# Virtualbox in jail



## max21 (May 27, 2014)

Over the weekend I installed  FreeBSD 9.2; and for the first time, I used portsnap(8), than subversion to install X11, GNOME and Virtualbox.  I had to reinstall multiple times because I ran into a few problems but I had a ball doing so.  After four days, feeling like forty night I learn that VirtualBox-ose would not install because I only had a 2GB swap.  I woke up just-in-time to see the “OUT OF SWAP SPACE” compiler warning. So I wiped the disk once again an made a 4GB swap!!!  I think portsnap and subversion are awesome. 

Now that I know how these process works, I’m doing it again to night, but this time before I install Virtualbox I hoping that someone can provide the details of how to install Virtualbox in jail.  I plan to have my first jail built by tomorrow night.  Until than I need to ask a few questions so that I don’t waste time doing it all the wrong ways all over again.


How do I install the entire Virtualbox in jail and use it under my host FreeBSD box which will be running desktop Gnome.  Windows and Linux are guests?

How do I install all the daemons in jail and the rest of Virtualbox under desktop GNOME?

What are these daemons and why should they be jailed?

If both ways are known to work, what are the benefits of one over the other, or are the results the same?


----------



## wblock@ (May 27, 2014)

Don't use both portsnap(8) and Subversion.  Either one alone will update the ports tree, both together will conflict.

I'd be surprised if it's possible to install VirtualBox in a jail.  Why do you want to do that?


----------



## max21 (May 28, 2014)

This is the page I followed.  I think he just wanted to share both ways of doing upgrades: http://malacube.wordpress.com/tag/freeb ... all-gnome/

It seems that portsnap is only for ports and is the safest. I am surprise_d_ that subversion is for ports and source: https://www.freebsd.org/doc/handbook/ports-using.html

Some people claim they jailed Virtualbox over the pas_t_ few years, even on this forum, but to this day no one has posted how they did it (or I just can't figure or find it. You ask me why would I want to protect my system from Virtualbox. VirtualBox Extension Pack is believed to have back doors for years, thanks to the NSA, but regardless, secure networking is what FreeBSD is all about and nothing should be overlooked.

Allow me to put you on the spot, @wblock@, to save our sanity. I think your answers could hit all four of these million dollar questions in a paragraph or a proven how-to. The truth is, I know you are a very busy contributor, but someone else out there got to know how it’s done or want to learn how to make it work. The best way is to talk up on it.

Why would you be surprised if Virtualbox could be jail_ed_?


----------



## wblock@ (May 28, 2014)

max21 said:
			
		

> It seems that portsnap is only for ports and is the safest. I am surprise_d_ that subversion is for ports and source: https://www.freebsd.org/doc/handbook/ports-using.html



Subversion is version control system, and many things can be put under version control.  FreeBSD has repositories for source, and ports, and documentation.  Either utility can be used to track them, but both should not be used to update the local copy at the same time.



> Some people claim they jailed Virtualbox over the pas_t_ few years, even on this forum, but to this day no one has posted how they did it (or I just can't figure or find it.



Those people would be the ones to ask.



> You ask me why would I want to protect my system from Virtualbox.



Not exactly, but okay.



> Why would you be surprised if Virtualbox could be jail_ed_?



Because VirtualBox is hardware-assisted (if the CPU supports it), while jail(8) is an operating-system level virtualization.  Jails share the same kernel.  I would suspect that giving VirtualBox the permissions to use hardware virtualization within a jail would negate most security value added by the jail.  Maybe it would work adequately and securely with software virtualization.

I can't answer the four questions from the first post.


----------

