Provided by: firejail_0.9.72-2ubuntu3_amd64 bug

NAME
       jailcheck - Simple utility program to test running sandboxes


SYNOPSIS
       sudo jailcheck [OPTIONS] [directory]


DESCRIPTION
       jailcheck  attaches  itself  to  all  sandboxes  started by the user and performs some basic tests on the
       sandbox filesystem:

       1. Virtual directories
              jailcheck extracts a list with the main virtual  directories  installed  by  the  sandbox.   These
              directories are build by firejail at startup using --private* and --whitelist commands.

       2. Noexec test
              jailcheck  inserts executable programs in /home/username, /tmp, and /var/tmp directories and tries
              to run them from inside the sandbox, thus testing if the directory is executable or not.

       3. Read access test
              jailcheck creates test files in the directories specified by the user and tries to read them  from
              inside the sandbox.

       4. AppArmor test

       5. Seccomp test

       6. Networking test

       The program is started as root using sudo.


OPTIONS
       --debug
              Print debug messages.

       -?, --help
              Print options and exit.

       --version
              Print program version and exit.

       [directory]
              One  or  more  directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by
              default.


OUTPUT
       For each sandbox detected we print the following line:

            PID:USER:Sandbox Name:Command

       It is followed by relevant sandbox information, such as the virtual directories and various warnings.


EXAMPLE
       $ sudo jailcheck
       2014:netblue::firejail /usr/bin/gimp
          Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
          Warning: I can run programs in /home/netblue
          Networking: disabled

       2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
          Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
          Warning: I can read ~/.ssh
          Networking: enabled

       2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage
          Virtual dirs: /tmp, /var/tmp, /dev,
          Networking: enabled

       26090:netblue::/usr/bin/firejail /opt/firefox/firefox
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
                        /run/user/1000,
          Networking: enabled

       26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
          Warning: AppArmor not enabled
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
                        /usr/share, /run/user/1000,
          Warning: I can run programs in /home/netblue
          Networking: enabled


LICENSE
       This program is free software; you can redistribute it and/or modify  it  under  the  terms  of  the  GNU
       General  Public License as published by the Free Software Foundation; either version 2 of the License, or
       (at your option) any later version.

       Homepage: https://firejail.wordpress.com


SEE ALSO
       firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-login(5), firejail-users(5),

0.9.72                                              Apr 2024                                        JAILCHECK(1)