[arch-general] Linux container

Guus Snijders gsnijders at gmail.com
Wed Feb 12 11:25:48 EST 2014

Op 12 feb. 2014 12:59 schreef "arnaud gaboury" <arnaud.gaboury at gmail.com>
het volgende:
> Dear all,
> I am slowly building a Arch Linux VM guest on my Arch Linux host.
> The guest machine is now built
> I an following the libvirt.org documentation. Now, according this
> page[1] about lxc driver, i am dealing with namespace requirements.
> This sentence, in bold, puzzles me:
> A suitably configured UID/GID mapping is a pre-requisite to making
> containers secure, in the absence of sVirt confinement.
> If I understand what a namespace is, I have no idea how to make sure
> my UIG/GID mapping is well configured. I would appreciate having any
> hints abut this part of the settings.

That means is that you need to make sure that the users on the host and the
guest machine should have the same UID (usernumber) and GID(GroupNumber).

The point is that you now have 2 "computers" that can access the same data.
If you set access to certain files using different usernames, but identical
(numeric) UID's, the "wrong" people could be able to access those files.
Other then what one would think based on the displayed user- and
It would also make troubleshooting trickier.

If you can keep the used numbers in sync between both installations, then
every user/group permission means the same in both environments.

mvg, Guus

More information about the arch-general mailing list