Jail causes host to reboot
Niklaas Baudet von Gersdorff
niklaas at kulturflatrate.net
Wed Sep 2 14:15:04 UTC 2015
On 02/09/15 15:56, Adam Vande More wrote:
> A jail is used for isolation and security. It isn't intended to prevent
> kernel panics and other such issues. For example, if a jail accesses a
> corrupt fs, it may cause a panic and probably a reboot depending on
> configuration. An expectation of jails protecting against such a thing
> is misguided.
Thanks for this clarification.
So, in case someone is able to get access to a jail and causes a kernel
panic, the person can compromise the entire host system?
I doubt that it is possible but you saying "depending on configuration"
brought up the following question: Is there a way to tell the host
system to only shut down the jail (and maybe send an email to me) in
case the jail causes a panic and not reboot the entire system?
Am I right that the only way to prevent such failure is virtualising an
entire operating system instead of using a jail?
More information about the freebsd-questions
mailing list