Update docs about user namespace for LXC

Mention that user namespace can be enabled using the UID/GID
mapping schema.

Fix typo in link anchor for container args in domain XML docs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

docs/drvlxc.html.in

@@ -40,15 +40,11 @@ primary "host" OS environment, the libvirt LXC driver requires that
 certain kernel namespaces are compiled in. Libvirt currently requires
 the 'mount', 'ipc', 'pid', and 'uts' namespaces to be available. If
 separate network interfaces are desired, then the 'net' namespace is
-required. In the near future, the 'user' namespace will optionally be
+required. If the guest configuration declares a
-supported.
+<a href="formatdomain.html#elementsOSContainer">UID or GID mapping</a>,
-</p>
+the 'user' namespace will be enabled to apply these. <strong>A suitably
-
+configured UID/GID mapping is a pre-requisite to making containers
-<p>
+secure, in the absence of sVirt confinement.</strong>
-<strong>NOTE: In the absence of support for the 'user' namespace,
-processes inside containers cannot be securely isolated from host
-process without the use of a mandatory access control technology
-such as SELinux or AppArmor.</strong>
 </p>
 
 <h2><a name="init">Default container setup</a></h2>

docs/formatdomain.html.in

@@ -263,7 +263,7 @@
         <span class="since">Since 1.0.4</span></dd>
     </dl>
 
-    <h4><a name="eleemntsOSContainer">Container boot</a></h4>
+    <h4><a name="elementsOSContainer">Container boot</a></h4>
 
     <p>
       When booting a domain using container based virtualization, instead