lxc_map_ids: add a comment

author Serge Hallyn <serge.hallyn@ubuntu.com>

Mon, 15 Sep 2014 00:35:02 +0000 (00:35 +0000)

committer Stéphane Graber <stgraber@ubuntu.com>

Fri, 19 Sep 2014 21:05:12 +0000 (17:05 -0400)
author Serge Hallyn <serge.hallyn@ubuntu.com>
Mon, 15 Sep 2014 00:35:02 +0000 (00:35 +0000)
committer Stéphane Graber <stgraber@ubuntu.com>
Fri, 19 Sep 2014 21:05:12 +0000 (17:05 -0400)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c

index 5e61c35890c0e5b308bd569a469948bbfb3742d7..e61002b7f7d799a8cb005540afea1daa31428c86 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3429,6 +3429,12 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
         enum idtype type;
         char *buf = NULL, *pos, *cmdpath = NULL;
  
+       /*
+        * If newuidmap exists, that is, if shadow is handing out subuid
+        * ranges, then insist that root also reserve ranges in subuid.  This
+        * will protected it by preventing another user from being handed the
+        * range by shadow.
+        */
         cmdpath = on_path("newuidmap", NULL);
         if (cmdpath) {
                 use_shadow = 1;
author	Serge Hallyn <serge.hallyn@ubuntu.com>
	Mon, 15 Sep 2014 00:35:02 +0000 (00:35 +0000)
committer	Stéphane Graber <stgraber@ubuntu.com>
	Fri, 19 Sep 2014 21:05:12 +0000 (17:05 -0400)