Hello,
>> Is it possible to hide all net related information
>> in a vserver guest from regular users?
>
> do I get that right that you want to block any non-root
> user from accessing any information regarding the network
> setup?
Yes, that is correct.
>> Also, is it possible to shield /proc from regular
>> users?
>
> and the same here for /proc access in general?
>
> if so, then yes, it's possible, but it is definitely
> not implemented in Linux-VServer and I doubt that it will
> leave anything 'working', because /proc and some parts
> of netlink are used all the time ...
>
> please try to give some more information what you are
> trying to accomplish ...
The main reasoning behind this is to make a machine invisible
(network-wise) to a user. For example, suppose I'm running a chrooted
Tor relay node in Linux-VServer and this specific machine gets
compromised by someone on the Tor network and he now has local shell
access.
Can Linux-VServer be configured in such a way that the user cannot
determine the actual ip address of the machine?
Received on Mon Dec 12 13:12:10 2011