lxc_map_ids: add a comment

Explain why we insist that root use newuidmap if it is available. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc_map_ids: add a comment
22038de5 · Serge Hallyn · Stéphane Graber · dc5518b8 · 22038de5
Commit 22038de5 authored Sep 15, 2014 by Serge Hallyn Committed by Stéphane Graber Sep 19, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

conf.c src/lxc/conf.c +6 -0

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3429,6 +3429,12 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 	enum idtype type;
 	char *buf = NULL, *pos, *cmdpath = NULL;
+	/*
+	 * If newuidmap exists, that is, if shadow is handing out subuid
+	 * ranges, then insist that root also reserve ranges in subuid.  This
+	 * will protected it by preventing another user from being handed the
+	 * range by shadow.
+	 */
 	cmdpath = on_path("newuidmap", NULL);
 	if (cmdpath) {
 		use_shadow = 1;