Jail causes host to reboot

Adam Vande More amvandemore at gmail.com
Wed Sep 2 15:11:33 UTC 2015

On Wed, Sep 2, 2015 at 9:16 AM, Niklaas Baudet von Gersdorff <
niklaas at kulturflatrate.net> wrote:

> On 02/09/15 15:56, Adam Vande More wrote:
> Thanks for this clarification.
> So, in case someone is able to get access to a jail and causes a kernel
> panic, the person can compromise the entire host system?

Yes, depending on configuration.  It's trivial to make a jail insecure.
The trick is to make a jail secure and fully functional for your needs.

> I doubt that it is possible but you saying "depending on configuration"
> brought up the following question: Is there a way to tell the host
> system to only shut down the jail (and maybe send an email to me) in
> case the jail causes a panic and not reboot the entire system?

The host and jails use the same kernel, so if there's a panic it all goes
down.  A separate monitoring and alerting platform is the only reliable way
I know to get emails if something goes down.

Am I right that the only way to prevent such failure is virtualising an
> entire operating system instead of using a jail?

Yes, but virtualizing is a loaded term.  Some people don't consider jails
as virtualization.  I do, at least from a certain point of view.
Especially now since independent FS's and network stacks can be involved.
Then you have types like container eg OpenVZ(there was FreeBSD version of
this floating around on 9.x, not sure what happened to it).  The guest in
container's have independent kernels so the host would survive in my
original scenario.  Same w/ other virtualization types like KVM, bhyve,
VBox, Xen, etc.


More information about the freebsd-questions mailing list