From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Jul 2016 10:25:32 +0000 (+0200)
Subject: nspawn: document why the uid shift range is the way it is
X-Git-Tag: v231~29^2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=065d31c3601a80dffd278f43619773682ac35b29;p=thirdparty%2Fsystemd.git

nspawn: document why the uid shift range is the way it is
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index e4be0a22513..32e40f5d210 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -101,9 +101,11 @@
 #include "util.h"
 
 /* Note that devpts's gid= parameter parses GIDs as signed values, hence we stay away from the upper half of the 32bit
- * UID range here */
+ * UID range here. We leave a bit of room at the lower end and a lot of room at the upper end, so that other subsystems
+ * may have their own allocation ranges too. */
 #define UID_SHIFT_PICK_MIN ((uid_t) UINT32_C(0x00080000))
 #define UID_SHIFT_PICK_MAX ((uid_t) UINT32_C(0x6FFF0000))
+
 /* nspawn is listening on the socket at the path in the constant nspawn_notify_socket_path
  * nspawn_notify_socket_path is relative to the container
  * the init process in the container pid can send messages to nspawn following the sd_notify(3) protocol */