Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 22 Apr 2011 23:32:18 +0200
From:      xor <xorboy@gmail.com>
To:        Michael Ross <michael.ross@gmx.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Jails: How do i limit what ifconfig shows?
Message-ID:  <BANLkTikcspmnjBy6hOv5FMK5isL4COJuPg@mail.gmail.com>
In-Reply-To: <op.vucxzpgqhalquq@michael-think>
References:  <BANLkTin_-UyTWnMyJmTn2uicw1UtyttzVQ@mail.gmail.com> <op.vucxzpgqhalquq@michael-think>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
But then the root in the jail can just go and compile a new version of
ifconfig from the ports collection. (Generally its a flawed idea to
just remove the binaries. Someone can just download new ones. And if
downloading new binaries is not allowed, they can always just push
stdin through b64.. etc etc.)

On 22 April 2011 23:00, Michael Ross <michael.ross@gmx.net> wrote:
> Am 22.04.2011, 22:21 Uhr, schrieb xor <xorboy@gmail.com>:
>
>> Hullo
>> First off, thanks for a lovely operating system <3
>>
>> I decided to go for FreeBSD perhaps 3 days ago. Before, ive been an
>> Debian/OpenBSD guy, and ive only used my obsd box for redundant
>> firewalls and networking. Ive not been running any services off the
>> boxen.
>>
>> The reason I decided to go for FreeBSD is because of the Jails. Ive
>> looked around a bit, but I can not find anything about how to limit
>> what interfaces that ifconfig shows. I would like it to hide pretty
>> much everything so that _no_ information about the host systems
>> networking leaks into the jails. I dont want jails to know anything
>> but their IP-numbers and which computer to use for DNS lookups,
>> essentially.
>>
>> Is there any good text out there that describes how to do this? Ive
>> searched a bit for it, but Ive been unable to find anything but the
>> basics.
>
> Maybe you can remove the ifconfig binary from the jail.
> Works for me.
>
>
> Michael
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?BANLkTikcspmnjBy6hOv5FMK5isL4COJuPg>