Provided by: firejail_0.9.72-2_amd64 bug

NAME

       jailcheck - Simple utility program to test running sandboxes

SYNOPSIS

       sudo jailcheck [OPTIONS] [directory]

DESCRIPTION

       jailcheck  attaches  itself  to  all sandboxes started by the user and performs some basic
       tests on the sandbox filesystem:

       1. Virtual directories
              jailcheck extracts a list with  the  main  virtual  directories  installed  by  the
              sandbox.   These  directories are build by firejail at startup using --private* and
              --whitelist commands.

       2. Noexec test
              jailcheck  inserts  executable  programs  in  /home/username,  /tmp,  and  /var/tmp
              directories  and  tries  to  run  them from inside the sandbox, thus testing if the
              directory is executable or not.

       3. Read access test
              jailcheck creates test files in the directories specified by the user and tries  to
              read them from inside the sandbox.

       4. AppArmor test

       5. Seccomp test

       6. Networking test

       The program is started as root using sudo.

OPTIONS

       --debug
              Print debug messages.

       -?, --help
              Print options and exit.

       --version
              Print program version and exit.

       [directory]
              One  or  more directories in user home to test for read access. ~/.ssh and ~/.gnupg
              are tested by default.

OUTPUT

       For each sandbox detected we print the following line:

            PID:USER:Sandbox Name:Command

       It is followed by relevant sandbox  information,  such  as  the  virtual  directories  and
       various warnings.

EXAMPLE

       $ sudo jailcheck
       2014:netblue::firejail /usr/bin/gimp
          Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
          Warning: I can run programs in /home/netblue
          Networking: disabled

       2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
          Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
          Warning: I can read ~/.ssh
          Networking: enabled

       2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage
          Virtual dirs: /tmp, /var/tmp, /dev,
          Networking: enabled

       26090:netblue::/usr/bin/firejail /opt/firefox/firefox
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
                        /run/user/1000,
          Networking: enabled

       26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
          Warning: AppArmor not enabled
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
                        /usr/share, /run/user/1000,
          Warning: I can run programs in /home/netblue
          Networking: enabled

LICENSE

       This program is free software; you can redistribute it and/or modify it under the terms of
       the GNU General Public License as  published  by  the  Free  Software  Foundation;  either
       version 2 of the License, or (at your option) any later version.

       Homepage: https://firejail.wordpress.com

SEE ALSO

       firejail(1),  firemon(1),  firecfg(1),  firejail-profile(5),  firejail-login(5), firejail-
       users(5),