Jail causes host to reboot

Niklaas Baudet von Gersdorff niklaas at kulturflatrate.net
Wed Sep 2 14:15:04 UTC 2015

On 02/09/15 15:56, Adam Vande More wrote:

> A jail is used for isolation and security.  It isn't intended to prevent
> kernel panics and other such issues.  For example, if a jail accesses a
> corrupt fs, it may cause a panic and probably a reboot depending on
> configuration.  An expectation of jails protecting against such a thing
> is misguided.

Thanks for this clarification.

So, in case someone is able to get access to a jail and causes a kernel
panic, the person can compromise the entire host system?

I doubt that it is possible but you saying "depending on configuration"
brought up the following question: Is there a way to tell the host
system to only shut down the jail (and maybe send an email to me) in
case the jail causes a panic and not reboot the entire system?

Am I right that the only way to prevent such failure is virtualising an
entire operating system instead of using a jail?

More information about the freebsd-questions mailing list