From f89ba6ad2638749e96b048330c262ee591cefe30 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 12 Dec 2017 09:09:13 -0500
Subject: starting 0.9.53

---
 README.md | 155 +-------------------------------------------------------------
 1 file changed, 1 insertion(+), 154 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 20659dc3d..1a3c1b4c5 100644
--- a/README.md
+++ b/README.md
@@ -96,157 +96,4 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir
 `````
 
 `````
-# Current development version: 0.9.51
-
-## Whitelisting, globbing etc.
-
-We deployed a whitelist for /var directory ("include /etc/firejail/whitelist-var-common.inc").
-It is currently done for 115 applications.
-
-We added globbing support for --private-bin and whitelisting support for /etc and /usr/share.
-
---private-lib was enhanced to autodetect GTK2, GTK3 and Qt4 libraries. In the next release we do a test run with this option enabled
-for the following applications: evince, galculator, gnome-calculator,
-    leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu,
-    atril, mate-color-select, tar, file, strings, gpicview,
-    eom, eog, gedit, pluma
-
-Just for fun, this is a private-bin/private-lib Firefox running on Debian 9:
-`````
-$ firejail --private-bin=firefox,firefox-esr,sh,which --private-lib=firefox-esr firefox
-`````
-
-
-## Profile build  tool
-`````
-$ firejail --build appname
-$ firejail --build=appname.profile appname
-`````
-The command builds a whitelisted profile. If /usr/bin/strace is installed on the system, it also
-builds a whitelisted seccomp profile. The program is run in a very relaxed sandbox,
-with only --caps.drop=all and --nonewprivs. Programs that raise user privileges are not supported
-in order to allow strace to run. Chromium and Chromium-based browsers will not work.
-
-Example:
-`````
-$ firejail --build /usr/bin/vlc ~/Videos/test.mp4
-
-[...]
-
-############################################
-# /usr/bin/vlc profile
-############################################
-# Persistent global definitions
-# include /etc/firejail/globals.local
-
-### basic blacklisting
-include /etc/firejail/disable-common.inc
-# include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-passwdmgr.inc
-# include /etc/firejail/disable-programs.inc
-
-### home directory whitelisting
-whitelist ~/Videos
-whitelist ~/.local/share/vlc
-whitelist ~/.config/vlc
-include /etc/firejail/whitelist-common.inc
-
-### filesystem
-private-tmp
-private-dev
-private-etc vdpau_wrapper.cfg,udev,drirc,fonts,xdg,gtk-3.0,machine-id,selinux,
-whitelist /var/lib/menu-xdg
-# private-bin vlc,
-
-### security filters
-caps.drop all
-nonewprivs
-seccomp
-# seccomp.keep futex,poll,rt_sigtimedwait,ioctl,fdatasync,read,writev,sendmsg,sendto,write,recvmsg,mmap,mprotect,getpid,stat,clock_nanosleep,munmap,close,access,lseek,fcntl,open,fstat,lstat,brk,rt_sigaction,rt_sigprocmask,rt_sigreturn,madvise,shmget,shmat,shmctl,alarm,socket,connect,recvfrom,shutdown,getsockname,getpeername,setsockopt,getsockopt,clone,execve,uname,shmdt,flock,ftruncate,getdents,rename,mkdir,unlink,readlink,chmod,getrlimit,sysinfo,getuid,getgid,geteuid,getegid,getresuid,getresgid,statfs,fstatfs,prctl,arch_prctl,sched_getaffinity,set_tid_address,fadvise64,clock_getres,tgkill,set_robust_list,eventfd2,dup3,pipe2,getrandom,memfd_create
-# 76 syscalls total
-# Probably you will need to add more syscalls to seccomp.keep. Look for
-# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while
-# running your sandbox.
-
-### network
-protocol unix,netlink,
-net none
-
-### environment
-shell none
-$
-`````
-
-## New command line and profile options
-`````
-      --writable-run-user
-              This    options    disables   the   default   blacklisting   of
-              run/user/$UID/systemd and /run/user/$UID/gnupg.
-
-              Example:
-              $ sudo firejail --writable-run-user
-
-       --rlimit-as=number
-              Set the maximum size of the process's virtual  memory  (address
-              space) in bytes.
-
-       --rlimit-cpu=number
-              Set  the  maximum limit, in seconds, for the amount of CPU time
-              each sandboxed process  can consume. When the limit is reached,
-              the processes are killed.
-
-              The  CPU  limit  is  a limit on CPU seconds rather than elapsed
-              time. CPU seconds is basically how many  seconds  the  CPU  has
-              been  in  use  and  does not necessarily directly relate to the
-              elapsed time. Linux kernel keeps track of CPU seconds for  each
-              process independently.
-
-       --timeout=hh:mm:ss
-              Kill  the sandbox automatically after the time has elapsed. The
-              time is specified in hours/minutes/seconds format.
-
-              $ firejail --timeout=01:30:00 firefox
-
-      --debug-private-lib
-              Debug messages for --private-lib option.
-
-       --netfilter=filename,arg1,arg2,arg3 ...
-              This  is  the  template  version of the previous command. $ARG1,
-              $ARG2, $ARG3 ... in the firewall script are replaced with  arg1,
-              arg2,  arg3  ...  passed on the command line. Up to 16 arguments
-              are supported.  Example:
-
-              $ firejail --net=eth0 --ip=192.168.1.105 \
-              --netfilter=/etc/firejail/tcpserver.net,5001 server-program
-
-       --netfilter.print=name|pid
-              Print  the  firewall installed in the sandbox specified by name
-              or PID. Example:
-
-              $ firejail --name=browser --net=eth0 --netfilter firefox &
-              $ firejail --netfilter.print=browser
-
-       --netfilter6.print=name|pid
-              Print the IPv6 firewall installed in the sandbox  specified  by
-              name or PID. Example:
-
-              $ firejail --name=browser --net=eth0 --netfilter firefox &
-              $ firejail --netfilter6.print=browser
-
-`````
-
-## New profiles:
-
-terasology, surf, rocketchat, clamscan, clamdscan, clamdtop, freshclam, xmr-stak-cpu,
-amule, ardour4, ardour5, brackets, calligra, calligraauthor, calligraconverter,
-calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage,
-calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth,
-imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron,
-ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
-conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,
-aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget, nheko, Enpass,
-kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report, cower (Arch),
-kdeinit4
-
-Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles,
-https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles.
+# Current development version: 0.9.53
-- 
cgit v1.2.3-54-g00ecf