> But I was considering running VirtualBox in each local zone and surf from the
> VirtualBox virtual machines. So, in that case, then you can exploit that
> attack in each local zone. But you could not access the other local zones,
> because of underlying Zone model?
As a part of VBox is locate
On 26 November 2010 13:25, Orvar Korvar wrote:
> If hacker exploits a bug in the VBox driver and corrupts kernel memory so he
> gets into the global zone, then maybe it is safer to not use VBox?
If such bug exists then it'll be safer to not use VBox, however, I'm
not aware of any such bug. VBox
On 26 November 2010 10:50, Orvar Korvar wrote:
> petrben,
> Yes that is my question too: "is running in a local zone safer?". That is why
> I created this thread.
Yep and I found your question interesting and want to know more as well.
If you are the only administrator on the machine is there an
On 26 November 2010 04:07, Jeff Victor wrote:
> On Thu, Nov 25, 2010 at 9:21 AM, Petr Benes wrote:
>>> Limit the damage if the Zone's VBox application is somehow
>>> subverted by the guest OS.
>>
>> There are VBox modules in the kernel and the containers
> Limit the damage if the Zone's VBox application is somehow
> subverted by the guest OS.
There are VBox modules in the kernel and the containers framework
can't stop misbehavior in kernelspace.
>
>
> Beyond security, running VBox in a Zone allows you to make
> use of Zone Resource Controls and C
Hmm. VBox obviously needs to be installed in the global zone before.
Is running it in a local zone significantly safer? Yep for separating
different possible users, but it won't make running guests safer per
se. What is the supposed security merit there?T
On 25 November 2010 11:25, Petr
Oh, thanks.
On 25 November 2010 11:25, Cyril Plisko wrote:
> On Thu, Nov 25, 2010 at 12:08 PM, Petr Benes wrote:
>> I bet VBox can't run inside the local zone.
>
> Well, you lost. See VirtualBox User Manual
>
> 2.4.5 Configuring a zone for running VirtualBox
>
&g
I bet VBox can't run inside the local zone.
On 24 November 2010 20:04, Orvar Korvar wrote:
> Uhmmm... A thought just struck me.
>
> Is it really possible to do what I was thinking? If I install WinXP
> virtually, in VirtualBox, in a local zone - then I shut down the global zone
> NIC - how can
> Sure ... but that refers specifically to DR-related issues,
DR-related issues with kernel cage unable to return memory.
In case you are on a DR-capable system you have troubles with
DR itself. On other HW kernel won't just return memory to OS.
> and that's
> not what the original poster compla
> That leaves unanswered the underlying question: why do you need to do
> this at all? Isn't the ZFS ARC supposed to release memory when the
> system is under pressure? Is that mechanism not working well in some
> cases ... ?
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6522017
"
add to /etc/system something like (value depends on your needs)
* limit greedy ZFS to 4 GiB
set zfs:zfs_arc_max = 4294967296
And yes, this has nothing to do with zones :-).
Regards,
Petr
On 03/06/2010, Ketan wrote:
> We are having a server running zfs root with 64G RAM and the system has 3
> z
11 matches
Mail list logo
