From owner-freebsd-questions@FreeBSD.ORG Fri Apr 22 21:32:20 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2BFF9106564A for ; Fri, 22 Apr 2011 21:32:20 +0000 (UTC) (envelope-from xorboy@gmail.com) Received: from mail-qy0-f175.google.com (mail-qy0-f175.google.com [209.85.216.175]) by mx1.freebsd.org (Postfix) with ESMTP id D79228FC0C for ; Fri, 22 Apr 2011 21:32:19 +0000 (UTC) Received: by qyk35 with SMTP id 35so22025qyk.13 for ; Fri, 22 Apr 2011 14:32:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=67l41/uprIBftTQKOL1K9nOLJ9hwjN1LdyI8+QdG8lo=; b=QYojuZ9XlUDNar41HrZYkEiTSWuP93Lwb96r8l+z41hASKJdyHPd71tfvxuuW6UC6y jfS1tklv6dtp0syNB06ysx0YG3Ok7jp2B2dJ+VRcQZTimyJSCsg8iloyI/XYLBbDvMr4 XYdu8RaAEI13HIXHVdmCk7CQd/0/geaw+sICQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=H4bHQL4x1s9flis0G+mxC32N0RqnYgOk+HFmamzgXEGxSrojDRwKoIBXWPPmMk5Imu xssSV+fHPDcr5x/LTuPMSYe59h5/y5TUkTpgWym/VxR1KmYeNMPtr8w2eEAVINRdJ0Ym PAmfc1/Sn3p7GORxff5VG3eOBcVvah62eAbLo= MIME-Version: 1.0 Received: by 10.229.26.194 with SMTP id f2mr1048509qcc.220.1303507939014; Fri, 22 Apr 2011 14:32:19 -0700 (PDT) Received: by 10.229.190.4 with HTTP; Fri, 22 Apr 2011 14:32:18 -0700 (PDT) In-Reply-To: References: Date: Fri, 22 Apr 2011 23:32:18 +0200 Message-ID: From: xor To: Michael Ross Content-Type: text/plain; charset=UTF-8 Cc: freebsd-questions@freebsd.org Subject: Re: Jails: How do i limit what ifconfig shows? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2011 21:32:20 -0000 But then the root in the jail can just go and compile a new version of ifconfig from the ports collection. (Generally its a flawed idea to just remove the binaries. Someone can just download new ones. And if downloading new binaries is not allowed, they can always just push stdin through b64.. etc etc.) On 22 April 2011 23:00, Michael Ross wrote: > Am 22.04.2011, 22:21 Uhr, schrieb xor : > >> Hullo >> First off, thanks for a lovely operating system <3 >> >> I decided to go for FreeBSD perhaps 3 days ago. Before, ive been an >> Debian/OpenBSD guy, and ive only used my obsd box for redundant >> firewalls and networking. Ive not been running any services off the >> boxen. >> >> The reason I decided to go for FreeBSD is because of the Jails. Ive >> looked around a bit, but I can not find anything about how to limit >> what interfaces that ifconfig shows. I would like it to hide pretty >> much everything so that _no_ information about the host systems >> networking leaks into the jails. I dont want jails to know anything >> but their IP-numbers and which computer to use for DNS lookups, >> essentially. >> >> Is there any good text out there that describes how to do this? Ive >> searched a bit for it, but Ive been unable to find anything but the >> basics. > > Maybe you can remove the ifconfig binary from the jail. > Works for me. > > > Michael >