sysjail

{{Short description|Virtualisation software}}

{{lowercase title}}

sysjail is a defunct user-land virtualiser for systems supporting the systrace library - as of version 1.0 limited to OpenBSD, NetBSD and MirOS. Its original design was inspired by FreeBSD jail, a similar utility (although part of the kernel) for FreeBSD. sysjail was developed and released in 2006 by Kristaps Dzonsons (aka Johnson), a research assistant in Game theory at the Stockholm School of Economics, and Maikls Deksters.[http://old.nabble.com/sysjail%3A-OpenBSD-%22jail%22-implementation-p4513064.html sysjail: OpenBSD "jail" implementation], Kristaps Dzonsons, 2006-05-22, OpenBSD misc mailing list

sysjail was re-written from scratch in 2007 to support emulated processes in jails, limited (initially) to Linux emulation.

The project was officially discontinued on 3 March 2009 due to flaws inherent to syscall wrapper-based security architectures. The restrictions of sysjail could be evaded by exploiting race conditions between the wrapper's security checks and kernel's execution of the syscalls. Watson, Robert N. M., [http://www.watson.org/~robert/2007woot/ Exploiting Concurrency Vulnerabilities in System Call Wrappers]