That leaves unanswered the underlying question: why do you need to do
this at all? Isn't the ZFS ARC supposed to release memory when the
system is under pressure? Is that mechanism not working well in some
cases ... ?
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6522017
...
Sure ... but that refers specifically to DR-related issues,
DR-related issues with kernel cage unable to return memory.
In case you are on a DR-capable system you have troubles with
DR itself. On other HW kernel won't just return memory to OS.
and that's
not what the original poster
I bet VBox can't run inside the local zone.
On 24 November 2010 20:04, Orvar Korvar knatte_fnatte_tja...@yahoo.com wrote:
Uhmmm... A thought just struck me.
Is it really possible to do what I was thinking? If I install WinXP
virtually, in VirtualBox, in a local zone - then I shut down the
Oh, thanks.
On 25 November 2010 11:25, Cyril Plisko cyril.pli...@mountall.com wrote:
On Thu, Nov 25, 2010 at 12:08 PM, Petr Benes petr...@gmail.com wrote:
I bet VBox can't run inside the local zone.
Well, you lost. See VirtualBox User Manual
2.4.5 Configuring a zone for running VirtualBox
Hmm. VBox obviously needs to be installed in the global zone before.
Is running it in a local zone significantly safer? Yep for separating
different possible users, but it won't make running guests safer per
se. What is the supposed security merit there?T
On 25 November 2010 11:25, Petr Benes
Limit the damage if the Zone's VBox application is somehow
subverted by the guest OS.
There are VBox modules in the kernel and the containers framework
can't stop misbehavior in kernelspace.
Beyond security, running VBox in a Zone allows you to make
use of Zone Resource Controls and
On 26 November 2010 04:07, Jeff Victor jeff.j.vic...@gmail.com wrote:
On Thu, Nov 25, 2010 at 9:21 AM, Petr Benes petr...@gmail.com wrote:
Limit the damage if the Zone's VBox application is somehow
subverted by the guest OS.
There are VBox modules in the kernel and the containers framework
On 26 November 2010 10:50, Orvar Korvar knatte_fnatte_tja...@yahoo.com wrote:
petrben,
Yes that is my question too: is running in a local zone safer?. That is why
I created this thread.
Yep and I found your question interesting and want to know more as well.
If you are the only administrator
On 26 November 2010 13:25, Orvar Korvar knatte_fnatte_tja...@yahoo.com wrote:
If hacker exploits a bug in the VBox driver and corrupts kernel memory so he
gets into the global zone, then maybe it is safer to not use VBox?
If such bug exists then it'll be safer to not use VBox, however, I'm
not
But I was considering running VirtualBox in each local zone and surf from the
VirtualBox virtual machines. So, in that case, then you can exploit that
attack in each local zone. But you could not access the other local zones,
because of underlying Zone model?
As a part of VBox is located
10 matches
Mail list logo
