1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
#include <errno.h>
#include <inttypes.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#define LXD_MIN 1000000
#define LXD_MAX 1001000000
#define SYSTEMD_MIN 524288
#define SYSTEMD_MAX 1879048191
#define HOST_MIN 524288 // 2^19
#define HOST_MAX 2147483648 // 2^31
#define INTERNAL_UPPER 65535 // 2^16 - 1
#define LSB_MAX 99
#define USERADD_SYS_MIN 500
#define USERADD_SYS_MAX 999
#define USERADD_REG_MIN 1000
#define USERADD_REG_MAX 60000
#define SNAPD_SHARED_USERNAMES_MIN 60500
#define SNAPD_SHARED_USERNAMES_MAX 60999
#define SNAPD_PRIVATE_USERNAMES_MIN 61000
#define SNAPD_PRIVATE_USERNAMES_MAX 65519
int main(int argc, char *argv[])
{
uint32_t base_min;
if (argc < 2) {
fprintf(stderr, "Usage: %s <external base id>\n", argv[0]);
return 1;
}
errno = 0;
base_min = strtoll(argv[1], NULL, 10);
if (errno != 0) {
perror("strtoll");
return 1;
}
uint32_t base_max = base_min + INTERNAL_UPPER;
if (base_max < base_min) {
fprintf(stderr, "not enough room for %u ids with %u\n", INTERNAL_UPPER, base_min);
return 1;
}
if (base_min >= HOST_MAX || base_max >= HOST_MAX) {
fprintf(stderr, "WARN: dangerous range has values >= 2^31\n");
} else if (base_min < HOST_MIN) {
fprintf(stderr, "WARN: range has values that may conflict with LDAP/ssd/etc\n");
}
if (base_min >= LXD_MIN && base_max <= LXD_MAX) {
fprintf(stderr, "WARN: range has values that overlap with LXD defaults\n");
}
// https://systemd.io/UIDS-GIDS.html
// INTERNAL_UID = EXTERNAL_UID & 0x0000FFFF
// CONTAINER_BASE_UID = EXTERNAL_UID & 0xFFFF0000
// EXTERNAL_UID = INTERNAL_UID | CONTAINER_BASE_UID
uint32_t low_min = base_min & 0x0000FFFF;
if (low_min != 0) {
fprintf(stderr, "%u (%08x) base has low 16 minimum %u != 0\n", base_min, base_min, low_min);
return 1;
}
uint32_t low_max = base_max & 0x0000FFFF;
if (low_max != INTERNAL_UPPER) {
fprintf(stderr, "%u (%08x) base has low 16 maximum %u != %d\n", base_max, base_max, low_max, INTERNAL_UPPER);
return 1;
}
printf("Host range: %u-%u (%08x-%08x; %u-%u)\n",
base_min,
base_max,
base_min,
base_max,
low_min,
low_max);
printf("LSB static range: %u-%u (%08x-%08x; %u-%u)\n",
base_min,
base_min + LSB_MAX,
base_min,
base_min + LSB_MAX,
low_min,
low_min + LSB_MAX);
printf("Useradd system range: %u-%u (%08x-%08x; %u-%u)\n",
base_min + USERADD_SYS_MIN,
base_min + USERADD_SYS_MAX,
base_min + USERADD_SYS_MIN,
base_min + USERADD_SYS_MAX,
low_min + USERADD_SYS_MIN,
low_min + USERADD_SYS_MAX);
printf("Useradd regular range: %u-%u (%08x-%08x; %u-%u)\n",
base_min + USERADD_REG_MIN,
base_min + USERADD_REG_MAX,
base_min + USERADD_REG_MIN,
base_min + USERADD_REG_MAX,
low_min + USERADD_REG_MIN,
low_min + USERADD_REG_MAX);
printf("Snapd shared range: %u-%u (%08x-%08x; %u-%u)\n",
base_min + SNAPD_SHARED_USERNAMES_MIN,
base_min + SNAPD_SHARED_USERNAMES_MAX,
base_min + SNAPD_SHARED_USERNAMES_MIN,
base_min + SNAPD_SHARED_USERNAMES_MAX,
low_min + SNAPD_SHARED_USERNAMES_MIN,
low_min + SNAPD_SHARED_USERNAMES_MAX);
printf("Snapd private range: %u-%u (%08x-%08x; %u-%u)\n",
base_min + SNAPD_PRIVATE_USERNAMES_MIN,
base_min + SNAPD_PRIVATE_USERNAMES_MAX,
base_min + SNAPD_PRIVATE_USERNAMES_MIN,
base_min + SNAPD_PRIVATE_USERNAMES_MAX,
low_min + SNAPD_PRIVATE_USERNAMES_MIN,
low_min + SNAPD_PRIVATE_USERNAMES_MAX);
//printf("systemd-nspawn detected: %u (%08x)\n", base_min, base_min);
return 0;
}
|