lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1c1c2e7d-8121-65bc-60f9-b93bbe2ff411@gmail.com>
Date:   Wed, 13 Dec 2017 11:10:17 +0100
From:   Rafał Miłecki <zajec5@...il.com>
To:     Miklos Szeredi <miklos@...redi.hu>, linux-unionfs@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Using overlay on top of overlay

Hi,

For few kernel releases overlay supported using it on top of another
overlay.

FWIW there was a regression related to this "feature" in 4.2:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4bacc9c9234c7c8eec44f5ed4e960d9f96fa0f01
but it was fixed:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1c8a47df36d72ace8cf78eb6c228aa0f8027d3c2


Starting with kernel 4.4 this "feature" seems to be disabled explicitly:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76bc8e2843b66f8205026365966b49ec6da39ae7

Disabling commit says that it "does not make sense" but actually there
seem to be few projects that are looking for such a solution, see:
1) https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629509
2) https://bugs.centos.org/view.php?id=12986
3) https://github.com/rkt/rkt/issues/1537

I can't really elaborate on above cases but I have a similar need for
my OpenWrt system running LXC (Linux Containers).

First of all OpenWrt uses overlay to "merge" squashfs and some writable
filesystem partition. It needs squashfs due to dealing with devices with
really small flashes (down to 4 - 8 MiB). Then it stores all its LXC
containers in the /srv/lxc/.

Secondly LXC itself uses overlay feature in few places, e.g.
1) lxc.rootfs with the overlayfs:lower:upper syntax
2) lxc.mount.entry with the fstab syntax

As you can guess LXC simply assumes overlay can be used and doesn't
check if the host system uses it for directory holding container data.
This breaks LXC because kernel refuses mounting dir with some message
like:
overlayfs: filesystem on '/foo' not supported as upperdir


I managed to find a workaround for this. As OpenWrt uses:
overlayfs:/overlay on / type overlay (rw,noatime,lowerdir=/,upperdir=/overlay/upper,workdir=/overlay/work)
I can simply replace
upperdir=/srv/lxc/foo/upper
with
upperdir=/overlay/upper/srv/lxc/foo/upper
(same for workdir) but this isn't really a user friendly solution.


I would like to ask if use cases I described above make any sense to
you?
Is there any chance someone could work on a proper support for overlay
on top of overlay and enabling it again?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ