From b79e4416fe642976111a2d610a19c3e4696bb2e2 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 18 May 2021 13:49:02 -0400 Subject: jailtest -> jailcheck (#4268) --- src/man/jailcheck.txt | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 src/man/jailcheck.txt (limited to 'src/man/jailcheck.txt') diff --git a/src/man/jailcheck.txt b/src/man/jailcheck.txt new file mode 100644 index 000000000..c80e305cc --- /dev/null +++ b/src/man/jailcheck.txt @@ -0,0 +1,105 @@ +.TH JAILCHECK 1 "MONTH YEAR" "VERSION" "JAILCHECK man page" +.SH NAME +jailcheck \- Simple utility program to test running sandboxes +.SH SYNOPSIS +sudo jailcheck [OPTIONS] [directory] +.SH DESCRIPTION +jailcheck attaches itself to all sandboxes started by the user and performs some basic tests +on the sandbox filesystem: +.TP +\fB1. Virtual directories +jailcheck extracts a list with the main virtual directories installed by the sandbox. +These directories are build by firejail at startup using --private* and --whitelist commands. +.TP +\fB2. Noexec test +jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories +and tries to run them from inside the sandbox, thus testing if the directory is executable or not. +.TP +\fB3. Read access test +jailcheck creates test files in the directories specified by the user and tries to read +them from inside the sandbox. +.TP +\fB4. AppArmor test +.TP +\fB5. Seccomp test +.TP +The program is started as root using sudo. + +.SH OPTIONS +.TP +\fB\-\-debug +Print debug messages. +.TP +\fB\-?\fR, \fB\-\-help\fR +Print options and exit. +.TP +\fB\-\-version +Print program version and exit. +.TP +\fB[directory] +One or more directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by default. + +.SH OUTPUT +For each sandbox detected we print the following line: + + PID:USER:Sandbox Name:Command + +It is followed by relevant sandbox information, such as the virtual directories and various warnings. + +.SH EXAMPLE + +$ sudo jailcheck +.br +2014:netblue::firejail /usr/bin/gimp +.br + Virtual dirs: /tmp, /var/tmp, /dev, /usr/share, +.br + Warning: I can run programs in /home/netblue +.br + +.br +2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net +.br + Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000, +.br + Warning: I can read ~/.ssh +.br + +.br +2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage +.br + Virtual dirs: /tmp, /var/tmp, /dev, +.br + +.br +26090:netblue::/usr/bin/firejail /opt/firefox/firefox +.br + Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share, +.br + /run/user/1000, +.br + +.br +26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor +.br + Warning: AppArmor not enabled +.br + Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin, +.br + /usr/share, /run/user/1000, +.br + Warning: I can run programs in /home/netblue +.br + + +.SH LICENSE +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. +.PP +Homepage: https://firejail.wordpress.com +.SH SEE ALSO +.BR firejail (1), +.BR firemon (1), +.BR firecfg (1), +.BR firejail-profile (5), +.BR firejail-login (5), +.BR firejail-users (5), -- cgit v1.2.3-70-g09d2