From 68709a636c838e0754b49caa6ff2d4168e3c99c8 Mon Sep 17 00:00:00 2001 From: Dmitry Borodaenko Date: Tue, 22 Dec 2020 17:54:04 -0800 Subject: [PATCH] man/systemd-nspawn: document hashing machine name for uid base Explicitly document the behavior introduced in #7437: when picking a new UID shift base with "-U", a hash of the machine name will be tried before falling back to fully random UID base candidates. --- man/systemd-nspawn.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index a720d401e7..d282238146 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -714,7 +714,8 @@ this way is used, similar to the behavior if "yes" is specified. If the check is not successful (and thus the UID/GID range indicated in the root directory's file owner is already used elsewhere) a new – currently unused – UID/GID range of 65536 UIDs/GIDs is randomly chosen between the host UID/GIDs of 524288 and - 1878982656, always starting at a multiple of 65536. This setting implies + 1878982656, always starting at a multiple of 65536, and, if possible, consistently hashed from the machine + name. This setting implies (see below), which has the effect that the files and directories in the container's directory tree will be owned by the appropriate users of the range picked. Using this option makes user namespace behavior fully automatic. Note that the first invocation of a previously unused