From owner-freebsd-questions@freebsd.org Wed Sep 2 15:11:33 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 131CF9C9142 for ; Wed, 2 Sep 2015 15:11:33 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A7CD3371 for ; Wed, 2 Sep 2015 15:11:32 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: by wicge5 with SMTP id ge5so44540301wic.0 for ; Wed, 02 Sep 2015 08:11:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xOchzVjsT2U97vJ5YqfvsAJqHW8l6ZfuIQ3yepMmUCM=; b=Fr3gte4M/MuSlioHu1DxmIpHx61o56W7AhMMLVRu7/DnAk8yOWOHPBBz+Si0m87W+S 42sHZQJMHGbBlNMIO2LvtWuQ9Uhf2i1/3G2g7DBLl3gUw7Fhy3f/CiJno9+nH4nFLDNY 18ybfaGRLz0w6mCB4iQeYiEWbRwthmMWaUrLtMru5uvcqPx743xAPaOaATtOjv6C3F5m A2r01YXREa2AqTdECSzD8JmqB1yOD+DO2Ojf/fftqCIyAFgURTJAal8H6emWGHnQVW8S m+jPSDoZBj/L1mVABwft22Tz2Vw1ruaPhUax+YDKxliy+cZJuUgb6IAJoyGnQDqhLxGJ 7uYQ== MIME-Version: 1.0 X-Received: by 10.194.187.79 with SMTP id fq15mr10870262wjc.142.1441206691210; Wed, 02 Sep 2015 08:11:31 -0700 (PDT) Received: by 10.194.67.5 with HTTP; Wed, 2 Sep 2015 08:11:31 -0700 (PDT) In-Reply-To: <55E704D4.2050607@kulturflatrate.net> References: <55E6E26A.1040706@kulturflatrate.net> <55E704D4.2050607@kulturflatrate.net> Date: Wed, 2 Sep 2015 10:11:31 -0500 Message-ID: Subject: Re: Jail causes host to reboot From: Adam Vande More To: Niklaas Baudet von Gersdorff Cc: FreeBSD Questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2015 15:11:33 -0000 On Wed, Sep 2, 2015 at 9:16 AM, Niklaas Baudet von Gersdorff < niklaas@kulturflatrate.net> wrote: > On 02/09/15 15:56, Adam Vande More wrote: > > Thanks for this clarification. > > So, in case someone is able to get access to a jail and causes a kernel > panic, the person can compromise the entire host system? > Yes, depending on configuration. It's trivial to make a jail insecure. The trick is to make a jail secure and fully functional for your needs. > I doubt that it is possible but you saying "depending on configuration" > brought up the following question: Is there a way to tell the host > system to only shut down the jail (and maybe send an email to me) in > case the jail causes a panic and not reboot the entire system? > The host and jails use the same kernel, so if there's a panic it all goes down. A separate monitoring and alerting platform is the only reliable way I know to get emails if something goes down. Am I right that the only way to prevent such failure is virtualising an > entire operating system instead of using a jail? > Yes, but virtualizing is a loaded term. Some people don't consider jails as virtualization. I do, at least from a certain point of view. Especially now since independent FS's and network stacks can be involved. Then you have types like container eg OpenVZ(there was FreeBSD version of this floating around on 9.x, not sure what happened to it). The guest in container's have independent kernels so the host would survive in my original scenario. Same w/ other virtualization types like KVM, bhyve, VBox, Xen, etc. -- Adam