jailcheck(1) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OUTPUT | EXAMPLE | LICENSE | SEE ALSO | COLOPHON

JAILCHECK(1)               JAILCHECK man page               JAILCHECK(1)

NAME         top

       jailcheck - Simple utility program to test running sandboxes

SYNOPSIS         top

       sudo jailcheck [OPTIONS] [directory]

DESCRIPTION         top

       jailcheck attaches itself to all sandboxes started by the user
       and performs some basic tests on the sandbox filesystem:

       1. Virtual directories
              jailcheck extracts a list with the main virtual
              directories installed by the sandbox.  These directories
              are build by firejail at startup using --private* and
              --whitelist commands.

       2. Noexec test
              jailcheck inserts executable programs in /home/username,
              /tmp, and /var/tmp directories and tries to run them from
              inside the sandbox, thus testing if the directory is
              executable or not.

       3. Read access test
              jailcheck creates test files in the directories specified
              by the user and tries to read them from inside the
              sandbox.

       4. AppArmor test

       5. Seccomp test

       6. Networking test

       The program is started as root using sudo.

OPTIONS         top

       --debug
              Print debug messages.

       -?, --help
              Print options and exit.

       --version
              Print program version and exit.

       [directory]
              One or more directories in user home to test for read
              access. ~/.ssh and ~/.gnupg are tested by default.

OUTPUT         top

       For each sandbox detected we print the following line:

            PID:USER:Sandbox Name:Command

       It is followed by relevant sandbox information, such as the
       virtual directories and various warnings.

EXAMPLE         top

       $ sudo jailcheck
       2014:netblue::firejail /usr/bin/gimp
          Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
          Warning: I can run programs in /home/netblue
          Networking: disabled

       2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
          Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
          Warning: I can read ~/.ssh
          Networking: enabled

       2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-
       fresh.appimage
          Virtual dirs: /tmp, /var/tmp, /dev,
          Networking: enabled

       26090:netblue::/usr/bin/firejail /opt/firefox/firefox
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc,
       /usr/share,
                        /run/user/1000,
          Networking: enabled

       26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-
       tor
          Warning: AppArmor not enabled
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
                        /usr/share, /run/user/1000,
          Warning: I can run programs in /home/netblue
          Networking: enabled

LICENSE         top

       This program is free software; you can redistribute it and/or
       modify it under the terms of the GNU General Public License as
       published by the Free Software Foundation; either version 2 of
       the License, or (at your option) any later version.

       Homepage: https://firejail.wordpress.com

SEE ALSO         top

       firejail(1), firemon(1), firecfg(1), firejail-profile(5),
       firejail-login(5), firejail-users(5),

COLOPHON         top

       This page is part of the Firejail (Firejail security sandbox)
       project.  Information about the project can be found at 
       ⟨https://firejail.wordpress.com⟩.  If you have a bug report for
       this manual page, see ⟨https://firejail.wordpress.com/support/⟩.
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/netblue30/firejail.git⟩ on 2024-06-14.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2024-06-14.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

0.9.73                          Jun 2023                    JAILCHECK(1)

Pages that refer to this page: firecfg(1)firejail(1)firemon(1)firejail-login(5)firejail-profile(5)firejail-users(5)