seccomp errno: man page and usage

2 files changed, 24 insertions, 11 deletions

diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 13e3d87e2..5154caf77 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -66,10 +66,12 @@ void usage(void) {
         printf("\t\tExample: cpu=0,1,2\n\n");
         printf("\t--csh - use /bin/csh as default shell.\n\n");
         printf("\t--debug - print sandbox debug messages.\n\n");
-        printf("\t--debug-syscalls - print all recognized system calls in the current\n");
-        printf("\t\tFirejail software build and exit.\n\n");
         printf("\t--debug-caps - print all recognized capabilities in the current\n");
         printf("\t\tFirejail software build and exit.\n\n");
+        printf("\t--debug-errnos - print all recognized error numbres in the current\n");
+        printf("\t\tFirejail software build and exit.\n\n");
+        printf("\t--debug-syscalls - print all recognized system calls in the current\n");
+        printf("\t\tFirejail software build and exit.\n\n");
         printf("\t--defaultgw=address - use this address as default gateway in the new\n");
         printf("\t\tnetwork namespace.\n\n");
         printf("\t--dns=address - set a DNS server for the sandbox. Up to three DNS\n");
@@ -216,6 +218,9 @@ void usage(void) {
         printf("\t--seccomp.keep=syscall,syscall,syscall - enable seccomp filter, and\n");
         printf("\t\twhitelist the syscalls specified by the command.\n\n");
         
+        printf("\t--seccomp.<errno>=syscall,syscall,syscall - enable seccomp filter, and\n");
+        printf("\t\treturn errno for the syscalls specified by the command.\n\n");
+        
         printf("\t--seccomp.print=name - print the seccomp filter for the sandbox\n");
         printf("\t\tidentified by name.\n\n");
         printf("\t--seccomp.print=pid - print the seccomp filter for the sandbox\n");
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 899005434..2d1c40566 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -23,9 +23,7 @@ firejail {\-\-list | \-\-netstats | \-\-top | \-\-tree}
 Miscellaneous:
 .PP
 .RS
-firejail {\-? | \-\-debug-caps | \-\-debug-syscalls | \-\-help |
-.br
-\-\-version}
+firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-help | \-\-version}
 .RE
 .SH DESCRIPTION
 Firejail is a SUID sandbox program that reduces the risk of security breaches by
@@ -240,24 +238,34 @@ Print debug messages.
 Example:
 .br
 $ firejail \-\-debug firefox
+
 .TP
-\fB\-\-debug-syscalls
-Print all recognized system calls in the current Firejail software build and exit.
+\fB\-\-debug-caps
+Print all recognized capabilities in the current Firejail software build and exit.
 .br
 
 .br
 Example:
 .br
-$ firejail \-\-debug-syscalls
+$ firejail \-\-debug-caps
 .TP
-\fB\-\-debug-caps
-Print all recognized capabilities in the current Firejail software build and exit.
+\fB\-\-debug-errnos
+Print all recognized error numbers in the current Firejail software build and exit.
 .br
 
 .br
 Example:
 .br
-$ firejail \-\-debug-caps
+$ firejail \-\-debug-errnos
+.TP
+\fB\-\-debug-syscalls
+Print all recognized system calls in the current Firejail software build and exit.
+.br
+
+.br
+Example:
+.br
+$ firejail \-\-debug-syscalls
 .TP
 \fB\-\-defaultgw=address
 Use this address as default gateway in the new network namespace.