Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   jailcheck    ( 1 )

простая служебная программа для тестирования запущенных песочниц (Simple utility program to test running sandboxes)

Имя (Name)

jailcheck - Simple utility program to test running sandboxes

Синопсис (Synopsis)

sudo jailcheck [OPTIONS] [directory]

Описание (Description)

jailcheck attaches itself to all sandboxes started by the user and performs some basic tests on the sandbox filesystem:

1. Virtual directories jailcheck extracts a list with the main virtual directories installed by the sandbox. These directories are build by firejail at startup using --private* and --whitelist commands.

2. Noexec test jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories and tries to run them from inside the sandbox, thus testing if the directory is executable or not.

3. Read access test jailcheck creates test files in the directories specified by the user and tries to read them from inside the sandbox.

4. AppArmor test

5. Seccomp test

6. Networking test

The program is started as root using sudo.

Параметры (Options)

--debug
              Print debug messages.


       -?, --help
              Print options and exit.


       --version
              Print program version and exit.


       [directory]
              One or more directories in user home to test for read
              access. ~/.ssh and ~/.gnupg are tested by default.

Вывод (Output)

For each sandbox detected we print the following line:

PID:USER:Sandbox Name:Command

It is followed by relevant sandbox information, such as the virtual directories and various warnings.

Примеры (Examples)

$ sudo jailcheck
       2014:netblue::firejail /usr/bin/gimp
          Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
          Warning: I can run programs in /home/netblue
          Networking: disabled


       2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
          Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
          Warning: I can read ~/.ssh
          Networking: enabled


       2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-
       fresh.appimage
          Virtual dirs: /tmp, /var/tmp, /dev,
          Networking: enabled


       26090:netblue::/usr/bin/firejail /opt/firefox/firefox
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc,
       /usr/share,
                        /run/user/1000,
          Networking: enabled


       26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-
       tor
          Warning: AppArmor not enabled
          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
                        /usr/share, /run/user/1000,
          Warning: I can run programs in /home/netblue
          Networking: enabled

Смотри также (See also)

firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-login(5), firejail-users(5),