1 files changed, 28 insertions, 2 deletions

diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 69d28c788..993186476 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -192,7 +192,7 @@ Define a custom blacklist Linux capabilities filter.
 .br
 Example:
 .br
-$ firejail \-\-caps.keep=net_broadcast,net_admin,net_raw
+$ firejail \-\-caps.drop=net_broadcast,net_admin,net_raw
 
 .TP
 \fB\-\-caps.keep=capability,capability,capability
@@ -469,6 +469,16 @@ Example:
 $ firejail \-\-hostname=officepc firefox
 
 .TP
+\fB\-\-hosts-file=file
+Use file as /etc/hosts.
+.br
+
+.br
+Example:
+.br
+$ firejail \-\-hosts-file=~/myhosts firefox
+
+.TP
 \fB\-\-ignore=command
 Ignore command in profile file.
 .br
@@ -678,7 +688,7 @@ $ firejail \-\-net=eth0 \-\-mac=00:11:22:33:44:55 firefox
 
 .TP
 \fB\-\-machine-id
-Preserve id number in /etc/machine-id file. By default a new random id is generated inside the sandbox.
+Spoof id number in /etc/machine-id file - a new random id is generated inside the sandbox.
 .br
 
 .br
@@ -761,6 +771,11 @@ Example:
 $ firejail \-\-net=none vlc
 
 .TP
+\fB\-\-netns=name
+Run the program in a named, persistent network namespace.  These can
+be created and configured using "ip netns".
+
+.TP
 \fB\-\-netfilter
 Enable a default client network filter in the new network namespace.
 New network namespaces are created using \-\-net option. If a new network namespaces is not created,
@@ -1710,6 +1725,17 @@ Example:
 .br
 $ sudo firejail --writable-var
 
+.TP
+\fB\-\-writable-var-log
+Use the real /var/log directory, not a clone. By default, a tmpfs is mounted on top of /var/log
+directory, and a skeleton filesystem is created based on the original /var/log.
+.br
+
+.br
+Example:
+.br
+$ sudo firejail --writable-var-log
+
 
 .TP
 \fB\-\-x11