16 Jul, 2019
1 commit
-
Once upon a time, commit 2cac0c00a6cd ("ovl: get exclusive ownership on
upper/work dirs") in v4.13 added some sanity checks on overlayfs layers.
This change caused a docker regression. The root cause was mount leaks
by docker, which as far as I know, still exist.To mitigate the regression, commit 85fdee1eef1a ("ovl: fix regression
caused by exclusive upper/work dir protection") in v4.14 turned the
mount errors into warnings for the default index=off configuration.Recently, commit 146d62e5a586 ("ovl: detect overlapping layers") in
v5.2, re-introduced exclusive upper/work dir checks regardless of
index=off configuration.This changes the status quo and mount leak related bug reports have
started to re-surface. Restore the status quo to fix the regressions.
To clarify, index=off does NOT relax overlapping layers check for this
ovelayfs mount. index=off only relaxes exclusive upper/work dir checks
with another overlayfs mount.To cover the part of overlapping layers detection that used the
exclusive upper/work dir checks to detect overlap with self upper/work
dir, add a trap also on the work base dir.Link: https://github.com/moby/moby/issues/34672
Link: https://lore.kernel.org/linux-fsdevel/20171006121405.GA32700@veci.piliscsaba.szeredi.hu/
Link: https://github.com/containers/libpod/issues/3540
Fixes: 146d62e5a586 ("ovl: detect overlapping layers")
Cc: # v4.19+
Signed-off-by: Amir Goldstein
Tested-by: Colin Walters
Signed-off-by: Miklos Szeredi
31 May, 2019
1 commit
-
While most corner cases have already been dealt with, some remain and
should be documented.Signed-off-by: Miklos Szeredi
02 Nov, 2018
1 commit
-
Current behavior is to automatically disable metacopy if redirect_dir is
not enabled and proceed with the mount.If "metacopy=on" mount option was given, then this behavior can confuse the
user: no mount failure, yet metacopy is disabled.This patch makes metacopy=on imply redirect_dir=on.
The converse is also true: turning off full redirect with redirect_dir=
{off|follow|nofollow} will disable metacopy.If both metacopy=on and redirect_dir={off|follow|nofollow} is specified,
then mount will fail, since there's no way to correctly resolve the
conflict.Reported-by: Daniel Walsh
Fixes: d5791044d2e5 ("ovl: Provide a mount option metacopy=on/off...")
Cc: # v4.19
Signed-off-by: Miklos Szeredi
20 Jul, 2018
2 commits
-
By default metadata only copy up is disabled. Provide a mount option so
that users can choose one way or other.Also provide a kernel config and module option to enable/disable metacopy
feature.metacopy feature requires redirect_dir=on when upper is present.
Otherwise, it requires redirect_dir=follow atleast.As of now, metacopy does not work with nfs_export=on. So if both
metacopy=on and nfs_export=on then nfs_export is disabled.Signed-off-by: Vivek Goyal
Reviewed-by: Amir Goldstein
Signed-off-by: Miklos Szeredi -
We can now drop description of the ro/rw inconsistency from the
documentation.Also clarify, that now fully standard compliant behavior can be enabled
with kernel/module/mount options.Signed-off-by: Miklos Szeredi
31 May, 2018
1 commit
-
David's tree is no longer maintained, so point to my maintained fork.
Add --verify flag to the run example, which enables all latest features
and provides test coverage for constant st_ino/st_dev.Signed-off-by: Amir Goldstein
Acked-by: David Howells
Signed-off-by: Miklos Szeredi
12 Apr, 2018
1 commit
-
Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi
24 Jan, 2018
3 commits
-
Document NFS export design.
Followup patches will implement this design.Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi -
Introduce the "nfs_export" config, module and mount options.
The NFS export feature depends on the "index" feature and enables two
implicit overlayfs features: "index_all" and "verify_lower".
The "index_all" feature creates an index on copy up of every file and
directory. The "verify_lower" feature uses the full index to detect
overlay filesystems inconsistencies on lookup, like redirect from
multiple upper dirs to the same lower dir.NFS export can be enabled for non-upper mount with no index. However,
because lower layer redirects cannot be verified with the index, enabling
NFS export support on an overlay with no upper layer requires turning off
redirect follow (e.g. "redirect_dir=nofollow").The full index may incur some overhead on mount time, especially when
verifying that lower directory file handles are not stale.NFS export support, full index and consistency verification will be
implemented by following patches.Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi -
Document that inode index feature solves breaking hard links on
copy up.Simplify Kconfig backward compatibility disclaimer.
Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi
11 Dec, 2017
1 commit
-
Overlayfs is following redirects even when redirects are disabled. If this
is unintentional (probably the majority of cases) then this can be a
problem. E.g. upper layer comes from untrusted USB drive, and attacker
crafts a redirect to enable read access to otherwise unreadable
directories.If "redirect_dir=off", then turn off following as well as creation of
redirects. If "redirect_dir=follow", then turn on following, but turn off
creation of redirects (which is what "redirect_dir=off" does now).This is a backward incompatible change, so make it dependent on a config
option.Reported-by: David Howells
Signed-off-by: Miklos Szeredi
05 Oct, 2017
1 commit
-
Enforcing exclusive ownership on upper/work dirs caused a docker
regression: https://github.com/moby/moby/issues/34672.Euan spotted the regression and pointed to the offending commit.
Vivek has brought the regression to my attention and provided this
reproducer:Terminal 1:
mount -t overlay -o workdir=work,lowerdir=lower,upperdir=upper none
merged/Terminal 2:
unshare -m
Terminal 1:
umount merged
mount -t overlay -o workdir=work,lowerdir=lower,upperdir=upper none
merged/
mount: /root/overlay-testing/merged: none already mounted or mount point
busyTo fix the regression, I replaced the error with an alarming warning.
With index feature enabled, mount does fail, but logs a suggestion to
override exclusive dir protection by disabling index.
Note that index=off mount does take the inuse locks, so a concurrent
index=off will issue the warning and a concurrent index=on mount will fail.Documentation was updated to reflect this change.
Fixes: 2cac0c00a6cd ("ovl: get exclusive ownership on upper/work dirs")
Cc: # v4.13
Reported-by: Euan Kemp
Reported-by: Vivek Goyal
Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi
05 Jul, 2017
1 commit
-
The inodes index feature introduces a behavior change - on mount,
upper root origin file handle is verified to match the lower root dir.
This implies that copied layers cannot be mounted with the inodes index
feature enabled, without explicitly removing the upper dir origin xattr
and the index dir.The inodes index feature is required to support:
- Prevent breaking hardlinks on copy up
- NFS export support (upcoming)
- Overlayfs snapshots (POC)Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi
05 May, 2017
1 commit
-
Signed-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi
16 Dec, 2016
3 commits
-
- Fix broken long line block quote
- Fix missing newline before bullets list
- Use correct numbered list syntaxSigned-off-by: Amir Goldstein
Signed-off-by: Miklos Szeredi -
Current code returns EXDEV when a directory would need to be copied up to
move. We could copy up the directory tree in this case, but there's
another, simpler solution: point to old lower directory from moved upper
directory.This is achieved with a "trusted.overlay.redirect" xattr storing the path
relative to the root of the overlay. After such attribute has been set,
the directory can be moved without further actions required.This is a backward incompatible feature, old kernels won't be able to
correctly mount an overlay containing redirected directories.Signed-off-by: Miklos Szeredi
-
The quirk for file locks and leases no longer applies.
Add missing info about renaming directory residing on lower layer.
Signed-off-by: Miklos Szeredi
01 Sep, 2016
1 commit
-
Some of the documented quirks no longer apply.
Signed-off-by: Miklos Szeredi
27 May, 2016
1 commit
-
Two "fixme" items are actually fixed now.
Signed-off-by: Miklos Szeredi
12 Nov, 2015
1 commit
-
I'm getting a surprising large number of questions about overlayfs sent
to me personally, rather than to a relevant mailing list.So remove my email address from the documentation, and add a note
about looking in the MAINTAINERS file.Signed-off-by: NeilBrown
Signed-off-by: Jonathan Corbet
08 Jan, 2015
1 commit
-
Reported-by: Fabian Sturm
Signed-off-by: Miklos Szeredi
13 Dec, 2014
2 commits
-
Reported-by: Sedat Dilek
Signed-off-by: Miklos Szeredi -
Allow "lowerdir=" option to contain multiple lower directories separated by
a colon (e.g. "lowerdir=/bin:/usr/bin"). Colon characters in filenames can
be escaped with a backslash.Signed-off-by: Miklos Szeredi
20 Nov, 2014
1 commit
-
Some distributions carry an "old" format of overlayfs while mainline has a
"new" format.The distros will possibly want to keep the old overlayfs alongside the new
for compatibility reasons.To make it possible to differentiate the two versions change the name of
the new one from "overlayfs" to "overlay".Signed-off-by: Miklos Szeredi
Reported-by: Serge Hallyn
Cc: Andy Whitcroft
24 Oct, 2014
1 commit
-
Document the overlay filesystem.
Signed-off-by: Miklos Szeredi
