jaitest - simple sandbox testing utility program

author: netblue30 <netblue30@protonmail.com> 2021-02-20 10:06:58 -0500
committer: netblue30 <netblue30@protonmail.com> 2021-02-20 10:06:58 -0500
commit: 42e2db1275e37bf669a074c023ea9f9a8b40db43 (patch)
tree: 59169acd88cbce9160b1657a7016c789559e0e20 /src/man
parent: run sort.py (diff)
download: firejail-42e2db1275e37bf669a074c023ea9f9a8b40db43.tar.gz
firejail-42e2db1275e37bf669a074c023ea9f9a8b40db43.tar.zst
firejail-42e2db1275e37bf669a074c023ea9f9a8b40db43.zip
2 files changed, 83 insertions, 1 deletions
diff --git a/src/man/Makefile.in b/src/man/Makefile.in
index 1c4444307..1a1f8ba08 100644
--- a/src/man/Makefile.in
+++ b/src/man/Makefile.in
@@ -1,4 +1,4 @@
-all: firecfg.man firejail.man firejail-login.man firejail-users.man firejail-profile.man firemon.man
+all: firecfg.man firejail.man firejail-login.man firejail-users.man firejail-profile.man firemon.man jailtest.man
 include ../common.mk
 %.man: %.txt
diff --git a/src/man/jailtest.txt b/src/man/jailtest.txt
new file mode 100644
index 000000000..bc1999163
--- /dev/null
+++ b/src/man/jailtest.txt
@@ -0,0 +1,82 @@
+.TH JAILTEST 1 "MONTH YEAR" "VERSION" "JAILTEST man page"
+.SH NAME
+jailtest \- Simple utility program to test running sandboxes
+.SH SYNOPSIS
+sudo jailtest [OPTIONS] [directory]
+.SH DESCRIPTION
+WORK IN PROGRESS!
+jailtest attaches itself to all sandboxes started by the user and performs some basic tests
+on the sandbox filesystem:
+.TP
+\fB1. Virtual directories
+jailtest extracts a list with the main virtual directories installed by the sandbox.
+These directories are build by firejail at startup using --private* and --whitelist commands.
+.TP
+\fB2. Noexec test
+jailtest inserts executable programs in /home/username, /tmp, and /var/tmp directories
+and tries to run them form inside the sandbox, thus testing if the directory is executable or not.
+.TP
+\fB3. Read access test
+jailtest creates test files in the directories specified by the user and tries to read
+them from inside the sandbox.
+.TP
+The program is running as root exclusively under sudo.
+.SH OPTIONS
+.TP
+\fB\-\-debug
+Print debug messages
+.TP
+\fB\-?\fR, \fB\-\-help\fR
+Print options end exit.
+.TP
+\fB\-\-version
+Print program version and exit.
+.TP
+\fB[directory]
+One or more directories in user home to test for read access.
+.SH OUTPUT
+For each sandbox detected we print the following line:
+        PID:USER:Sandbox Name:Command
+It is followed by relevant sandbox information, such as the virtual directories and various warnings.
+.SH EXAMPLE
+.br
+$ sudo jailtest ~/.ssh ~/.gnupg
+.br
+1429:netblue::/usr/bin/firejail /opt/firefox/firefox
+.br
+   Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc,
+.br
+5602:netblue::/usr/bin/firejail /usr/bin/ssh netblue@x.y.z.net
+.br
+   Virtual dirs: /var/tmp, /dev,
+.br
+   Warning: I can read ~/.ssh
+.br
+5926:netblue::/usr/bin/firejail /usr/bin/gimp-2.10
+.br
+   Virtual dirs: /tmp, /var/tmp, /dev,
+.br
+   Warning: I can run programs in /home/netblue
+.br
+6394:netblue:libreoffice:/usr/bin/firejail libreoffice
+.br
+   Virtual dirs: /tmp, /var/tmp, /dev,
+.br
+.SH LICENSE
+This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+.PP
+Homepage: https://firejail.wordpress.com
+.SH SEE ALSO
+\&\flfirejail\fR\|(1),
+\&\flfirecfg\fR\|(1),
+\&\flfirejail-profile\fR\|(5),
+\&\flfirejail-login\fR\|(5)
+\&\flfirejail-users\fR\|(5)
author	netblue30 <netblue30@protonmail.com>	2021-02-20 10:06:58 -0500
committer	netblue30 <netblue30@protonmail.com>	2021-02-20 10:06:58 -0500
commit	42e2db1275e37bf669a074c023ea9f9a8b40db43 (patch)
tree	59169acd88cbce9160b1657a7016c789559e0e20 /src/man
parent	run sort.py (diff)
download	firejail-42e2db1275e37bf669a074c023ea9f9a8b40db43.tar.gz firejail-42e2db1275e37bf669a074c023ea9f9a8b40db43.tar.zst firejail-42e2db1275e37bf669a074c023ea9f9a8b40db43.zip

diff --git a/src/man/Makefile.in b/src/man/Makefile.in index 1c4444307..1a1f8ba08 100644 --- a/src/man/Makefile.in +++ b/src/man/Makefile.in
@@ -1,4 +1,4 @@
1	all: firecfg.man firejail.man firejail-login.man firejail-users.man firejail-profile.man firemon.man	1	all: firecfg.man firejail.man firejail-login.man firejail-users.man firejail-profile.man firemon.man jailtest.man
2	include ../common.mk	2	include ../common.mk
3		3
4	%.man: %.txt	4	%.man: %.txt


diff --git a/src/man/jailtest.txt b/src/man/jailtest.txt new file mode 100644 index 000000000..bc1999163 --- /dev/null +++ b/src/man/jailtest.txt
@@ -0,0 +1,82 @@
		1	.TH JAILTEST 1 "MONTH YEAR" "VERSION" "JAILTEST man page"
		2	.SH NAME
		3	jailtest \- Simple utility program to test running sandboxes
		4	.SH SYNOPSIS
		5	sudo jailtest [OPTIONS] [directory]
		6	.SH DESCRIPTION
		7	WORK IN PROGRESS!
		8	jailtest attaches itself to all sandboxes started by the user and performs some basic tests
		9	on the sandbox filesystem:
		10	.TP
		11	\fB1. Virtual directories
		12	jailtest extracts a list with the main virtual directories installed by the sandbox.
		13	These directories are build by firejail at startup using --private* and --whitelist commands.
		14	.TP
		15	\fB2. Noexec test
		16	jailtest inserts executable programs in /home/username, /tmp, and /var/tmp directories
		17	and tries to run them form inside the sandbox, thus testing if the directory is executable or not.
		18	.TP
		19	\fB3. Read access test
		20	jailtest creates test files in the directories specified by the user and tries to read
		21	them from inside the sandbox.
		22
		23	.TP
		24	The program is running as root exclusively under sudo.
		25
		26	.SH OPTIONS
		27	.TP
		28	\fB\-\-debug
		29	Print debug messages
		30	.TP
		31	\fB\-?\fR, \fB\-\-help\fR
		32	Print options end exit.
		33	.TP
		34	\fB\-\-version
		35	Print program version and exit.
		36	.TP
		37	\fB[directory]
		38	One or more directories in user home to test for read access.
		39
		40	.SH OUTPUT
		41	For each sandbox detected we print the following line:
		42
		43	PID:USER:Sandbox Name:Command
		44
		45	It is followed by relevant sandbox information, such as the virtual directories and various warnings.
		46
		47	.SH EXAMPLE
		48
		49	.br
		50	$ sudo jailtest ~/.ssh ~/.gnupg
		51	.br
		52	1429:netblue::/usr/bin/firejail /opt/firefox/firefox
		53	.br
		54	Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc,
		55	.br
		56	5602:netblue::/usr/bin/firejail /usr/bin/ssh netblue@x.y.z.net
		57	.br
		58	Virtual dirs: /var/tmp, /dev,
		59	.br
		60	Warning: I can read ~/.ssh
		61	.br
		62	5926:netblue::/usr/bin/firejail /usr/bin/gimp-2.10
		63	.br
		64	Virtual dirs: /tmp, /var/tmp, /dev,
		65	.br
		66	Warning: I can run programs in /home/netblue
		67	.br
		68	6394:netblue:libreoffice:/usr/bin/firejail libreoffice
		69	.br
		70	Virtual dirs: /tmp, /var/tmp, /dev,
		71	.br
		72
		73	.SH LICENSE
		74	This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
		75	.PP
		76	Homepage: https://firejail.wordpress.com
		77	.SH SEE ALSO
		78	\&\flfirejail\fR\\|(1),
		79	\&\flfirecfg\fR\\|(1),
		80	\&\flfirejail-profile\fR\\|(5),
		81	\&\flfirejail-login\fR\\|(5)
		82	\&\flfirejail-users\fR\\|(5)