firejail-profile.5.in
+++ b/src/man/firejail-profile.5.in
@@ -514,25 +514,25 @@ Enforce the Landlock ruleset.
 .PP
 Without it, the other Landlock commands have no effect.
 .TP
-\fBlandlock.read path
+\fBlandlock.fs.read path
 Create a Landlock ruleset (if it doesn't already exist) and add a read access
 rule for path.
 .TP
-\fBlandlock.write path
+\fBlandlock.fs.write path
 Create a Landlock ruleset (if it doesn't already exist) and add a write access
 rule for path.
 .TP
-\fBlandlock.makeipc path
+\fBlandlock.fs.makeipc path
 Create a Landlock ruleset (if it doesn't already exist) and add a rule that
 allows the creation of named pipes (FIFOs) and Unix domain sockets beneath
 the given path.
 .TP
-\fBlandlock.makedev path
+\fBlandlock.fs.makedev path
 Create a Landlock ruleset (if it doesn't already exist) and add a rule that
 allows the creation of block devices and character devices beneath the given
 path.
 .TP
-\fBlandlock.execute path
+\fBlandlock.fs.execute path
 Create a Landlock ruleset (if it doesn't already exist) and add an execution
 permission rule for path.
 #endif
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in
index 6548b8e5d..618b4955e 100644
--- a/src/man/firejail.1.in
+++ b/src/man/firejail.1.in
@@ -1241,25 +1241,25 @@ Enforce the Landlock ruleset.
 Without it, the other Landlock commands have no effect.
 See the \fBLANDLOCK\fR section for more information.
 .TP
-\fB\-\-landlock.read=path
+\fB\-\-landlock.fs.read=path
 Create a Landlock ruleset (if it doesn't already exist) and add a read access
 rule for path.
 .TP
-\fB\-\-landlock.write=path
+\fB\-\-landlock.fs.write=path
 Create a Landlock ruleset (if it doesn't already exist) and add a write access
 rule for path.
 .TP
-\fB\-\-landlock.makeipc=path
+\fB\-\-landlock.fs.makeipc=path
 Create a Landlock ruleset (if it doesn't already exist) and add a rule that
 allows the creation of named pipes (FIFOs) and Unix domain sockets beneath
 the given path.
 .TP
-\fB\-\-landlock.makedev=path
+\fB\-\-landlock.fs.makedev=path
 Create a Landlock ruleset (if it doesn't already exist) and add a rule that
 allows the creation of block devices and character devices beneath the given
 path.
 .TP
-\fB\-\-landlock.execute=path
+\fB\-\-landlock.fs.execute=path
 Create a Landlock ruleset (if it doesn't already exist) and add an execution
 permission rule for path.
 .br
@@ -1267,8 +1267,8 @@ permission rule for path.
 .br
 Example:
 .br
-$ firejail \-\-landlock.read=/ \-\-landlock.write=/home
-\-\-landlock.execute=/usr \-\-landlock.enforce
+$ firejail \-\-landlock.fs.read=/ \-\-landlock.fs.write=/home
+\-\-landlock.fs.execute=/usr \-\-landlock.enforce
 #endif
 .TP
 \fB\-\-list
@@ -3404,7 +3404,7 @@ features, pass \fB\-\-landlock.enforce\fR flag to Firejail command line.
 Without it, the other Landlock commands have no effect.
 Example:
 .PP
-$ firejail \-\-landlock.enforce \-\-landlock.read=/media mc
+$ firejail \-\-landlock.enforce \-\-landlock.fs.read=/media mc
 .PP
 To disable Landlock self-restriction, use \fB\-\-ignore=landlock.enforce\fR.
 #endif