I have posted this question on virtualbox.org but there doesn't seem to be much
activity there so am hoping someone with knowledge of VirtualBox can address my
questions.
I want to run OpenBSD/pf in VirtualBox on an OpenSolaris host in a non-global
zone but am unable to get VirtualBox later than the 2.2.0 release to run in a
non-global zone; OpenBSD doesn't work in the VirtualBox 2.2.0 release,
therefore I've been running VirtualBox 2.2.0 with FreeBSD 7.2 in a non-global
zone.
If OpenBSD 4.5 works in VirtualBox 3.0.2 in a non-global zone then my problems
are solved, however, if OpenBSD 4.5 doesn't run in VirtualBox 3.0.2 or VB 3.0.2
doesn't run in a non-global zone then I will have to stay with FreeBSD on
2.2.0. FreeBSD doesn't work with VB 2.2.2 or 2.2.4 in a non-global zone.
The reason to run VirtualBox in a non-global zone is security. If someone
managed to break out of the guest OS they would be contained inside a
non-global zone, versus being in the global zone.
The security questions are:
1) Would it be safer to run OpenBSD 4.5 in VB 3.0.2 in the global zone or
FreeBSD 7.2 in VB 2.2.0 in a non-global zone or is it irrelevant about running
VB in a non-global zone for security purposes?
2) Could an attacker break out of VirtualBox in a global zone or a non-global
zone?
3) If they exploited a flaw in the OS are they confined to VirtualBox itself
or would they be able to break out of VirtualBox and be in the
global/non-global zone?
--
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
