JAILCHECK(1) JAILCHECK man page JAILCHECK(1)
jailcheck - Simple utility program to test running sandboxes
sudo jailcheck [OPTIONS] [directory]
jailcheck attaches itself to all sandboxes started by the user and performs some basic tests on the sandbox filesystem: 1. Virtual directories jailcheck extracts a list with the main virtual directories installed by the sandbox. These directories are build by firejail at startup using --private* and --whitelist commands. 2. Noexec test jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories and tries to run them from inside the sandbox, thus testing if the directory is executable or not. 3. Read access test jailcheck creates test files in the directories specified by the user and tries to read them from inside the sandbox. 4. AppArmor test 5. Seccomp test 6. Networking test The program is started as root using sudo.
--debug Print debug messages. -?, --help Print options and exit. --version Print program version and exit. [directory] One or more directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by default.
For each sandbox detected we print the following line: PID:USER:Sandbox Name:Command It is followed by relevant sandbox information, such as the virtual directories and various warnings.
$ sudo jailcheck 2014:netblue::firejail /usr/bin/gimp Virtual dirs: /tmp, /var/tmp, /dev, /usr/share, Warning: I can run programs in /home/netblue Networking: disabled 2055:netblue::firejail /usr/bin/ssh -X email@example.com Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000, Warning: I can read ~/.ssh Networking: enabled 2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice- fresh.appimage Virtual dirs: /tmp, /var/tmp, /dev, Networking: enabled 26090:netblue::/usr/bin/firejail /opt/firefox/firefox Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share, /run/user/1000, Networking: enabled 26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start- tor Warning: AppArmor not enabled Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin, /usr/share, /run/user/1000, Warning: I can run programs in /home/netblue Networking: enabled
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Homepage: https://firejail.wordpress.com
firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-login(5), firejail-users(5),
This page is part of the Firejail (Firejail security sandbox) project. Information about the project can be found at ⟨https://firejail.wordpress.com⟩. If you have a bug report for this manual page, see ⟨https://firejail.wordpress.com/support/⟩. This page was obtained from the project's upstream Git repository ⟨https://github.com/netblue30/firejail.git⟩ on 2021-08-27. (At that time, the date of the most recent commit that was found in the repository was 2021-08-16.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which is not part of the original manual page), send a mail to firstname.lastname@example.org 0.9.67 Aug 2021 JAILCHECK(1)
Pages that refer to this page: firecfg(1), firejail(1), firemon(1), firejail-login(5), firejail-profile(5), firejail-users(5)