Date: Wed, 2 Sep 2015 21:47:57 +0200 From: Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net> To: Adam Vande More <amvandemore@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Jail causes host to reboot Message-ID: <55E7526D.5040101@kulturflatrate.net> In-Reply-To: <CA%2BtpaK0Yh3KEcOtTXx0Aco1dGiGWCw=t0LYOnGVyrMo33BLzMw@mail.gmail.com> References: <55E6E26A.1040706@kulturflatrate.net> <CA%2BtpaK1UVW5in1JUfoKwZuO=_ACTHx_xCPy0zWO1_NL1s9Wzmw@mail.gmail.com> <55E704D4.2050607@kulturflatrate.net> <CA%2BtpaK0Yh3KEcOtTXx0Aco1dGiGWCw=t0LYOnGVyrMo33BLzMw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02/09/15 17:11, Adam Vande More wrote: > Yes, depending on configuration. It's trivial to make a jail insecure. > The trick is to make a jail secure and fully functional for your needs. Can you recommend resources that further explicates how to secure jails? I am very interested in this but lack "ideas" on how to attack a system so that I could make it more secure. I'd be happy about any internet resource, book or article. > Yes, but virtualizing is a loaded term. Some people don't consider > jails as virtualization. I do, at least from a certain point of view. > Especially now since independent FS's and network stacks can be > involved. Then you have types like container eg OpenVZ(there was > FreeBSD version of this floating around on 9.x, not sure what happened > to it). The guest in container's have independent kernels so the host > would survive in my original scenario. Same w/ other virtualization > types like KVM, bhyve, VBox, Xen, etc. I also prefer jails. This experience only makes me considering to better secure my jails.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55E7526D.5040101>