man jailcheck

JAILCHECK(1)                  JAILCHECK man page                  JAILCHECK(1)

NAME
       jailcheck - Simple utility program to test running sandboxes

SYNOPSIS
       sudo jailcheck [OPTIONS] [directory]

DESCRIPTION
       jailcheck attaches itself to all sandboxes started by the user and per‐
       forms some basic tests on the sandbox filesystem:

       1. Virtual directories
              jailcheck extracts a list with the main virtual directories  in‐
              stalled by the sandbox.  These directories are build by firejail
              at startup using --private* and --whitelist commands.

       2. Noexec test
              jailcheck inserts executable programs in  /home/username,  /tmp,
              and  /var/tmp  directories and tries to run them from inside the
              sandbox, thus testing if the directory is executable or not.

       3. Read access test
              jailcheck creates test files in the directories specified by the
              user and tries to read them from inside the sandbox.

       4. AppArmor test

       5. Seccomp test

       6. Networking test

       The program is started as root using sudo.

OPTIONS
       --debug
              Print debug messages.

       -?, --help
              Print options and exit.

       --version
              Print program version and exit.

       [directory]
              One  or  more  directories in user home to test for read access.
              ~/.ssh and ~/.gnupg are tested by default.

OUTPUT
       For each sandbox detected we print the following line:

            PID:USER:Sandbox Name:Command

       It is followed by relevant sandbox information, such as the virtual di‐
       rectories and various warnings.

EXAMPLE
       $ sudo jailcheck
       2014:netblue::firejail /usr/bin/gimp
          Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
          Warning: I can run programs in /home/netblue
          Networking: disabled

       2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
          Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
          Warning: I can read ~/.ssh
          Networking: enabled

       2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.ap‐
       pimage
          Virtual dirs: /tmp, /var/tmp, /dev,
          Networking: enabled

       26090:netblue::/usr/bin/firejail /opt/firefox/firefox
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
                        /run/user/1000,
          Networking: enabled

       26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
          Warning: AppArmor not enabled
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
                        /usr/share, /run/user/1000,
          Warning: I can run programs in /home/netblue
          Networking: enabled

LICENSE
       This program is free software; you can redistribute it and/or modify it
       under  the  terms of the GNU General Public License as published by the
       Free Software Foundation; either version 2 of the License, or (at  your
       option) any later version.

       Homepage: https://firejail.wordpress.com

SEE ALSO
       firejail(1),  firemon(1), firecfg(1), firejail-profile(5), firejail-lo‐
       gin(5), firejail-users(5),

0.9.66                             Jun 2021                       JAILCHECK(1)