On Wed, 12 Feb 2014 12:59:43 +0100 arnaud gaboury <arnaud.gaboury@gmail.com> wrote:
Dear all,
I am slowly building a Arch Linux VM guest on my Arch Linux host.
The guest machine is now built and is recognized as shown by this command :
gabx@hortensia ➤➤ ~ % machinectl list MACHINE CONTAINER SERVICE dahlia container nspawn
1 machines listed.
I an following the libvirt.org documentation. Now, according this page[1] about lxc driver, i am dealing with namespace requirements. This sentence, in bold, puzzles me:
A suitably configured UID/GID mapping is a pre-requisite to making containers secure, in the absence of sVirt confinement.
If I understand what a namespace is, I have no idea how to make sure my UIG/GID mapping is well configured. I would appreciate having any hints abut this part of the settings.
User namespaces are currently disabled in the -ARCH kernel, so you should either build your own kernel, or do not configure any mapping (it is optional).
Another question : is there any advantage/disadvantage using the lxc Userspace tools[2] instead of libvirt to manage these namespaces ?
Namespaces are property of the kernel, not a userspace tool, so both are equivalent. Having said that, I prefer lxc tools because they are somewhat more flexible and come with fewer dependencies. Also notice, that if you don't need an advanced network configuration, systemd-nspawn may be sufficient for your purposes.
Thank you for help.
[1]http://libvirt.org/drvlxc.html [2]http://linuxcontainers.org/
-- Leonid Isaev GPG key fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D