Protect Jail against Admin

[marcellinus]

Hi

I currently plan a deployment for a client. However, the ideal solution is a single TrueNAS with services running iside jails. However, the client has some compliance issues with that: Is it possible to protect a jail against Administrator access to the files stored inside a jail?
I assume main problem is that one can simply click "shell" to gain root access to all jails, asuming you are TreuNAS Operator/Admin.
Can this shell get disabled, password or key protected?

Thanks
KR, M.

 

[jgreco]

It's not possible to protect a jail against an experienced superuser with access to the host environment. You need to take steps such as encrypting your files so that superuser access cannot reveal the contents. The superuser is always going to be able to read the bytes you store on your NAS. Merely blocking access to "shell" is insufficient; root logins via SSH or other access routes would need to be entirely blocked off. Even if you managed to deploy something like homomorphic encryption and created a zero trust environment, a superuser would still have the ability to tinker with the contents of the jail, so any fiat/compliance issues are nontrivial to solve. A jail can be made significantly more secure for particular use cases through careful design and risk analysis, but there will always be risk.