> Limit the damage if the Zone's VBox application is somehow > subverted by the guest OS.
There are VBox modules in the kernel and the containers framework can't stop misbehavior in kernelspace. > > > Beyond security, running VBox in a Zone allows you to make > use of Zone Resource Controls and Crossbow networking. > Cool stuff! No question about cool features. My concern is if running VBox in a local zone has any security advantage regarding an evil guest over running it in the global one. And if so, why? VBox process itself doesn't run as a root but there are its drivers the attack may go through. Petr > > John > groenv...@acm.org > _______________________________________________ > zones-discuss mailing list > firstname.lastname@example.org > _______________________________________________ zones-discuss mailing list email@example.com