|
HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OUTPUT | EXAMPLE | LICENSE | SEE ALSO | COLOPHON |
|
|
|
JAILCHECK(1) JAILCHECK man page JAILCHECK(1)
jailcheck - Simple utility program to test running sandboxes
sudo jailcheck [OPTIONS] [directory]
jailcheck attaches itself to all sandboxes started by the user
and performs some basic tests on the sandbox filesystem:
1. Virtual directories
jailcheck extracts a list with the main virtual
directories installed by the sandbox. These directories
are build by firejail at startup using --private* and
--whitelist commands.
2. Noexec test
jailcheck inserts executable programs in /home/username,
/tmp, and /var/tmp directories and tries to run them from
inside the sandbox, thus testing if the directory is
executable or not.
3. Read access test
jailcheck creates test files in the directories specified
by the user and tries to read them from inside the
sandbox.
4. AppArmor test
5. Seccomp test
6. Networking test
The program is started as root using sudo.
--debug
Print debug messages.
-?, --help
Print options and exit.
--version
Print program version and exit.
[directory]
One or more directories in user home to test for read
access. ~/.ssh and ~/.gnupg are tested by default.
For each sandbox detected we print the following line:
PID:USER:Sandbox Name:Command
It is followed by relevant sandbox information, such as the
virtual directories and various warnings.
$ sudo jailcheck
2014:netblue::firejail /usr/bin/gimp
Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
Warning: I can run programs in /home/netblue
Networking: disabled
2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
Warning: I can read ~/.ssh
Networking: enabled
2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-
fresh.appimage
Virtual dirs: /tmp, /var/tmp, /dev,
Networking: enabled
26090:netblue::/usr/bin/firejail /opt/firefox/firefox
Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc,
/usr/share,
/run/user/1000,
Networking: enabled
26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-
tor
Warning: AppArmor not enabled
Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
/usr/share, /run/user/1000,
Warning: I can run programs in /home/netblue
Networking: enabled
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of
the License, or (at your option) any later version.
Homepage: https://firejail.wordpress.com
firejail(1), firemon(1), firecfg(1), firejail-profile(5),
firejail-login(5), firejail-users(5),
This page is part of the Firejail (Firejail security sandbox)
project. Information about the project can be found at
⟨https://firejail.wordpress.com⟩. If you have a bug report for
this manual page, see ⟨https://firejail.wordpress.com/support/⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/netblue30/firejail.git⟩ on 2024-06-14. (At
that time, the date of the most recent commit that was found in
the repository was 2024-06-14.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
0.9.73 Jun 2023 JAILCHECK(1)
Pages that refer to this page: firecfg(1), firejail(1), firemon(1), firejail-login(5), firejail-profile(5), firejail-users(5)
|
HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|