8 files changed, 30 insertions, 29 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 565983341..d18cd112f 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -383,7 +383,7 @@ extern int arg_noprofile;	// use default.profile if none other found/specified
 extern int arg_memory_deny_write_execute;       // block writable and executable memory
 extern int arg_notv;    // --notv
 extern int arg_nodvd;   // --nodvd
-extern int arg_nousb;   // --nousb
+extern int arg_nou2f;   // --nou2f
 extern int arg_nodbus; // -nodbus
 extern int login_shell;
@@ -558,7 +558,7 @@ void fs_dev_disable_3d(void);
 void fs_dev_disable_video(void);
 void fs_dev_disable_tv(void);
 void fs_dev_disable_dvd(void);
-void fs_dev_disable_usb(void);
+void fs_dev_disable_u2f(void);
 // fs_home.c
 // private mode (--private)
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index f58ebe399..9e287bf27 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -39,7 +39,7 @@ typedef enum {
        DEV_VIDEO,
        DEV_TV,
        DEV_DVD,
-        DEV_USB,
+        DEV_U2F,
 } DEV_TYPE;
@@ -77,17 +77,17 @@ static DevEntry dev[] = {
        {"/dev/video9", RUN_DEV_DIR "/video9", DEV_VIDEO},
        {"/dev/dvb", RUN_DEV_DIR "/dvb", DEV_TV}, // DVB (Digital Video Broadcasting) - TV device
        {"/dev/sr0", RUN_DEV_DIR "/sr0", DEV_DVD}, // for DVD and audio CD players
-        {"/dev/hidraw0", RUN_DEV_DIR "/hidraw0", DEV_USB},
+        {"/dev/hidraw0", RUN_DEV_DIR "/hidraw0", DEV_U2F},
-        {"/dev/hidraw1", RUN_DEV_DIR "/hidraw1", DEV_USB},
+        {"/dev/hidraw1", RUN_DEV_DIR "/hidraw1", DEV_U2F},
-        {"/dev/hidraw2", RUN_DEV_DIR "/hidraw2", DEV_USB},
+        {"/dev/hidraw2", RUN_DEV_DIR "/hidraw2", DEV_U2F},
-        {"/dev/hidraw3", RUN_DEV_DIR "/hidraw3", DEV_USB},
+        {"/dev/hidraw3", RUN_DEV_DIR "/hidraw3", DEV_U2F},
-        {"/dev/hidraw4", RUN_DEV_DIR "/hidraw4", DEV_USB},
+        {"/dev/hidraw4", RUN_DEV_DIR "/hidraw4", DEV_U2F},
-        {"/dev/hidraw5", RUN_DEV_DIR "/hidraw5", DEV_USB},
+        {"/dev/hidraw5", RUN_DEV_DIR "/hidraw5", DEV_U2F},
-        {"/dev/hidraw6", RUN_DEV_DIR "/hidraw6", DEV_USB},
+        {"/dev/hidraw6", RUN_DEV_DIR "/hidraw6", DEV_U2F},
-        {"/dev/hidraw7", RUN_DEV_DIR "/hidraw7", DEV_USB},
+        {"/dev/hidraw7", RUN_DEV_DIR "/hidraw7", DEV_U2F},
-        {"/dev/hidraw8", RUN_DEV_DIR "/hidraw8", DEV_USB},
+        {"/dev/hidraw8", RUN_DEV_DIR "/hidraw8", DEV_U2F},
-        {"/dev/hidraw9", RUN_DEV_DIR "/hidraw9", DEV_USB},
+        {"/dev/hidraw9", RUN_DEV_DIR "/hidraw9", DEV_U2F},
-        {"/dev/usb", RUN_DEV_DIR "/usb", DEV_USB},      // USB devices such as Yubikey, U2F
+        {"/dev/usb", RUN_DEV_DIR "/usb", DEV_U2F},      // USB devices such as Yubikey, U2F
        {NULL, NULL, DEV_NONE}
 };
@@ -102,7 +102,7 @@ static void deventry_mount(void) {
                            (dev[i].type == DEV_VIDEO && arg_novideo == 0) ||
                            (dev[i].type == DEV_TV && arg_notv == 0) ||
                            (dev[i].type == DEV_DVD && arg_nodvd == 0) ||
-                            (dev[i].type == DEV_USB && arg_nousb == 0)) {
+                            (dev[i].type == DEV_U2F && arg_nou2f == 0)) {
                                int dir = is_dir(dev[i].run_fname);
                                if (arg_debug)
@@ -371,10 +371,10 @@ void fs_dev_disable_dvd(void) {
        }
 }
-void fs_dev_disable_usb(void) {
+void fs_dev_disable_u2f(void) {
        int i = 0;
        while (dev[i].dev_fname != NULL) {
-                if (dev[i].type == DEV_USB)
+                if (dev[i].type == DEV_U2F)
                        disable_file_or_dir(dev[i].dev_fname);
                i++;
        }
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 51f875e91..ce28c62da 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -123,7 +123,7 @@ int arg_memory_deny_write_execute = 0;		// block writable and executable memory
 int arg_notv = 0;       // --notv
 int arg_nodvd = 0; // --nodvd
 int arg_nodbus = 0; // -nodbus
-int arg_nousb = 0; // --nousb
+int arg_nou2f = 0; // --nou2f
 int login_shell = 0;
@@ -1723,8 +1723,8 @@ int main(int argc, char **argv) {
                        arg_notv = 1;
                else if (strcmp(argv[i], "--nodvd") == 0)
                        arg_nodvd = 1;
-                else if (strcmp(argv[i], "--nousb") == 0)
+                else if (strcmp(argv[i], "--nou2f") == 0)
-                        arg_nousb = 1;
+                        arg_nou2f = 1;
                else if (strcmp(argv[i], "--nodbus") == 0)
                        arg_nodbus = 1;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 8c393cab5..7d03a7c34 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -257,8 +257,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                arg_nodbus = 1;
                return 0;
        }
-        else if (strcmp(ptr, "nousb") == 0) {
+        else if (strcmp(ptr, "nou2f") == 0) {
-                arg_nousb = 1;
+                arg_nou2f = 1;
                return 0;
        }
        else if (strcmp(ptr, "netfilter") == 0) {
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index c22d65122..a1400db34 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -908,8 +908,8 @@ int sandbox(void* sandbox_arg) {
        if (arg_nodvd)
                fs_dev_disable_dvd();
-        if (arg_nousb)
+        if (arg_nou2f)
-                fs_dev_disable_usb();
+                fs_dev_disable_u2f();
        if (arg_novideo)
                fs_dev_disable_video();
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 88614298e..0289278d2 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -138,6 +138,7 @@ static char *usage_str =
        "    --nosound - disable sound system.\n"
        "    --noautopulse - disable automatic ~/.config/pulse init.\n"
        "    --novideo - disable video devices.\n"
+        "    --nou2f - disable U2F devices.\n"
        "    --nowhitelist=filename - disable whitelist for file or directory .\n"
        "    --output=logfile - stdout logging and log rotation.\n"
        "    --output-stderr=logfile - stdout and stderr logging and log rotation.\n"
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 76a13c7cc..c32fdf8f4 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -468,8 +468,8 @@ pulse servers or non-standard socket paths.
 \fBnotv
 Disable DVB (Digital Video Broadcasting) TV devices.
 .TP
-\fBnousb
+\fBnou2f
-Disable USB devices.
+Disable U2F devices.
 .TP
 \fBnovideo
 Disable video devices.
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 2ea39aed4..760249e70 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1174,14 +1174,14 @@ Example:
 $ firejail \-\-notv vlc
 .TP
-\fB\-\-nousb
+\fB\-\-nou2f
-Disable USB devices.
+Disable U2F devices.
 .br
 .br
 Example:
 .br
-$ firejail \-\-nousb
+$ firejail \-\-nou2f
 .TP
 \fB\-\-novideo