12 Apr, 2018
1 commit
-
Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi
24 Jan, 2018
3 commits
-
Document NFS export design.
Followup patches will implement this design.Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi -
Introduce the "nfs_export" config, module and mount options.
The NFS export feature depends on the "index" feature and enables two
implicit overlayfs features: "index_all" and "verify_lower".
The "index_all" feature creates an index on copy up of every file and
directory. The "verify_lower" feature uses the full index to detect
overlay filesystems inconsistencies on lookup, like redirect from
multiple upper dirs to the same lower dir.NFS export can be enabled for non-upper mount with no index. However,
because lower layer redirects cannot be verified with the index, enabling
NFS export support on an overlay with no upper layer requires turning off
redirect follow (e.g. "redirect_dir=nofollow").The full index may incur some overhead on mount time, especially when
verifying that lower directory file handles are not stale.NFS export support, full index and consistency verification will be
implemented by following patches.Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi -
Document that inode index feature solves breaking hard links on
copy up.Simplify Kconfig backward compatibility disclaimer.
Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi
11 Dec, 2017
1 commit
-
Overlayfs is following redirects even when redirects are disabled. If this
is unintentional (probably the majority of cases) then this can be a
problem. E.g. upper layer comes from untrusted USB drive, and attacker
crafts a redirect to enable read access to otherwise unreadable
directories.If "redirect_dir=off", then turn off following as well as creation of
redirects. If "redirect_dir=follow", then turn on following, but turn off
creation of redirects (which is what "redirect_dir=off" does now).This is a backward incompatible change, so make it dependent on a config
option.Reported-by: David Howells
Signed-off-by: Miklos Szeredi
05 Oct, 2017
1 commit
-
Enforcing exclusive ownership on upper/work dirs caused a docker
regression: https://github.com/moby/moby/issues/34672.Euan spotted the regression and pointed to the offending commit.
Vivek has brought the regression to my attention and provided this
reproducer:Terminal 1:
mount -t overlay -o workdir=work,lowerdir=lower,upperdir=upper none
merged/Terminal 2:
unshare -m
Terminal 1:
umount merged
mount -t overlay -o workdir=work,lowerdir=lower,upperdir=upper none
merged/
mount: /root/overlay-testing/merged: none already mounted or mount point
busyTo fix the regression, I replaced the error with an alarming warning.
With index feature enabled, mount does fail, but logs a suggestion to
override exclusive dir protection by disabling index.
Note that index=off mount does take the inuse locks, so a concurrent
index=off will issue the warning and a concurrent index=on mount will fail.Documentation was updated to reflect this change.
Fixes: 2cac0c00a6cd ("ovl: get exclusive ownership on upper/work dirs")
Cc: # v4.13
Reported-by: Euan Kemp
Reported-by: Vivek Goyal
Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi
05 Jul, 2017
1 commit
-
The inodes index feature introduces a behavior change - on mount,
upper root origin file handle is verified to match the lower root dir.
This implies that copied layers cannot be mounted with the inodes index
feature enabled, without explicitly removing the upper dir origin xattr
and the index dir.The inodes index feature is required to support:
- Prevent breaking hardlinks on copy up
- NFS export support (upcoming)
- Overlayfs snapshots (POC)Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi
05 May, 2017
1 commit
-
Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi
16 Dec, 2016
3 commits
-
- Fix broken long line block quote
- Fix missing newline before bullets list
- Use correct numbered list syntaxSigned-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi -
Current code returns EXDEV when a directory would need to be copied up to
move. We could copy up the directory tree in this case, but there's
another, simpler solution: point to old lower directory from moved upper
directory.This is achieved with a "trusted.overlay.redirect" xattr storing the path
relative to the root of the overlay. After such attribute has been set,
the directory can be moved without further actions required.This is a backward incompatible feature, old kernels won't be able to
correctly mount an overlay containing redirected directories.Signed-off-by: Miklos Szeredi
-
The quirk for file locks and leases no longer applies.
Add missing info about renaming directory residing on lower layer.
Signed-off-by: Miklos Szeredi
01 Sep, 2016
1 commit
-
Some of the documented quirks no longer apply.
Signed-off-by: Miklos Szeredi
27 May, 2016
1 commit
-
Two "fixme" items are actually fixed now.
Signed-off-by: Miklos Szeredi
12 Nov, 2015
1 commit
-
I'm getting a surprising large number of questions about overlayfs sent
to me personally, rather than to a relevant mailing list.So remove my email address from the documentation, and add a note
about looking in the MAINTAINERS file.Signed-off-by: NeilBrown
Signed-off-by: Jonathan Corbet
08 Jan, 2015
1 commit
-
Reported-by: Fabian Sturm
Signed-off-by: Miklos Szeredi
13 Dec, 2014
2 commits
-
Reported-by: Sedat Dilek
Signed-off-by: Miklos Szeredi -
Allow "lowerdir=" option to contain multiple lower directories separated by
a colon (e.g. "lowerdir=/bin:/usr/bin"). Colon characters in filenames can
be escaped with a backslash.Signed-off-by: Miklos Szeredi
20 Nov, 2014
1 commit
-
Some distributions carry an "old" format of overlayfs while mainline has a
"new" format.The distros will possibly want to keep the old overlayfs alongside the new
for compatibility reasons.To make it possible to differentiate the two versions change the name of
the new one from "overlayfs" to "overlay".Signed-off-by: Miklos Szeredi
Reported-by: Serge Hallyn
Cc: Andy Whitcroft
24 Oct, 2014
1 commit
-
Document the overlay filesystem.
Signed-off-by: Miklos Szeredi
