Op 12 feb. 2014 12:59 schreef "arnaud gaboury" <arnaud.gaboury@xxxxxxxxx> het volgende: > > Dear all, > > I am slowly building a Arch Linux VM guest on my Arch Linux host. > > The guest machine is now built [...] > I an following the libvirt.org documentation. Now, according this > page[1] about lxc driver, i am dealing with namespace requirements. > This sentence, in bold, puzzles me: > > A suitably configured UID/GID mapping is a pre-requisite to making > containers secure, in the absence of sVirt confinement. > > If I understand what a namespace is, I have no idea how to make sure > my UIG/GID mapping is well configured. I would appreciate having any > hints abut this part of the settings. That means is that you need to make sure that the users on the host and the guest machine should have the same UID (usernumber) and GID(GroupNumber). The point is that you now have 2 "computers" that can access the same data. If you set access to certain files using different usernames, but identical (numeric) UID's, the "wrong" people could be able to access those files. Other then what one would think based on the displayed user- and groupnames. It would also make troubleshooting trickier. If you can keep the used numbers in sync between both installations, then every user/group permission means the same in both environments. mvg, Guus
