> Limit the damage if the Zone's VBox application is somehow
> subverted by the guest OS.
There are VBox modules in the kernel and the containers framework
can't stop misbehavior in kernelspace.
> Beyond security, running VBox in a Zone allows you to make
> use of Zone Resource Controls and Crossbow networking.
> Cool stuff!
No question about cool features. My concern is if running VBox in a
local zone has any security advantage regarding an evil guest over
running it in the global one. And if so, why? VBox process itself
doesn't run as a root but there are its drivers the attack may go
> zones-discuss mailing list
zones-discuss mailing list