logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

jailcheck - Simple utility program to test running sandboxes

Description

       jailcheck  attaches  itself  to  all  sandboxes  started by the user and performs some basic tests on the
       sandbox filesystem:

       1.Virtualdirectories
              jailcheck extracts a list with the main virtual  directories  installed  by  the  sandbox.   These
              directories are build by firejail at startup using --private* and --whitelist commands.

       2.Noexectest
              jailcheck  inserts executable programs in /home/username, /tmp, and /var/tmp directories and tries
              to run them from inside the sandbox, thus testing if the directory is executable or not.

       3.Readaccesstest
              jailcheck creates test files in the directories specified by the user and tries to read them  from
              inside the sandbox.

       4.AppArmortest5.Seccomptest6.Networkingtest

       The program is started as root using sudo.

Example

       $ sudo jailcheck
       2014:netblue::firejail /usr/bin/gimp
          Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
          Warning: I can run programs in /home/netblue
          Networking: disabled

       2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
          Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
          Warning: I can read ~/.ssh
          Networking: enabled

       2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage
          Virtual dirs: /tmp, /var/tmp, /dev,
          Networking: enabled

       26090:netblue::/usr/bin/firejail /opt/firefox/firefox
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
                        /run/user/1000,
          Networking: enabled

       26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
          Warning: AppArmor not enabled
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
                        /usr/share, /run/user/1000,
          Warning: I can run programs in /home/netblue
          Networking: enabled

License

       This program is free software; you can redistribute it and/or modify  it  under  the  terms  of  the  GNU
       General  Public License as published by the Free Software Foundation; either version 2 of the License, or
       (at your option) any later version.

       Homepage: https://firejail.wordpress.com

Name

       jailcheck - Simple utility program to test running sandboxes

Options

--debug
              Print debug messages.

       -?, --help
              Print options and exit.

       --version
              Print program version and exit.

       [directory]
              One  or  more  directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by
              default.

Output

       For each sandbox detected we print the following line:

            PID:USER:Sandbox Name:Command

       It is followed by relevant sandbox information, such as the virtual directories and various warnings.

See Also

firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-login(5), firejail-users(5),

0.9.72                                              Apr 2024                                        JAILCHECK(1)

Synopsis

       sudo jailcheck [OPTIONS] [directory]

See Also