[arch-general] Linux container
ProgAndy
admin at progandy.de
Wed Feb 12 14:06:08 EST 2014
Am Mi 12 Feb 2014 18:44:11 CET schrieb arnaud gaboury:
>>
>> That means is that you need to make sure that the users on the host and the
>> guest machine should have the same UID (usernumber) and GID(GroupNumber).
>>
>> The point is that you now have 2 "computers" that can access the same data.
>> If you set access to certain files using different usernames, but identical
>> (numeric) UID's, the "wrong" people could be able to access those files.
>> Other then what one would think based on the displayed user- and
>> groupnames.
>> It would also make troubleshooting trickier.
>>
>> If you can keep the used numbers in sync between both installations, then
>> every user/group permission means the same in both environments.
>>
>> mvg, Guus
>
>
> TY Guus for your answer. I think I understand the overall principle.
> The trick is I have no idea how setup all this stuff in a concrete
> manner. A basic example would help me.
To secure your container you have to make sure that the users in the
container will be represented as different ids to the host system.
Especially root in the container must not have root access to the host.
Here is some more reading material for you:
http://libvirt.org/drvlxc.html#secureusers
http://libvirt.org/formatdomain.html#elementsOSContainer
More information about the arch-general
mailing list