On Wed, 12 Feb 2014 12:59:43 +0100 arnaud gaboury <arnaud.gaboury@xxxxxxxxx> wrote: > Dear all, > > I am slowly building a Arch Linux VM guest on my Arch Linux host. > > The guest machine is now built and is recognized as shown by this command : > > gabx@hortensia ➤➤ ~ % machinectl list > MACHINE CONTAINER SERVICE > dahlia container nspawn > > 1 machines listed. > > I an following the libvirt.org documentation. Now, according this > page[1] about lxc driver, i am dealing with namespace requirements. > This sentence, in bold, puzzles me: > > A suitably configured UID/GID mapping is a pre-requisite to making > containers secure, in the absence of sVirt confinement. > > If I understand what a namespace is, I have no idea how to make sure > my UIG/GID mapping is well configured. I would appreciate having any > hints abut this part of the settings. User namespaces are currently disabled in the -ARCH kernel, so you should either build your own kernel, or do not configure any mapping (it is optional). > > Another question : is there any advantage/disadvantage using the lxc > Userspace tools[2] instead of libvirt to manage these namespaces ? Namespaces are property of the kernel, not a userspace tool, so both are equivalent. Having said that, I prefer lxc tools because they are somewhat more flexible and come with fewer dependencies. Also notice, that if you don't need an advanced network configuration, systemd-nspawn may be sufficient for your purposes. > > Thank you for help. > > > > > [1]http://libvirt.org/drvlxc.html > [2]http://linuxcontainers.org/ -- Leonid Isaev GPG key fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
Attachment:
signature.asc
Description: PGP signature
