Jail causes host to reboot

Niklaas Baudet von Gersdorff niklaas at kulturflatrate.net
Wed Sep 2 19:46:12 UTC 2015

On 02/09/15 17:11, Adam Vande More wrote:

> Yes, depending on configuration.  It's trivial to make a jail insecure. 
> The trick is to make a jail secure and fully functional for your needs.

Can you recommend resources that further explicates how to secure jails?
I am very interested in this but lack "ideas" on how to attack a system
so that I could make it more secure. I'd be happy about any internet
resource, book or article.

> Yes, but virtualizing is a loaded term.  Some people don't consider
> jails as virtualization.  I do, at least from a certain point of view. 
> Especially now since independent FS's and network stacks can be
> involved.  Then you have types like container eg OpenVZ(there was
> FreeBSD version of this floating around on 9.x, not sure what happened
> to it).  The guest in container's have independent kernels so the host
> would survive in my original scenario.  Same w/ other virtualization
> types like KVM, bhyve, VBox, Xen, etc.

I also prefer jails. This experience only makes me considering to better
secure my jails.

More information about the freebsd-questions mailing list