From b05a221b086e27b7fc1b7a39942cf772f9e2f5f1 Mon Sep 17 00:00:00 2001
From: Lucas Werkmeister <mail@lucaswerkmeister.de>
Date: Tue, 21 Mar 2017 10:40:42 +0100
Subject: [PATCH] add: natives/README.md

Change-Id: Ifaaca33c53c18886e39ea847d151d902709dc29a
---
 natives/README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 natives/README.md

diff --git a/natives/README.md b/natives/README.md
new file mode 100644
index 00000000..49144dfe
--- /dev/null
+++ b/natives/README.md
@@ -0,0 +1,10 @@
+This native method exposes the *man:setuid(2)* and *man:setgid(2)* system calls to Java.
+Java code can call `club.wpia.gigi.natives.SetUID.setUid(uid, gid)` to set the user and group ID to the specified values if they’re currently different.
+
+Gigi can use this to bind to Internet domain privileged ports (port numbers below 1024)
+when started as root and then drop privileges by changing to a non-root user.
+
+It should be noted that this is rarely necessary;
+it is much safer to start Gigi as a regular user with `CAP_NET_BIND_SERVICE` (see *man:capabilities(7)*).
+Gigi can also inherit its socket from the environment (file descriptor 0),
+e. g. from systemd (see *man:systemd.socket(5)*) or (x)inetd.
-- 
2.39.2