Protected Application Environments (Jails)#
VOSS Automate runs the service providing applications in secured jail environments. This has significant value for the security and reliability of the system. It prevents applications from cross-interfering which makes the system more stable and reliable. In terms of security it effectively confines all services to dedicated and separate mini file systems with predictable content. In the event that an attacker were to gain access to the system through a vulnerability in a service he would therefore not gain access to the platform but only to the small confined jail in which the service was running. In that environment only the jail itself is vulnerable and this can be very easily restored if damaged. The underlying system cannot be accessed from the jailed environment.
The VOSS system does not allow direct root access over ssh. If root access is required for debugging purposes, there is a tool called NRS. This tool requires the user to log in as a user with install privileges, who has to run app install nrs. The tool generates a key, which can only be deciphered by VOSS. VOSS uses this key to then gain root access in order to proceed with debugging.