diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-07-14 12:25:32 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-07-20 14:53:15 +0200 |
commit | 065d31c3601a80dffd278f43619773682ac35b29 (patch) | |
tree | 79639273aabecbcf054b1b749d2a277b13cdf50d /src/nspawn/nspawn.c | |
parent | 00d0fd0619a8651a6fb65c056eddfc87ff8f56ca (diff) |
nspawn: document why the uid shift range is the way it is
Diffstat (limited to 'src/nspawn/nspawn.c')
-rw-r--r-- | src/nspawn/nspawn.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index e4be0a2251..32e40f5d21 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -101,9 +101,11 @@ #include "util.h" /* Note that devpts's gid= parameter parses GIDs as signed values, hence we stay away from the upper half of the 32bit - * UID range here */ + * UID range here. We leave a bit of room at the lower end and a lot of room at the upper end, so that other subsystems + * may have their own allocation ranges too. */ #define UID_SHIFT_PICK_MIN ((uid_t) UINT32_C(0x00080000)) #define UID_SHIFT_PICK_MAX ((uid_t) UINT32_C(0x6FFF0000)) + /* nspawn is listening on the socket at the path in the constant nspawn_notify_socket_path * nspawn_notify_socket_path is relative to the container * the init process in the container pid can send messages to nspawn following the sd_notify(3) protocol */ |