1 files changed, 118 insertions, 0 deletions
diff --git a/src/man/jailcheck.1.in b/src/man/jailcheck.1.in
new file mode 100644
index 000000000..e889ea91b
--- /dev/null
+++ b/src/man/jailcheck.1.in
@@ -0,0 +1,118 @@
+.TH JAILCHECK 1 "MONTH YEAR" "VERSION" "JAILCHECK man page"
+.SH NAME
+jailcheck \- Simple utility program to test running sandboxes
+.SH SYNOPSIS
+sudo jailcheck [OPTIONS] [directory]
+.SH DESCRIPTION
+jailcheck attaches itself to all sandboxes started by the user and performs some basic tests
+on the sandbox filesystem:
+.TP
+\fB1. Virtual directories
+jailcheck extracts a list with the main virtual directories installed by the sandbox.
+These directories are build by firejail at startup using --private* and --whitelist commands.
+.TP
+\fB2. Noexec test
+jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories
+and tries to run them from inside the sandbox, thus testing if the directory is executable or not.
+.TP
+\fB3. Read access test
+jailcheck creates test files in the directories specified by the user and tries to read
+them from inside the sandbox.
+.TP
+\fB4. AppArmor test
+.TP
+\fB5. Seccomp test
+.TP
+\fB6. Networking test
+.TP
+The program is started as root using sudo.
+.SH OPTIONS
+.TP
+\fB\-\-debug
+Print debug messages.
+.TP
+\fB\-?\fR, \fB\-\-help\fR
+Print options and exit.
+.TP
+\fB\-\-version
+Print program version and exit.
+.TP
+\fB[directory]
+One or more directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by default.
+.SH OUTPUT
+For each sandbox detected we print the following line:
+        PID:USER:Sandbox Name:Command
+It is followed by relevant sandbox information, such as the virtual directories and various warnings.
+.SH EXAMPLE
+$ sudo jailcheck
+.br
+2014:netblue::firejail /usr/bin/gimp
+.br
+   Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
+.br
+   Warning: I can run programs in /home/netblue
+.br
+   Networking: disabled
+.br
+.br
+2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
+.br
+   Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
+.br
+   Warning: I can read ~/.ssh
+.br
+   Networking: enabled
+.br
+.br
+2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage
+.br
+   Virtual dirs: /tmp, /var/tmp, /dev,
+.br
+   Networking: enabled
+.br
+.br
+26090:netblue::/usr/bin/firejail /opt/firefox/firefox
+.br
+   Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
+.br
+                 /run/user/1000,
+.br
+   Networking: enabled
+.br
+.br
+26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
+.br
+   Warning: AppArmor not enabled
+.br
+   Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
+.br
+                 /usr/share, /run/user/1000,
+.br
+   Warning: I can run programs in /home/netblue
+.br
+   Networking: enabled
+.br
+.SH LICENSE
+This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+.PP
+Homepage: https://firejail.wordpress.com
+.SH SEE ALSO
+.BR firejail (1),
+.BR firemon (1),
+.BR firecfg (1),
+.BR firejail-profile (5),
+.BR firejail-login (5),
+.BR firejail-users (5),
+.\" vim: set filetype=groff :

diff --git a/src/man/jailcheck.1.in b/src/man/jailcheck.1.in new file mode 100644 index 000000000..e889ea91b --- /dev/null +++ b/src/man/jailcheck.1.in
@@ -0,0 +1,118 @@
	1	.TH JAILCHECK 1 "MONTH YEAR" "VERSION" "JAILCHECK man page"
	2	.SH NAME
	3	jailcheck \- Simple utility program to test running sandboxes
	4	.SH SYNOPSIS
	5	sudo jailcheck [OPTIONS] [directory]
	6	.SH DESCRIPTION
	7	jailcheck attaches itself to all sandboxes started by the user and performs some basic tests
	8	on the sandbox filesystem:
	9	.TP
	10	\fB1. Virtual directories
	11	jailcheck extracts a list with the main virtual directories installed by the sandbox.
	12	These directories are build by firejail at startup using --private* and --whitelist commands.
	13	.TP
	14	\fB2. Noexec test
	15	jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories
	16	and tries to run them from inside the sandbox, thus testing if the directory is executable or not.
	17	.TP
	18	\fB3. Read access test
	19	jailcheck creates test files in the directories specified by the user and tries to read
	20	them from inside the sandbox.
	21	.TP
	22	\fB4. AppArmor test
	23	.TP
	24	\fB5. Seccomp test
	25	.TP
	26	\fB6. Networking test
	27	.TP
	28	The program is started as root using sudo.
	29
	30	.SH OPTIONS
	31	.TP
	32	\fB\-\-debug
	33	Print debug messages.
	34	.TP
	35	\fB\-?\fR, \fB\-\-help\fR
	36	Print options and exit.
	37	.TP
	38	\fB\-\-version
	39	Print program version and exit.
	40	.TP
	41	\fB[directory]
	42	One or more directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by default.
	43
	44	.SH OUTPUT
	45	For each sandbox detected we print the following line:
	46
	47	PID:USER:Sandbox Name:Command
	48
	49	It is followed by relevant sandbox information, such as the virtual directories and various warnings.
	50
	51	.SH EXAMPLE
	52
	53	$ sudo jailcheck
	54	.br
	55	2014:netblue::firejail /usr/bin/gimp
	56	.br
	57	Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
	58	.br
	59	Warning: I can run programs in /home/netblue
	60	.br
	61	Networking: disabled
	62	.br
	63
	64	.br
	65	2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
	66	.br
	67	Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
	68	.br
	69	Warning: I can read ~/.ssh
	70	.br
	71	Networking: enabled
	72	.br
	73
	74	.br
	75	2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage
	76	.br
	77	Virtual dirs: /tmp, /var/tmp, /dev,
	78	.br
	79	Networking: enabled
	80	.br
	81
	82	.br
	83	26090:netblue::/usr/bin/firejail /opt/firefox/firefox
	84	.br
	85	Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
	86	.br
	87	/run/user/1000,
	88	.br
	89	Networking: enabled
	90	.br
	91
	92	.br
	93	26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
	94	.br
	95	Warning: AppArmor not enabled
	96	.br
	97	Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
	98	.br
	99	/usr/share, /run/user/1000,
	100	.br
	101	Warning: I can run programs in /home/netblue
	102	.br
	103	Networking: enabled
	104	.br
	105
	106
	107	.SH LICENSE
	108	This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
	109	.PP
	110	Homepage: https://firejail.wordpress.com
	111	.SH SEE ALSO
	112	.BR firejail (1),
	113	.BR firemon (1),
	114	.BR firecfg (1),
	115	.BR firejail-profile (5),
	116	.BR firejail-login (5),
	117	.BR firejail-users (5),
	118	.\" vim: set filetype=groff :