diff options
Diffstat (limited to 'src/man/jailcheck.txt')
-rw-r--r-- | src/man/jailcheck.txt | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/src/man/jailcheck.txt b/src/man/jailcheck.txt new file mode 100644 index 000000000..c80e305cc --- /dev/null +++ b/src/man/jailcheck.txt | |||
@@ -0,0 +1,105 @@ | |||
1 | .TH JAILCHECK 1 "MONTH YEAR" "VERSION" "JAILCHECK man page" | ||
2 | .SH NAME | ||
3 | jailcheck \- Simple utility program to test running sandboxes | ||
4 | .SH SYNOPSIS | ||
5 | sudo jailcheck [OPTIONS] [directory] | ||
6 | .SH DESCRIPTION | ||
7 | jailcheck attaches itself to all sandboxes started by the user and performs some basic tests | ||
8 | on the sandbox filesystem: | ||
9 | .TP | ||
10 | \fB1. Virtual directories | ||
11 | jailcheck extracts a list with the main virtual directories installed by the sandbox. | ||
12 | These directories are build by firejail at startup using --private* and --whitelist commands. | ||
13 | .TP | ||
14 | \fB2. Noexec test | ||
15 | jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories | ||
16 | and tries to run them from inside the sandbox, thus testing if the directory is executable or not. | ||
17 | .TP | ||
18 | \fB3. Read access test | ||
19 | jailcheck creates test files in the directories specified by the user and tries to read | ||
20 | them from inside the sandbox. | ||
21 | .TP | ||
22 | \fB4. AppArmor test | ||
23 | .TP | ||
24 | \fB5. Seccomp test | ||
25 | .TP | ||
26 | The program is started as root using sudo. | ||
27 | |||
28 | .SH OPTIONS | ||
29 | .TP | ||
30 | \fB\-\-debug | ||
31 | Print debug messages. | ||
32 | .TP | ||
33 | \fB\-?\fR, \fB\-\-help\fR | ||
34 | Print options and exit. | ||
35 | .TP | ||
36 | \fB\-\-version | ||
37 | Print program version and exit. | ||
38 | .TP | ||
39 | \fB[directory] | ||
40 | One or more directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by default. | ||
41 | |||
42 | .SH OUTPUT | ||
43 | For each sandbox detected we print the following line: | ||
44 | |||
45 | PID:USER:Sandbox Name:Command | ||
46 | |||
47 | It is followed by relevant sandbox information, such as the virtual directories and various warnings. | ||
48 | |||
49 | .SH EXAMPLE | ||
50 | |||
51 | $ sudo jailcheck | ||
52 | .br | ||
53 | 2014:netblue::firejail /usr/bin/gimp | ||
54 | .br | ||
55 | Virtual dirs: /tmp, /var/tmp, /dev, /usr/share, | ||
56 | .br | ||
57 | Warning: I can run programs in /home/netblue | ||
58 | .br | ||
59 | |||
60 | .br | ||
61 | 2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net | ||
62 | .br | ||
63 | Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000, | ||
64 | .br | ||
65 | Warning: I can read ~/.ssh | ||
66 | .br | ||
67 | |||
68 | .br | ||
69 | 2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage | ||
70 | .br | ||
71 | Virtual dirs: /tmp, /var/tmp, /dev, | ||
72 | .br | ||
73 | |||
74 | .br | ||
75 | 26090:netblue::/usr/bin/firejail /opt/firefox/firefox | ||
76 | .br | ||
77 | Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share, | ||
78 | .br | ||
79 | /run/user/1000, | ||
80 | .br | ||
81 | |||
82 | .br | ||
83 | 26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor | ||
84 | .br | ||
85 | Warning: AppArmor not enabled | ||
86 | .br | ||
87 | Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin, | ||
88 | .br | ||
89 | /usr/share, /run/user/1000, | ||
90 | .br | ||
91 | Warning: I can run programs in /home/netblue | ||
92 | .br | ||
93 | |||
94 | |||
95 | .SH LICENSE | ||
96 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. | ||
97 | .PP | ||
98 | Homepage: https://firejail.wordpress.com | ||
99 | .SH SEE ALSO | ||
100 | .BR firejail (1), | ||
101 | .BR firemon (1), | ||
102 | .BR firecfg (1), | ||
103 | .BR firejail-profile (5), | ||
104 | .BR firejail-login (5), | ||
105 | .BR firejail-users (5), | ||