Am Mi 12 Feb 2014 18:44:11 CET schrieb arnaud gaboury:
That means is that you need to make sure that the users on the host and the
guest machine should have the same UID (usernumber) and GID(GroupNumber).
The point is that you now have 2 "computers" that can access the same data.
If you set access to certain files using different usernames, but identical
(numeric) UID's, the "wrong" people could be able to access those files.
Other then what one would think based on the displayed user- and
groupnames.
It would also make troubleshooting trickier.
If you can keep the used numbers in sync between both installations, then
every user/group permission means the same in both environments.
mvg, Guus
TY Guus for your answer. I think I understand the overall principle.
The trick is I have no idea how setup all this stuff in a concrete
manner. A basic example would help me.
To secure your container you have to make sure that the users in the
container will be represented as different ids to the host system.
Especially root in the container must not have root access to the host.
Here is some more reading material for you:
http://libvirt.org/drvlxc.html#secureusers
http://libvirt.org/formatdomain.html#elementsOSContainer
