man jailcheck

JAILCHECK(1)                  JAILCHECK man page                  JAILCHECK(1)

       jailcheck - Simple utility program to test running sandboxes

       sudo jailcheck [OPTIONS] [directory]

       jailcheck attaches itself to all sandboxes started by the user and per‐
       forms some basic tests on the sandbox filesystem:

       1. Virtual directories
              jailcheck extracts a list with the main virtual directories  in‐
              stalled by the sandbox.  These directories are build by firejail
              at startup using --private* and --whitelist commands.

       2. Noexec test
              jailcheck inserts executable programs in  /home/username,  /tmp,
              and  /var/tmp  directories and tries to run them from inside the
              sandbox, thus testing if the directory is executable or not.

       3. Read access test
              jailcheck creates test files in the directories specified by the
              user and tries to read them from inside the sandbox.

       4. AppArmor test

       5. Seccomp test

       6. Networking test

       The program is started as root using sudo.

              Print debug messages.

       -?, --help
              Print options and exit.

              Print program version and exit.

              One  or  more  directories in user home to test for read access.
              ~/.ssh and ~/.gnupg are tested by default.

       For each sandbox detected we print the following line:

            PID:USER:Sandbox Name:Command

       It is followed by relevant sandbox information, such as the virtual di‐
       rectories and various warnings.

       $ sudo jailcheck
       2014:netblue::firejail /usr/bin/gimp
          Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
          Warning: I can run programs in /home/netblue
          Networking: disabled

       2055:netblue::firejail /usr/bin/ssh -X
          Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
          Warning: I can read ~/.ssh
          Networking: enabled

       2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.ap‐
          Virtual dirs: /tmp, /var/tmp, /dev,
          Networking: enabled

       26090:netblue::/usr/bin/firejail /opt/firefox/firefox
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
          Networking: enabled

       26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
          Warning: AppArmor not enabled
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
                        /usr/share, /run/user/1000,
          Warning: I can run programs in /home/netblue
          Networking: enabled

       This program is free software; you can redistribute it and/or modify it
       under  the  terms of the GNU General Public License as published by the
       Free Software Foundation; either version 2 of the License, or (at  your
       option) any later version.


       firejail(1),  firemon(1), firecfg(1), firejail-profile(5), firejail-lo‐
       gin(5), firejail-users(5),

0.9.66                             Jun 2021                       JAILCHECK(1)