1 files changed, 16 insertions, 7 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 7427b1009..f7d18536d 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -395,7 +395,7 @@ $ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox
 .TP
 \fB\-\-disable-mnt
-Disable /mnt, /media, /run/mount and /run/media access.
+Blacklist /mnt, /media, /run/mount and /run/media access.
 .br
 .br
@@ -1531,7 +1531,7 @@ drwxrwxrwt  2 nobody nogroup 4096 Apr 30 10:52 .X11-unix
 .TP
-\fB\-\-profile=filename
+\fB\-\-profile=filename_or_profilename
 Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path.
 For more information, see \fBSECURITY PROFILES\fR section below.
 .br
@@ -1681,12 +1681,12 @@ Enable seccomp filter and blacklist the syscalls in the default list (@default).
 _sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime,
 create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module,
 io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load,
-kexec_load, keyctl, lock, lookup_dcookie, mbind, mfsservctl, migrate_pages, modify_ldt, mount, move_pages, mpx,
+kexec_load, keyctl, lock, lookup_dcookie, mbind, migrate_pages, modify_ldt, mount, move_pages, mpx,
-name_to_handle_at, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open,
+name_to_handle_at, nfsservctl, ni_syscall, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open,
-personality, pivot_root, process_vm_readv, process_vm_writev, process_vm_writev, prof, profil, ptrace, putpmsg,
+personality, pivot_root, process_vm_readv, process_vm_writev, prof, profil, ptrace, putpmsg,
 query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr,
 security, set_mempolicy, setdomainname, sethostname, settimeofday, sgetmask, ssetmask, stime, stty, subpage_prot,
-swapoff, swapon, switch_endian, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup,
+swapoff, swapon, switch_endian, sys_debug_setcontext, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup,
 vm86, vm86old, vmsplice and vserver.
 .br
@@ -2701,7 +2701,7 @@ The owner of the sandbox.
 Several command line options can be passed to the program using
 profile files. Firejail chooses the profile file as follows:
-1. If a profile file is provided by the user with --profile option, the profile file is loaded.
+1. If a profile file is provided by the user with --profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in  /etc/firejail directory. Profile names do not include the .profile suffix.
 Example:
 .PP
 .RS
@@ -2712,6 +2712,15 @@ Reading profile /home/netblue/icecat.profile
 [...]
 .RE
+.PP
+.RS
+$ firejail --profile=icecat icecat-wrapper.sh
+.br
+Reading profile /etc/firejail/icecat.profile
+.br
+[...]
+.RE
 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or
 in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example:
 .PP

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7427b1009..f7d18536d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -395,7 +395,7 @@ $ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox
395		395
396	.TP	396	.TP
397	\fB\-\-disable-mnt	397	\fB\-\-disable-mnt
398	Disable /mnt, /media, /run/mount and /run/media access.	398	Blacklist /mnt, /media, /run/mount and /run/media access.
399	.br	399	.br
400		400
401	.br	401	.br
@@ -1531,7 +1531,7 @@ drwxrwxrwt 2 nobody nogroup 4096 Apr 30 10:52 .X11-unix
1531		1531
1532		1532
1533	.TP	1533	.TP
1534	\fB\-\-profile=filename	1534	\fB\-\-profile=filename_or_profilename
1535	Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path.	1535	Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path.
1536	For more information, see \fBSECURITY PROFILES\fR section below.	1536	For more information, see \fBSECURITY PROFILES\fR section below.
1537	.br	1537	.br
@@ -1681,12 +1681,12 @@ Enable seccomp filter and blacklist the syscalls in the default list (@default).
1681	_sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime,	1681	_sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime,
1682	create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module,	1682	create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module,
1683	io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load,	1683	io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load,
1684	kexec_load, keyctl, lock, lookup_dcookie, mbind, mfsservctl, migrate_pages, modify_ldt, mount, move_pages, mpx,	1684	kexec_load, keyctl, lock, lookup_dcookie, mbind, migrate_pages, modify_ldt, mount, move_pages, mpx,
1685	name_to_handle_at, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open,	1685	name_to_handle_at, nfsservctl, ni_syscall, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open,
1686	personality, pivot_root, process_vm_readv, process_vm_writev, process_vm_writev, prof, profil, ptrace, putpmsg,	1686	personality, pivot_root, process_vm_readv, process_vm_writev, prof, profil, ptrace, putpmsg,
1687	query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr,	1687	query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr,
1688	security, set_mempolicy, setdomainname, sethostname, settimeofday, sgetmask, ssetmask, stime, stty, subpage_prot,	1688	security, set_mempolicy, setdomainname, sethostname, settimeofday, sgetmask, ssetmask, stime, stty, subpage_prot,
1689	swapoff, swapon, switch_endian, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup,	1689	swapoff, swapon, switch_endian, sys_debug_setcontext, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup,
1690	vm86, vm86old, vmsplice and vserver.	1690	vm86, vm86old, vmsplice and vserver.
1691		1691
1692	.br	1692	.br
@@ -2701,7 +2701,7 @@ The owner of the sandbox.
2701	Several command line options can be passed to the program using	2701	Several command line options can be passed to the program using
2702	profile files. Firejail chooses the profile file as follows:	2702	profile files. Firejail chooses the profile file as follows:
2703		2703
2704	1. If a profile file is provided by the user with --profile option, the profile file is loaded.	2704	1. If a profile file is provided by the user with --profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix.
2705	Example:	2705	Example:
2706	.PP	2706	.PP
2707	.RS	2707	.RS
@@ -2712,6 +2712,15 @@ Reading profile /home/netblue/icecat.profile
2712	[...]	2712	[...]
2713	.RE	2713	.RE
2714		2714
		2715	.PP
		2716	.RS
		2717	$ firejail --profile=icecat icecat-wrapper.sh
		2718	.br
		2719	Reading profile /etc/firejail/icecat.profile
		2720	.br
		2721	[...]
		2722	.RE
		2723
2715	2. If a profile file with the same name as the application is present in ~/.config/firejail directory or	2724	2. If a profile file with the same name as the application is present in ~/.config/firejail directory or
2716	in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example:	2725	in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example:
2717	.PP	2726	.PP