Jails: How do i limit what ifconfig shows?
xor
xorboy at gmail.com
Fri Apr 22 21:32:20 UTC 2011
But then the root in the jail can just go and compile a new version of
ifconfig from the ports collection. (Generally its a flawed idea to
just remove the binaries. Someone can just download new ones. And if
downloading new binaries is not allowed, they can always just push
stdin through b64.. etc etc.)
On 22 April 2011 23:00, Michael Ross <michael.ross at gmx.net> wrote:
> Am 22.04.2011, 22:21 Uhr, schrieb xor <xorboy at gmail.com>:
>
>> Hullo
>> First off, thanks for a lovely operating system <3
>>
>> I decided to go for FreeBSD perhaps 3 days ago. Before, ive been an
>> Debian/OpenBSD guy, and ive only used my obsd box for redundant
>> firewalls and networking. Ive not been running any services off the
>> boxen.
>>
>> The reason I decided to go for FreeBSD is because of the Jails. Ive
>> looked around a bit, but I can not find anything about how to limit
>> what interfaces that ifconfig shows. I would like it to hide pretty
>> much everything so that _no_ information about the host systems
>> networking leaks into the jails. I dont want jails to know anything
>> but their IP-numbers and which computer to use for DNS lookups,
>> essentially.
>>
>> Is there any good text out there that describes how to do this? Ive
>> searched a bit for it, but Ive been unable to find anything but the
>> basics.
>
> Maybe you can remove the ifconfig binary from the jail.
> Works for me.
>
>
> Michael
>
More information about the freebsd-questions
mailing list