1JAILCHECK(1) JAILCHECK man page JAILCHECK(1)
2
3
4
6 jailcheck - Simple utility program to test running sandboxes
7
9 sudo jailcheck [OPTIONS] [directory]
10
12 jailcheck attaches itself to all sandboxes started by the user and per‐
13 forms some basic tests on the sandbox filesystem:
14
15 1. Virtual directories
16 jailcheck extracts a list with the main virtual directories in‐
17 stalled by the sandbox. These directories are build by firejail
18 at startup using --private* and --whitelist commands.
19
20 2. Noexec test
21 jailcheck inserts executable programs in /home/username, /tmp,
22 and /var/tmp directories and tries to run them from inside the
23 sandbox, thus testing if the directory is executable or not.
24
25 3. Read access test
26 jailcheck creates test files in the directories specified by the
27 user and tries to read them from inside the sandbox.
28
29 4. AppArmor test
30
31 5. Seccomp test
32
33 6. Networking test
34
35 The program is started as root using sudo.
36
37
39 --debug
40 Print debug messages.
41
42 -?, --help
43 Print options and exit.
44
45 --version
46 Print program version and exit.
47
48 [directory]
49 One or more directories in user home to test for read access.
50 ~/.ssh and ~/.gnupg are tested by default.
51
52
54 For each sandbox detected we print the following line:
55
56 PID:USER:Sandbox Name:Command
57
58 It is followed by relevant sandbox information, such as the virtual di‐
59 rectories and various warnings.
60
61
63 $ sudo jailcheck
64 2014:netblue::firejail /usr/bin/gimp
65 Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
66 Warning: I can run programs in /home/netblue
67 Networking: disabled
68
69 2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
70 Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
71 Warning: I can read ~/.ssh
72 Networking: enabled
73
74 2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.ap‐
75 pimage
76 Virtual dirs: /tmp, /var/tmp, /dev,
77 Networking: enabled
78
79 26090:netblue::/usr/bin/firejail /opt/firefox/firefox
80 Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
81 /run/user/1000,
82 Networking: enabled
83
84 26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
85 Warning: AppArmor not enabled
86 Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
87 /usr/share, /run/user/1000,
88 Warning: I can run programs in /home/netblue
89 Networking: enabled
90
91
92
94 This program is free software; you can redistribute it and/or modify it
95 under the terms of the GNU General Public License as published by the
96 Free Software Foundation; either version 2 of the License, or (at your
97 option) any later version.
98
99 Homepage: https://firejail.wordpress.com
100
102 firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-lo‐
103 gin(5), firejail-users(5),
104
105
106
1070.9.72 Jul 2023 JAILCHECK(1)