On Thu, Jun 11, 2009 at 2:06 AM, Michael
McKnight<no-re...@opensolaris.org> wrote:
> Hello everyone,
> I recently took on a project to run a VirtualBox guest within a whole Solaris 
> zone.  The idea was to protect the Solaris system from any crashes vbox might 
> have.  I need to run vbox on a production system, but I didn't want to put 
> the whole system at risk.
> I was using Solaris 5/09 x86 with VirtualBox 2.2.2.  Vbox would run ok as 
> long as I didn't try to power-off the virtual machine.  When I would power 
> off a vbox guest, within just a few mins the Solaris host would panic with 
> the following message in syslog:
> [i]genunix: [ID 335743 kern.notice] BAD TRAP: type=e (#pf Page fault) 
> rp=d55a3ccc addr=490070e4 occurred in module "genunix" due to an illegal 
> access to a user address[/i]
> This was easily repeatable... and in two cases even made the host OS 
> unbootable -- device driver couldn't be loaded.  Without vbox running, the 
> zone would function as expected and run indefinitely without issue.
> As a result of this, I had to change the version of vbox I was using and run 
> the vbox within the global zone (risky).  It seems to be running rock solid 
> so far, but the whole experience has left me seriously questioning the safety 
> of Solaris zones.  Plus, I don't have the option of isolating the vbox 
> machines as I originally had hoped.
> This is where I need help.  I may simply have a misunderstanding of what a 
> zone can do.  My understanding was that applications (ie vbox) running within 
> a zone would be completely isolated from the host system.  Bad software, 
> security breaches, etc. would all be contained within the zone and the host 
> system, and any other zones, would be protected from a problem zone.  As I 
> have explained above, this was not the case.
> So, what should I expect from zones?  Since they are not fully isolated from 
> the global zone and underlying host, what degree of confidence should I put 
> into their resiliency and their security?  If, as I experienced, a rogue 
> application can cause a system panic, wouldn't a potential intruder be able 
> to do the same thing?
> I really was falling in love with Zones and the potential I thought they 
> would offer me, but this experience has really made me question my decision 
> to use them and I need some help understanding exactly what went wrong.
> If anyone can offer some insight, I'd be grateful.


Your experience shows that zones have a high degree of isolation for
user-level applications, but that the isolation can be significantly
reduced whenever the kernel is modified in some way.

I am assuming that when you installed VirtualBox, you installed the
SUNWvboxkern package in the global zone. That package adds a kernel
module to the kernel. That software runs independently of the zones
framework. If there is a bug in that software - or any other kernel
module - it has the potential to cause the kernel to panic. As you
have seen, this affects all zones on the system.

The same is true if you add a 3rd party file system which requires a
kernel module or device driver.

I suggest discussing the symptom experienced by your system at
http://forums.virtualbox.org/ , or reporting this as a bug at:
http://www.virtualbox.org/wiki/Bugtracker .

zones-discuss mailing list

Reply via email to