JAILCHECK(1) | JAILCHECK man page | JAILCHECK(1) |
NAME¶
jailcheck - Simple utility program to test running sandboxes
SYNOPSIS¶
sudo jailcheck [OPTIONS] [directory]
DESCRIPTION¶
jailcheck attaches itself to all sandboxes started by the user and performs some basic tests on the sandbox filesystem:
- 1. Virtual directories
- jailcheck extracts a list with the main virtual directories installed by the sandbox. These directories are build by firejail at startup using --private* and --whitelist commands.
- 2. Noexec test
- jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories and tries to run them from inside the sandbox, thus testing if the directory is executable or not.
- 3. Read access test
- jailcheck creates test files in the directories specified by the user and tries to read them from inside the sandbox.
- 4. AppArmor test
- 5. Seccomp test
- 6. Networking test
- The program is started as root using sudo.
OPTIONS¶
OUTPUT¶
For each sandbox detected we print the following line:
PID:USER:Sandbox Name:Command
It is followed by relevant sandbox information, such as the virtual directories and various warnings.
EXAMPLE¶
$ sudo jailcheck
2014:netblue::firejail /usr/bin/gimp
Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
Warning: I can run programs in /home/netblue
Networking: disabled
2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
Warning: I can read ~/.ssh
Networking: enabled
2186:netblue:libreoffice:firejail --appimage
/opt/LibreOffice-fresh.appimage
Virtual dirs: /tmp, /var/tmp, /dev,
Networking: enabled
26090:netblue::/usr/bin/firejail /opt/firefox/firefox
Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
/run/user/1000,
Networking: enabled
26160:netblue:tor:firejail --private=~/tor-browser_en-US
./start-tor
Warning: AppArmor not enabled
Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
/usr/share, /run/user/1000,
Warning: I can run programs in /home/netblue
Networking: enabled
LICENSE¶
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Homepage: https://firejail.wordpress.com
SEE ALSO¶
firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-login(5), firejail-users(5),
Jan 2023 | 0.9.72 |