2 files changed, 19 insertions, 17 deletions

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 9c416b0f3..98fa17908 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -224,15 +224,7 @@ first argument to socket system call. Recognized values: \fBunix\fR,
 \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR.
 .TP
 \fBseccomp
-Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows:
-mount, umount2, ptrace, kexec_load, kexec_file_load, open_by_handle_at, init_module, finit_module, delete_module,
-iopl, ioperm, swapon, swapoff, syslog, process_vm_readv, process_vm_writev,
-sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp,
-add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup,
-io_destroy, io_getevents, io_submit, io_cancel,
-remap_file_pages, mbind, get_mempolicy, set_mempolicy,
-migrate_pages, move_pages, vmsplice, perf_event_open, chroot,
-tuxcall, reboot, mfsservctl and get_kernel_syms.
+Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details.
 .TP
 \fBseccomp syscall,syscall,syscall
 Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter.
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index e915ab6cb..8d20cf36b 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1172,6 +1172,15 @@ make the whitelist read-only. Example:
 $ firejail --whitelist=~/work --read-only=~ --read-only=~/work
 
 .TP
+\fB\-\-read-write=dirname_or_filename
+By default, the sandbox mounts system directories read-only.
+These directories are /etc, /var, /usr, /bin, /sbin, /lib, /lib32, /libx32 and /lib64. 
+Use this option to mount read-write files or directories inside the system directories.
+
+This option is available only to root user. It has no effect when --chroot or --overlay are also set. In these
+cases the system directories are mounted read-write.
+
+.TP
 \fB\-\-rlimit-fsize=number
 Set the maximum file size that can be created by a process.
 .TP
@@ -1185,13 +1194,14 @@ Set the maximum number of processes that can be created for the real user ID of
 Set the maximum number of pending signals for a process.
 
 .TP
-\fB\-\-read-write=dirname_or_filename
-By default, the sandbox mounts system directories read-only.
-These directories are /etc, /var, /usr, /bin, /sbin, /lib, /lib32, /libx32 and /lib64. 
-Use this option to mount read-write files or directories inside the system directories.
+\fB\-\-rmenv=name
+Remove environment variable in the new sandbox.
+.br
 
-This option is available only to root user. It has no effect when --chroot or --overlay are also set. In these
-cases the system directories are mounted read-write.
+.br
+Example:
+.br
+$ firejail \-\-rmenv=DBUS_SESSION_BUS_ADDRESS
 
 .TP
 \fB\-\-scan
@@ -1206,8 +1216,8 @@ $ firejail \-\-net=eth0 \-\-scan
 .TP
 \fB\-\-seccomp
 Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows:
-mount, umount2, ptrace, kexec_load, kexec_file_load, open_by_handle_at, init_module, finit_module, delete_module,
-iopl, ioperm, swapon, swapoff, syslog, process_vm_readv, process_vm_writev,
+mount, umount2, ptrace, kexec_load, kexec_file_load, name_to_handle_at, open_by_handle_at, create_module, init_module, finit_module, delete_module,
+iopl, ioperm, ioprio_set, swapon, swapoff, syslog, process_vm_readv, process_vm_writev,
 sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp,
 add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup,
 io_destroy, io_getevents, io_submit, io_cancel,