nspawn: document why the uid shift range is the way it is

author Lennart Poettering <lennart@poettering.net>

Thu, 14 Jul 2016 10:25:32 +0000 (12:25 +0200)

committer Lennart Poettering <lennart@poettering.net>

Wed, 20 Jul 2016 12:53:15 +0000 (14:53 +0200)
author Lennart Poettering <lennart@poettering.net>
Thu, 14 Jul 2016 10:25:32 +0000 (12:25 +0200)
committer Lennart Poettering <lennart@poettering.net>
Wed, 20 Jul 2016 12:53:15 +0000 (14:53 +0200)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c

index e4be0a2..32e40f5 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -101,9 +101,11 @@
  #include "util.h"
  
  /* Note that devpts's gid= parameter parses GIDs as signed values, hence we stay away from the upper half of the 32bit
- * UID range here */
+ * UID range here. We leave a bit of room at the lower end and a lot of room at the upper end, so that other subsystems
+ * may have their own allocation ranges too. */
  #define UID_SHIFT_PICK_MIN ((uid_t) UINT32_C(0x00080000))
  #define UID_SHIFT_PICK_MAX ((uid_t) UINT32_C(0x6FFF0000))
+
  /* nspawn is listening on the socket at the path in the constant nspawn_notify_socket_path
   * nspawn_notify_socket_path is relative to the container
   * the init process in the container pid can send messages to nspawn following the sd_notify(3) protocol */
author	Lennart Poettering <lennart@poettering.net>
	Thu, 14 Jul 2016 10:25:32 +0000 (12:25 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 20 Jul 2016 12:53:15 +0000 (14:53 +0200)