UIDS-GIDS.md - OpenGrok cross reference for /systemd-251/docs/UIDS-GIDS.md

Lines Matching refs:container
112    65535), in order to provide compatibility with container environments that
124    per-container UID ranges. When the `--private-users=pick` switch is used (or
126    range and assign it to the container. The range is picked so that the upper
127    16bit of the 32bit UIDs are constant for all users of the container, while
129    container. This mode of allocation means that the upper 16bit of any UID
130    assigned to a container are kind of a "container ID", while the lower 16bit
131    directly expose the container's own UID numbers. If you wonder why precisely
137    database records for all UIDs assigned to a running container from this
171 pick — given that 64K UIDs are assigned to each container according to this
181 ## Considerations for container managers
183 If you hack on a container manager, and wonder how and how many UIDs best to
187 user has magic properties, and hence should be available in your container, and
189 range in your container. Note that systemd will — as mentioned — synthesize
192 compatibility with running systemd code inside your container. And most likely
195 2. While it's fine to assign more than 65536 UIDs/GIDs to a container, there's
200 65536 UIDs per container, and neither less nor more. A pretty side-effect is
201 that by doing so, you expose the same number of UIDs per container as Linux 2.2
206 a container ID of some kind, while the lower 16bits directly encode the
207 internal container UID. This is the way `systemd-nspawn` allocates UID ranges
209 `systemd-nspawn` and all other container managers following the scheme, as it
211 as that's what they do, too. Moreover, it makes `chown()`ing container file
213 internal UID in a fixed way, it's very easy to adjust the container's base UID
214 without the need to know the original base UID: to change the container base,
215 just mask away the upper 16bit, and insert the upper 16bit of the new container
217 external UID, and the container base UID from each other:
234 the artifacts the container manager persistently leaves in the system.
239 60514…65534, and the container range 524288…1879048191. This means
242 UIDs outside of these ranges will fail). Thus, if container trees are to be
246 level of UID mapped mounts, at *runtime*) or at a base UID from the container
247 UID range. That said, placing container trees (and in fact any
254 better idea to place container images outside of the home directory,