jailtest -> jailcheck (#4268)

author: netblue30 <netblue30@protonmail.com> 2021-05-18 13:49:02 -0400
committer: netblue30 <netblue30@protonmail.com> 2021-05-18 13:49:02 -0400
commit: b79e4416fe642976111a2d610a19c3e4696bb2e2 (patch)
tree: c038806bb80d57314a248dbc6df92b91d32a3a59 /src/man/jailcheck.txt
parent: readme, etc (diff)
download: firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.tar.gz
firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.tar.zst
firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.zip
1 files changed, 105 insertions, 0 deletions
diff --git a/src/man/jailcheck.txt b/src/man/jailcheck.txt
new file mode 100644
index 000000000..c80e305cc
--- /dev/null
+++ b/src/man/jailcheck.txt
@@ -0,0 +1,105 @@
+.TH JAILCHECK 1 "MONTH YEAR" "VERSION" "JAILCHECK man page"
+.SH NAME
+jailcheck \- Simple utility program to test running sandboxes
+.SH SYNOPSIS
+sudo jailcheck [OPTIONS] [directory]
+.SH DESCRIPTION
+jailcheck attaches itself to all sandboxes started by the user and performs some basic tests
+on the sandbox filesystem:
+.TP
+\fB1. Virtual directories
+jailcheck extracts a list with the main virtual directories installed by the sandbox.
+These directories are build by firejail at startup using --private* and --whitelist commands.
+.TP
+\fB2. Noexec test
+jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories
+and tries to run them from inside the sandbox, thus testing if the directory is executable or not.
+.TP
+\fB3. Read access test
+jailcheck creates test files in the directories specified by the user and tries to read
+them from inside the sandbox.
+.TP
+\fB4. AppArmor test
+.TP
+\fB5. Seccomp test
+.TP
+The program is started as root using sudo.
+.SH OPTIONS
+.TP
+\fB\-\-debug
+Print debug messages.
+.TP
+\fB\-?\fR, \fB\-\-help\fR
+Print options and exit.
+.TP
+\fB\-\-version
+Print program version and exit.
+.TP
+\fB[directory]
+One or more directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by default.
+.SH OUTPUT
+For each sandbox detected we print the following line:
+        PID:USER:Sandbox Name:Command
+It is followed by relevant sandbox information, such as the virtual directories and various warnings.
+.SH EXAMPLE
+$ sudo jailcheck
+.br
+2014:netblue::firejail /usr/bin/gimp
+.br
+   Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
+.br
+   Warning: I can run programs in /home/netblue
+.br
+.br
+2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
+.br
+   Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
+.br
+   Warning: I can read ~/.ssh
+.br
+.br
+2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage
+.br
+   Virtual dirs: /tmp, /var/tmp, /dev,
+.br
+.br
+26090:netblue::/usr/bin/firejail /opt/firefox/firefox
+.br
+   Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
+.br
+                 /run/user/1000,
+.br
+.br
+26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
+.br
+   Warning: AppArmor not enabled
+.br
+   Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
+.br
+                 /usr/share, /run/user/1000,
+.br
+   Warning: I can run programs in /home/netblue
+.br
+.SH LICENSE
+This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+.PP
+Homepage: https://firejail.wordpress.com
+.SH SEE ALSO
+.BR firejail (1),
+.BR firemon (1),
+.BR firecfg (1),
+.BR firejail-profile (5),
+.BR firejail-login (5),
+.BR firejail-users (5),
author	netblue30 <netblue30@protonmail.com>	2021-05-18 13:49:02 -0400
committer	netblue30 <netblue30@protonmail.com>	2021-05-18 13:49:02 -0400
commit	b79e4416fe642976111a2d610a19c3e4696bb2e2 (patch)
tree	c038806bb80d57314a248dbc6df92b91d32a3a59 /src/man/jailcheck.txt
parent	readme, etc (diff)
download	firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.tar.gz firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.tar.zst firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.zip

diff --git a/src/man/jailcheck.txt b/src/man/jailcheck.txt new file mode 100644 index 000000000..c80e305cc --- /dev/null +++ b/src/man/jailcheck.txt
@@ -0,0 +1,105 @@
	1	.TH JAILCHECK 1 "MONTH YEAR" "VERSION" "JAILCHECK man page"
	2	.SH NAME
	3	jailcheck \- Simple utility program to test running sandboxes
	4	.SH SYNOPSIS
	5	sudo jailcheck [OPTIONS] [directory]
	6	.SH DESCRIPTION
	7	jailcheck attaches itself to all sandboxes started by the user and performs some basic tests
	8	on the sandbox filesystem:
	9	.TP
	10	\fB1. Virtual directories
	11	jailcheck extracts a list with the main virtual directories installed by the sandbox.
	12	These directories are build by firejail at startup using --private* and --whitelist commands.
	13	.TP
	14	\fB2. Noexec test
	15	jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories
	16	and tries to run them from inside the sandbox, thus testing if the directory is executable or not.
	17	.TP
	18	\fB3. Read access test
	19	jailcheck creates test files in the directories specified by the user and tries to read
	20	them from inside the sandbox.
	21	.TP
	22	\fB4. AppArmor test
	23	.TP
	24	\fB5. Seccomp test
	25	.TP
	26	The program is started as root using sudo.
	27
	28	.SH OPTIONS
	29	.TP
	30	\fB\-\-debug
	31	Print debug messages.
	32	.TP
	33	\fB\-?\fR, \fB\-\-help\fR
	34	Print options and exit.
	35	.TP
	36	\fB\-\-version
	37	Print program version and exit.
	38	.TP
	39	\fB[directory]
	40	One or more directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by default.
	41
	42	.SH OUTPUT
	43	For each sandbox detected we print the following line:
	44
	45	PID:USER:Sandbox Name:Command
	46
	47	It is followed by relevant sandbox information, such as the virtual directories and various warnings.
	48
	49	.SH EXAMPLE
	50
	51	$ sudo jailcheck
	52	.br
	53	2014:netblue::firejail /usr/bin/gimp
	54	.br
	55	Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
	56	.br
	57	Warning: I can run programs in /home/netblue
	58	.br
	59
	60	.br
	61	2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
	62	.br
	63	Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
	64	.br
	65	Warning: I can read ~/.ssh
	66	.br
	67
	68	.br
	69	2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage
	70	.br
	71	Virtual dirs: /tmp, /var/tmp, /dev,
	72	.br
	73
	74	.br
	75	26090:netblue::/usr/bin/firejail /opt/firefox/firefox
	76	.br
	77	Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
	78	.br
	79	/run/user/1000,
	80	.br
	81
	82	.br
	83	26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
	84	.br
	85	Warning: AppArmor not enabled
	86	.br
	87	Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
	88	.br
	89	/usr/share, /run/user/1000,
	90	.br
	91	Warning: I can run programs in /home/netblue
	92	.br
	93
	94
	95	.SH LICENSE
	96	This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
	97	.PP
	98	Homepage: https://firejail.wordpress.com
	99	.SH SEE ALSO
	100	.BR firejail (1),
	101	.BR firemon (1),
	102	.BR firecfg (1),
	103	.BR firejail-profile (5),
	104	.BR firejail-login (5),
	105	.BR firejail-users (5),