On Thu, Jun 11, 2009 at 2:06 AM, Michael McKnight<no-re...@opensolaris.org> wrote: > Hello everyone, > > I recently took on a project to run a VirtualBox guest within a whole Solaris > zone. The idea was to protect the Solaris system from any crashes vbox might > have. I need to run vbox on a production system, but I didn't want to put > the whole system at risk. > > I was using Solaris 5/09 x86 with VirtualBox 2.2.2. Vbox would run ok as > long as I didn't try to power-off the virtual machine. When I would power > off a vbox guest, within just a few mins the Solaris host would panic with > the following message in syslog: > > [i]genunix: [ID 335743 kern.notice] BAD TRAP: type=e (#pf Page fault) > rp=d55a3ccc addr=490070e4 occurred in module "genunix" due to an illegal > access to a user address[/i] > > This was easily repeatable... and in two cases even made the host OS > unbootable -- device driver couldn't be loaded. Without vbox running, the > zone would function as expected and run indefinitely without issue. > > As a result of this, I had to change the version of vbox I was using and run > the vbox within the global zone (risky). It seems to be running rock solid > so far, but the whole experience has left me seriously questioning the safety > of Solaris zones. Plus, I don't have the option of isolating the vbox > machines as I originally had hoped. > > This is where I need help. I may simply have a misunderstanding of what a > zone can do. My understanding was that applications (ie vbox) running within > a zone would be completely isolated from the host system. Bad software, > security breaches, etc. would all be contained within the zone and the host > system, and any other zones, would be protected from a problem zone. As I > have explained above, this was not the case. > > So, what should I expect from zones? Since they are not fully isolated from > the global zone and underlying host, what degree of confidence should I put > into their resiliency and their security? If, as I experienced, a rogue > application can cause a system panic, wouldn't a potential intruder be able > to do the same thing? > > I really was falling in love with Zones and the potential I thought they > would offer me, but this experience has really made me question my decision > to use them and I need some help understanding exactly what went wrong. > > If anyone can offer some insight, I'd be grateful.
Michael, Your experience shows that zones have a high degree of isolation for user-level applications, but that the isolation can be significantly reduced whenever the kernel is modified in some way. I am assuming that when you installed VirtualBox, you installed the SUNWvboxkern package in the global zone. That package adds a kernel module to the kernel. That software runs independently of the zones framework. If there is a bug in that software - or any other kernel module - it has the potential to cause the kernel to panic. As you have seen, this affects all zones on the system. The same is true if you add a 3rd party file system which requires a kernel module or device driver. I suggest discussing the symptom experienced by your system at http://forums.virtualbox.org/ , or reporting this as a bug at: http://www.virtualbox.org/wiki/Bugtracker . --JeffV _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
