On Thu, Jun 11, 2009 at 2:06 AM, Michael
> Hello everyone,
> I recently took on a project to run a VirtualBox guest within a whole Solaris
> zone. The idea was to protect the Solaris system from any crashes vbox might
> have. I need to run vbox on a production system, but I didn't want to put
> the whole system at risk.
> I was using Solaris 5/09 x86 with VirtualBox 2.2.2. Vbox would run ok as
> long as I didn't try to power-off the virtual machine. When I would power
> off a vbox guest, within just a few mins the Solaris host would panic with
> the following message in syslog:
> [i]genunix: [ID 335743 kern.notice] BAD TRAP: type=e (#pf Page fault)
> rp=d55a3ccc addr=490070e4 occurred in module "genunix" due to an illegal
> access to a user address[/i]
> This was easily repeatable... and in two cases even made the host OS
> unbootable -- device driver couldn't be loaded. Without vbox running, the
> zone would function as expected and run indefinitely without issue.
> As a result of this, I had to change the version of vbox I was using and run
> the vbox within the global zone (risky). It seems to be running rock solid
> so far, but the whole experience has left me seriously questioning the safety
> of Solaris zones. Plus, I don't have the option of isolating the vbox
> machines as I originally had hoped.
> This is where I need help. I may simply have a misunderstanding of what a
> zone can do. My understanding was that applications (ie vbox) running within
> a zone would be completely isolated from the host system. Bad software,
> security breaches, etc. would all be contained within the zone and the host
> system, and any other zones, would be protected from a problem zone. As I
> have explained above, this was not the case.
> So, what should I expect from zones? Since they are not fully isolated from
> the global zone and underlying host, what degree of confidence should I put
> into their resiliency and their security? If, as I experienced, a rogue
> application can cause a system panic, wouldn't a potential intruder be able
> to do the same thing?
> I really was falling in love with Zones and the potential I thought they
> would offer me, but this experience has really made me question my decision
> to use them and I need some help understanding exactly what went wrong.
> If anyone can offer some insight, I'd be grateful.
Your experience shows that zones have a high degree of isolation for
user-level applications, but that the isolation can be significantly
reduced whenever the kernel is modified in some way.
I am assuming that when you installed VirtualBox, you installed the
SUNWvboxkern package in the global zone. That package adds a kernel
module to the kernel. That software runs independently of the zones
framework. If there is a bug in that software - or any other kernel
module - it has the potential to cause the kernel to panic. As you
have seen, this affects all zones on the system.
The same is true if you add a 3rd party file system which requires a
kernel module or device driver.
I suggest discussing the symptom experienced by your system at
http://forums.virtualbox.org/ , or reporting this as a bug at:
zones-discuss mailing list