Date: Wed, 2 Sep 2015 16:16:52 +0200 From: Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net> To: Adam Vande More <amvandemore@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Jail causes host to reboot Message-ID: <55E704D4.2050607@kulturflatrate.net> In-Reply-To: <CA%2BtpaK1UVW5in1JUfoKwZuO=_ACTHx_xCPy0zWO1_NL1s9Wzmw@mail.gmail.com> References: <55E6E26A.1040706@kulturflatrate.net> <CA%2BtpaK1UVW5in1JUfoKwZuO=_ACTHx_xCPy0zWO1_NL1s9Wzmw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02/09/15 15:56, Adam Vande More wrote: > A jail is used for isolation and security. It isn't intended to prevent > kernel panics and other such issues. For example, if a jail accesses a > corrupt fs, it may cause a panic and probably a reboot depending on > configuration. An expectation of jails protecting against such a thing > is misguided. Thanks for this clarification. So, in case someone is able to get access to a jail and causes a kernel panic, the person can compromise the entire host system? I doubt that it is possible but you saying "depending on configuration" brought up the following question: Is there a way to tell the host system to only shut down the jail (and maybe send an email to me) in case the jail causes a panic and not reboot the entire system? Am I right that the only way to prevent such failure is virtualising an entire operating system instead of using a jail?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55E704D4.2050607>