Jail causes host to reboot
Niklaas Baudet von Gersdorff
niklaas at kulturflatrate.net
Wed Sep 2 19:46:12 UTC 2015
On 02/09/15 17:11, Adam Vande More wrote:
> Yes, depending on configuration. It's trivial to make a jail insecure.
> The trick is to make a jail secure and fully functional for your needs.
Can you recommend resources that further explicates how to secure jails?
I am very interested in this but lack "ideas" on how to attack a system
so that I could make it more secure. I'd be happy about any internet
resource, book or article.
> Yes, but virtualizing is a loaded term. Some people don't consider
> jails as virtualization. I do, at least from a certain point of view.
> Especially now since independent FS's and network stacks can be
> involved. Then you have types like container eg OpenVZ(there was
> FreeBSD version of this floating around on 9.x, not sure what happened
> to it). The guest in container's have independent kernels so the host
> would survive in my original scenario. Same w/ other virtualization
> types like KVM, bhyve, VBox, Xen, etc.
I also prefer jails. This experience only makes me considering to better
secure my jails.
More information about the freebsd-questions
mailing list