1JAILCHECK(1)                  JAILCHECK man page                  JAILCHECK(1)
2
3
4

NAME

6       jailcheck - Simple utility program to test running sandboxes
7

SYNOPSIS

9       sudo jailcheck [OPTIONS] [directory]
10

DESCRIPTION

12       jailcheck attaches itself to all sandboxes started by the user and per‐
13       forms some basic tests on the sandbox filesystem:
14
15       1. Virtual directories
16              jailcheck extracts a list with the main virtual directories  in‐
17              stalled by the sandbox.  These directories are build by firejail
18              at startup using --private* and --whitelist commands.
19
20       2. Noexec test
21              jailcheck inserts executable programs in  /home/username,  /tmp,
22              and  /var/tmp  directories and tries to run them from inside the
23              sandbox, thus testing if the directory is executable or not.
24
25       3. Read access test
26              jailcheck creates test files in the directories specified by the
27              user and tries to read them from inside the sandbox.
28
29       4. AppArmor test
30
31       5. Seccomp test
32
33       6. Networking test
34
35       The program is started as root using sudo.
36
37

OPTIONS

39       --debug
40              Print debug messages.
41
42       -?, --help
43              Print options and exit.
44
45       --version
46              Print program version and exit.
47
48       [directory]
49              One  or  more  directories in user home to test for read access.
50              ~/.ssh and ~/.gnupg are tested by default.
51
52

OUTPUT

54       For each sandbox detected we print the following line:
55
56            PID:USER:Sandbox Name:Command
57
58       It is followed by relevant sandbox information, such as the virtual di‐
59       rectories and various warnings.
60
61

EXAMPLE

63       $ sudo jailcheck
64       2014:netblue::firejail /usr/bin/gimp
65          Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
66          Warning: I can run programs in /home/netblue
67          Networking: disabled
68
69       2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
70          Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
71          Warning: I can read ~/.ssh
72          Networking: enabled
73
74       2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.ap‐
75       pimage
76          Virtual dirs: /tmp, /var/tmp, /dev,
77          Networking: enabled
78
79       26090:netblue::/usr/bin/firejail /opt/firefox/firefox
80          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
81                        /run/user/1000,
82          Networking: enabled
83
84       26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
85          Warning: AppArmor not enabled
86          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
87                        /usr/share, /run/user/1000,
88          Warning: I can run programs in /home/netblue
89          Networking: enabled
90
91
92

LICENSE

94       This program is free software; you can redistribute it and/or modify it
95       under  the  terms of the GNU General Public License as published by the
96       Free Software Foundation; either version 2 of the License, or (at  your
97       option) any later version.
98
99       Homepage: https://firejail.wordpress.com
100

SEE ALSO

102       firejail(1),  firemon(1), firecfg(1), firejail-profile(5), firejail-lo‐
103       gin(5), firejail-users(5),
104
105
106
1070.9.72                             Jan 2023                       JAILCHECK(1)
Impressum