On Thu, Jun 11, 2009 at 2:06 AM, Michael
McKnightno-re...@opensolaris.org wrote:
Hello everyone,
I recently took on a project to run a VirtualBox guest within a whole Solaris
zone. The idea was to protect the Solaris system from any crashes vbox might
have. I need to run vbox on a production system, but I didn't want to put
the whole system at risk.
I was using Solaris 5/09 x86 with VirtualBox 2.2.2. Vbox would run ok as
long as I didn't try to power-off the virtual machine. When I would power
off a vbox guest, within just a few mins the Solaris host would panic with
the following message in syslog:
[i]genunix: [ID 335743 kern.notice] BAD TRAP: type=e (#pf Page fault)
rp=d55a3ccc addr=490070e4 occurred in module genunix due to an illegal
access to a user address[/i]
This was easily repeatable... and in two cases even made the host OS
unbootable -- device driver couldn't be loaded. Without vbox running, the
zone would function as expected and run indefinitely without issue.
As a result of this, I had to change the version of vbox I was using and run
the vbox within the global zone (risky). It seems to be running rock solid
so far, but the whole experience has left me seriously questioning the safety
of Solaris zones. Plus, I don't have the option of isolating the vbox
machines as I originally had hoped.
This is where I need help. I may simply have a misunderstanding of what a
zone can do. My understanding was that applications (ie vbox) running within
a zone would be completely isolated from the host system. Bad software,
security breaches, etc. would all be contained within the zone and the host
system, and any other zones, would be protected from a problem zone. As I
have explained above, this was not the case.
So, what should I expect from zones? Since they are not fully isolated from
the global zone and underlying host, what degree of confidence should I put
into their resiliency and their security? If, as I experienced, a rogue
application can cause a system panic, wouldn't a potential intruder be able
to do the same thing?
I really was falling in love with Zones and the potential I thought they
would offer me, but this experience has really made me question my decision
to use them and I need some help understanding exactly what went wrong.
If anyone can offer some insight, I'd be grateful.
Michael,
Your experience shows that zones have a high degree of isolation for
user-level applications, but that the isolation can be significantly
reduced whenever the kernel is modified in some way.
I am assuming that when you installed VirtualBox, you installed the
SUNWvboxkern package in the global zone. That package adds a kernel
module to the kernel. That software runs independently of the zones
framework. If there is a bug in that software - or any other kernel
module - it has the potential to cause the kernel to panic. As you
have seen, this affects all zones on the system.
The same is true if you add a 3rd party file system which requires a
kernel module or device driver.
I suggest discussing the symptom experienced by your system at
http://forums.virtualbox.org/ , or reporting this as a bug at:
http://www.virtualbox.org/wiki/Bugtracker .
--JeffV
___
zones-discuss mailing list
zones-discuss@opensolaris.org