1 files changed, 7 insertions, 5 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 69cd4a7bc..e216531ae 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1059,7 +1059,7 @@ that are both writable and executable, to change mappings to be
 executable, or to create executable shared memory. The filter examines
 the arguments of mmap, mmap2, mprotect, pkey_mprotect, memfd_create
 and shmat system calls and returns error EPERM to the process (or
-kills it, see \-\-seccomp-error-action below) if necessary.
+kills it or log the attempt, see \-\-seccomp-error-action below) if necessary.
 .br
 .br
@@ -2122,8 +2122,8 @@ Instead of dropping the syscall by returning EPERM, another error
 number can be returned using \fBsyscall:errno\fR syntax. This can be
 also changed globally with \-\-seccomp-error-action or
 in /etc/firejail/firejail.config file.  The process can also be killed
-by using \fBsyscall:kill\fR syntax.
+by using \fBsyscall:kill\fR syntax, or the attempt may be logged with
+\fBsyscall:log\fR.
 .br
 .br
@@ -2193,7 +2193,8 @@ Instead of dropping the syscall by returning EPERM, another error
 number can be returned using \fBsyscall:errno\fR syntax. This can be
 also changed globally with \-\-seccomp-error-action or
 in /etc/firejail/firejail.config file.  The process can also be killed
-by using \fBsyscall:kill\fR syntax.
+by using \fBsyscall:kill\fR syntax, or the attempt may be logged with
+\fBsyscall:log\fR.
 .br
 .br
@@ -2402,7 +2403,8 @@ By default, if a seccomp filter blocks a system call, the process gets
 EPERM as the error. With \-\-seccomp-error-action=error, another error
 number can be returned, for example ENOSYS or EACCES. The process can
 also be killed (like in versions <0.9.63 of Firejail) by using
-\-\-seccomp-error-action=kill syntax. Not killing the process weakens
+\-\-seccomp-error-action=kill syntax, or the attempt may be logged
+with \-\-seccomp-error-action=log. Not killing the process weakens
 Firejail slightly when trying to contain intrusion, but it may also
 allow tighter filters if the only alternative is to allow a system
 call.

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 69cd4a7bc..e216531ae 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -1059,7 +1059,7 @@ that are both writable and executable, to change mappings to be
1059	executable, or to create executable shared memory. The filter examines	1059	executable, or to create executable shared memory. The filter examines
1060	the arguments of mmap, mmap2, mprotect, pkey_mprotect, memfd_create	1060	the arguments of mmap, mmap2, mprotect, pkey_mprotect, memfd_create
1061	and shmat system calls and returns error EPERM to the process (or	1061	and shmat system calls and returns error EPERM to the process (or
1062	kills it, see \-\-seccomp-error-action below) if necessary.	1062	kills it or log the attempt, see \-\-seccomp-error-action below) if necessary.
1063	.br	1063	.br
1064		1064
1065	.br	1065	.br
@@ -2122,8 +2122,8 @@ Instead of dropping the syscall by returning EPERM, another error
2122	number can be returned using \fBsyscall:errno\fR syntax. This can be	2122	number can be returned using \fBsyscall:errno\fR syntax. This can be
2123	also changed globally with \-\-seccomp-error-action or	2123	also changed globally with \-\-seccomp-error-action or
2124	in /etc/firejail/firejail.config file. The process can also be killed	2124	in /etc/firejail/firejail.config file. The process can also be killed
2125	by using \fBsyscall:kill\fR syntax.	2125	by using \fBsyscall:kill\fR syntax, or the attempt may be logged with
2126		2126	\fBsyscall:log\fR.
2127	.br	2127	.br
2128		2128
2129	.br	2129	.br
@@ -2193,7 +2193,8 @@ Instead of dropping the syscall by returning EPERM, another error
2193	number can be returned using \fBsyscall:errno\fR syntax. This can be	2193	number can be returned using \fBsyscall:errno\fR syntax. This can be
2194	also changed globally with \-\-seccomp-error-action or	2194	also changed globally with \-\-seccomp-error-action or
2195	in /etc/firejail/firejail.config file. The process can also be killed	2195	in /etc/firejail/firejail.config file. The process can also be killed
2196	by using \fBsyscall:kill\fR syntax.	2196	by using \fBsyscall:kill\fR syntax, or the attempt may be logged with
		2197	\fBsyscall:log\fR.
2197	.br	2198	.br
2198		2199
2199	.br	2200	.br
@@ -2402,7 +2403,8 @@ By default, if a seccomp filter blocks a system call, the process gets
2402	EPERM as the error. With \-\-seccomp-error-action=error, another error	2403	EPERM as the error. With \-\-seccomp-error-action=error, another error
2403	number can be returned, for example ENOSYS or EACCES. The process can	2404	number can be returned, for example ENOSYS or EACCES. The process can
2404	also be killed (like in versions <0.9.63 of Firejail) by using	2405	also be killed (like in versions <0.9.63 of Firejail) by using
2405	\-\-seccomp-error-action=kill syntax. Not killing the process weakens	2406	\-\-seccomp-error-action=kill syntax, or the attempt may be logged
		2407	with \-\-seccomp-error-action=log. Not killing the process weakens
2406	Firejail slightly when trying to contain intrusion, but it may also	2408	Firejail slightly when trying to contain intrusion, but it may also
2407	allow tighter filters if the only alternative is to allow a system	2409	allow tighter filters if the only alternative is to allow a system
2408	call.	2410	call.