update README.md

2026-05-15 14:16:14 -06:00 · 2022-02-07 08:49:03 -05:00 · 2022-02-07 08:49:03 -05:00 · 04dbdf838f
commit 04dbdf838f
parent 91b04172b1
1 changed files with 2 additions and 124 deletions
--- a/README.md
+++ b/README.md
@ -207,133 +207,11 @@ You can also use this tool to get a list of syscalls needed by a program: [contr

 We also keep a list of profile fixes for previous released versions in [etc-fixes](https://github.com/netblue30/firejail/tree/master/etc-fixes) directory.

-## Latest released version: 0.9.66
+## Latest released version: 0.9.68

-## Current development version: 0.9.67
+## Current development version: 0.9.69

 Milestone page: https://github.com/netblue30/firejail/milestone/1
-Release discussion: https://github.com/netblue30/firejail/issues/3696
-
-Moving from whitelist/blacklist to allow/deny is under way! We are still open to other options, so it might change!
-
-The old whitelist/blacklist will remain as aliasses for the next one or two releases
-in order to give users a chance to switch their local profiles.
-The latest discussion on this issue is here: https://github.com/netblue30/firejail/issues/4379
-
-### Intrusion Detection System ###
-`````
-      --ids-check
-              Check  file  hashes previously generated by --ids-check. See IN‐
-              TRUSION DETECTION SYSTEM section for more details.
-
-              Example:
-              $ firejail --ids-check
-
-       --ids-init
-              Initialize file hashes. See INTRUSION DETECTION  SYSTEM  section
-              for more details.
-
-              Example:
-              $ firejail --ids-init
-
-INTRUSION DETECTION SYSTEM (IDS)
-       The  host-based  intrusion detection system tracks down and audits user
-       and  system  file  modifications.   The  feature  is  configured  using
-       /etc/firejail/ids.config    file,   the   checksums   are   stored   in
-       /var/lib/firejail/USERNAME.ids, where USERNAME is the name of the  cur‐
-       rent user. We use BLAKE2 cryptographic function for hashing.
-
-       As a regular user, initialize the database:
-
-       $ firejail --ids-init
-       Opening config file /etc/firejail/ids.config
-       Loading config file /etc/firejail/ids.config
-       Opening config file /etc/firejail/ids.config.local
-       500 1000 1500 2000
-       2466 files scanned
-       IDS database initialized
-
-       The  default configuration targets several system executables in direc‐
-       tories such as /bin, /sbin, /usr/bin, /usr/sbin, and  several  critical
-       config  files in user home directory such as ~/.bashrc, ~/.xinitrc, and
-       ~/.config/autostart. Several system config files in /etc directory  are
-       also hashed.
-
-       Run --ids-check to audit the system:
-
-       $ firejail --ids-check
-       Opening config file /etc/firejail/ids.config
-       Loading config file /etc/firejail/ids.config
-       Opening config file /etc/firejail/ids.config.local
-       500 1000 1500
-       Warning: modified /home/netblue/.bashrc
-       2000
-       2466 files scanned: modified 1, permissions 0, new 0, removed 0
-
-       The  program  will  print  the  files that have been modified since the
-       database was created, or the files with different  access  permissions.
-       New files and deleted files are also flagged.
-
-       Currently  while  scanning  the file system symbolic links are not fol‐
-       lowed, and files the user doesn't have  read  access  to  are  silently
-       dropped.   The  program  can  also be run as root (sudo firejail --ids-
-       init/--ids-check).
-
-`````
-
-### File descriptors
-`````
-       --keep-fd=all
-              Inherit all open file descriptors to  the  sandbox.  By  default
-              only  file  descriptors 0, 1 and 2 are inherited to the sandbox,
-              and all other file descriptors are closed.
-
-              Example:
-              $ firejail --keep-fd=all
-
-       --keep-fd=file_descriptor
-              Don't close specified open file  descriptors.  By  default  only
-              file  descriptors  0,  1 and 2 are inherited to the sandbox, and
-              all other file descriptors are closed.
-
-              Example:
-              $ firejail --keep-fd=3,4,5
-`````
-
-### Deteministic Shutdown
-`````
-      --deterministic-exit-code
-              Always exit firejail with the first child's exit status. The de‐
-              fault  behavior  is to use the exit status of the final child to
-              exit, which can be nondeterministic.
-
-       --deterministic-shutdown
-              Always shut down the sandbox after the first  child  has  termi‐
-              nated. The default behavior is to keep the sandbox alive as long
-              as it contains running processes.
-`````
-
-### Network Monitor
-`````
-       --nettrace=name|pid
-              Monitor TCP and UDP traffic coming into the sandbox specified by
-              name or pid. Only networked sandboxes  created  with  --net  are
-              supported.
-
-              $ firejail --nettrace=browser
-                 86 KB/s *********           64.222.84.207:443 United States
-                 76 KB/s ********            192.229.210.163:443 MCI
-                111 B/s                      9.9.9.9:53 Quad9 DNS
-                 32 KB/s ***                 142.250.179.182:443 Google
-
-              If  /usr/bin/geoiplookup  is  installed (geoip-bin packet in De‐
-              bian), the country the IP address originates from  is  added  to
-              the trace.  We also use the static IP map in /etc/firejail/host‐
-              names to print the domain names for some of the more common web‐
-              sites  and  cloud platforms.  No external services are contacted
-              for reverse IP lookup.
-
-`````

 ### Profile Statistics