jailcheck - Man Page

Simple utility program to test running sandboxes

Synopsis

sudo jailcheck [Options] [directory]

Description

jailcheck attaches itself to all sandboxes started by the user and performs some basic tests on the sandbox filesystem:

1. Virtual directories

jailcheck extracts a list with the main virtual directories installed by the sandbox. These directories are build by firejail at startup using --private* and --whitelist commands.

2. Noexec test

jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories and tries to run them from inside the sandbox, thus testing if the directory is executable or not.

3. Read access test

jailcheck creates test files in the directories specified by the user and tries to read them from inside the sandbox.

4. AppArmor test

5. Seccomp test

6. Networking test

The program is started as root using sudo.

Options

--debug

Print debug messages.

-?,  --help

Print options and exit.

--version

Print program version and exit.

[directory]

One or more directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by default.

Output

For each sandbox detected we print the following line:

PID:USER:Sandbox Name:Command

It is followed by relevant sandbox information, such as the virtual directories and various warnings.

Example

$ sudo jailcheck
2014:netblue::firejail /usr/bin/gimp
  Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
  Warning: I can run programs in /home/netblue
  Networking: disabled

2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
  Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
  Warning: I can read ~/.ssh
  Networking: enabled

2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage
  Virtual dirs: /tmp, /var/tmp, /dev,
  Networking: enabled

26090:netblue::/usr/bin/firejail /opt/firefox/firefox
  Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
                /run/user/1000,
  Networking: enabled

26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
  Warning: AppArmor not enabled
  Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
                /usr/share, /run/user/1000,
  Warning: I can run programs in /home/netblue
  Networking: enabled

License

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

Homepage: https://firejail.wordpress.com

See Also

firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-login(5), firejail-users(5),

Referenced By

firecfg(1), firejail(1), firejail-login(5), firejail-profile(5), firejail-users(5), firemon(1).

Jul 2021 0.9.66 JAILCHECK man page