Control network-traffic for Android Apps

I pinged facebook. com, crashlytics. com, scorecardresearch. com, app-measurement com which I blocked and they get resolved from the Android layer. They only get blocked on Sailfish native OS. Which is a problem because Sailfish OS apps generally do not have any trackers but all these Android apps do. The other day I read from Wireshark users that almost 50% of all traffic on a phone comes from Google and third party trackers.

Then you might have done something wrong?

Steps to do

  • edit file /system/etc/hosts and save it
  • restart android support (needed!)
  • attach with devel-su lxc-attach aliendalvik /system/bin/sh and ping one of the added (modified) name/IP tuple by name.

Result: you should see the newly configured IP (e.g. after android support restart.
That is what I see.


I follow all the instructions and it works from Sailfish OS itself, it just does not work from the Android layer and both /system /etc/hosts and /etc/hosts files are identical.

When I ping the local host it returns the first time. When I ping localhost after devel-su lxc-attach aliendalvik /system/bin/sh I get but when I ping for example 2no .co as shown in the screenshot of my hosts file it returns iplogger .com with 0 packet loss.

Aliendalvik does not use /system/etc/hosts, it has its own hosts file inside the read-only system image.

You can use /etc/hosts for android apps by adding the following line to /var/lib/lxc/aliendalvik/extra_config:

lxc.mount.entry = /etc/hosts system/etc/hosts none bind,create=file 0 0

This will “overload” the hosts file inside the read-only system.img with the /etc/hosts from outside the LXC container.

See adblock via /etc/hosts on XA2/AlienDalvik v8 -


Oh oh!
I need to apologize.

I was/am fully aware of that extra_config file but may have forgotten completely that it seems this file was also manually edited by me a long time ago. (I have another line inside about hosts.editable which is not of use. So I really thought that mounting of /system/etc/hosts to etc/hosts is part of aliendalvik package). And to be honest I expected this to be part of the aliendalvik package!
But a rpm -qf /var/lib/lxc/extra_config tells me this is not part of any package :frowning:
I will also create a feature request but do not expect that to be noticed or implemented within the next few releases, month/years.
For that reason I will add this extra_config file to the harbour-defender package (may take some time because it needs a bit of testing).

Meanwhile you may use
to differentiate between native etc/hosts and the Android system/etc/hosts (there may be reasons to do so), preferred for harbour-defender users:

echo 'lxc.mount.entry = **/system**/etc/hosts system/etc/hosts none bind,ro 0 0' >> /var/lib/lxc/aliendalvik/extra_config

or to just simply use /etc/hosts for both environments ( not using harbour-defender maybe ):

echo 'lxc.mount.entry = /etc/hosts system/etc/hosts none bind,ro 0 0' >> /var/lib/lxc/aliendalvik/extra_config

the create_file option is not needed as system/etc/hosts file is part of system.img
and I added the ro option to not allow the dark side to alter files on native file system


Strange, I see /etc/hosts and /system/etc/hosts from the host in the LXC container. If I ping one of the entries in /etc/hosts on SailfishOS it resolves to, as expected; within LXC container it resolves to the ‘real’ IP address of that host. So it seems that it doesn’t quite work as expected.
Does Android’s ping command use another service for hostname resolving than SFOS?

1 Like