summaryrefslogtreecommitdiffstats
path: root/Documentation/filesystems/overlayfs.txt (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ovl: fix regression caused by overlapping layers detectionAmir Goldstein2019-07-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Once upon a time, commit 2cac0c00a6cd ("ovl: get exclusive ownership on upper/work dirs") in v4.13 added some sanity checks on overlayfs layers. This change caused a docker regression. The root cause was mount leaks by docker, which as far as I know, still exist. To mitigate the regression, commit 85fdee1eef1a ("ovl: fix regression caused by exclusive upper/work dir protection") in v4.14 turned the mount errors into warnings for the default index=off configuration. Recently, commit 146d62e5a586 ("ovl: detect overlapping layers") in v5.2, re-introduced exclusive upper/work dir checks regardless of index=off configuration. This changes the status quo and mount leak related bug reports have started to re-surface. Restore the status quo to fix the regressions. To clarify, index=off does NOT relax overlapping layers check for this ovelayfs mount. index=off only relaxes exclusive upper/work dir checks with another overlayfs mount. To cover the part of overlapping layers detection that used the exclusive upper/work dir checks to detect overlap with self upper/work dir, add a trap also on the work base dir. Link: https://github.com/moby/moby/issues/34672 Link: https://lore.kernel.org/linux-fsdevel/20171006121405.GA32700@veci.piliscsaba.szeredi.hu/ Link: https://github.com/containers/libpod/issues/3540 Fixes: 146d62e5a586 ("ovl: detect overlapping layers") Cc: <stable@vger.kernel.org> # v4.19+ Signed-off-by: Amir Goldstein <amir73il@gmail.com> Tested-by: Colin Walters <walters@verbum.org> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: doc: add non-standard corner casesMiklos Szeredi2019-05-311-2/+14
| | | | | | | While most corner cases have already been dealt with, some remain and should be documented. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: automatically enable redirect_dir on metacopy=onMiklos Szeredi2018-11-011-0/+6
| | | | | | | | | | | | | | | | | | | | | | Current behavior is to automatically disable metacopy if redirect_dir is not enabled and proceed with the mount. If "metacopy=on" mount option was given, then this behavior can confuse the user: no mount failure, yet metacopy is disabled. This patch makes metacopy=on imply redirect_dir=on. The converse is also true: turning off full redirect with redirect_dir= {off|follow|nofollow} will disable metacopy. If both metacopy=on and redirect_dir={off|follow|nofollow} is specified, then mount will fail, since there's no way to correctly resolve the conflict. Reported-by: Daniel Walsh <dwalsh@redhat.com> Fixes: d5791044d2e5 ("ovl: Provide a mount option metacopy=on/off...") Cc: <stable@vger.kernel.org> # v4.19 Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: Provide a mount option metacopy=on/off for metadata copyupVivek Goyal2018-07-201-1/+29
| | | | | | | | | | | | | | | | | | By default metadata only copy up is disabled. Provide a mount option so that users can choose one way or other. Also provide a kernel config and module option to enable/disable metacopy feature. metacopy feature requires redirect_dir=on when upper is present. Otherwise, it requires redirect_dir=follow atleast. As of now, metacopy does not work with nfs_export=on. So if both metacopy=on and nfs_export=on then nfs_export is disabled. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: fix documentation of non-standard behaviorMiklos Szeredi2018-07-201-21/+30
| | | | | | | | | | We can now drop description of the ro/rw inconsistency from the documentation. Also clarify, that now fully standard compliant behavior can be enabled with kernel/module/mount options. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: update documentation for unionmount-testsuiteAmir Goldstein2018-05-311-3/+4
| | | | | | | | | | | David's tree is no longer maintained, so point to my maintained fork. Add --verify flag to the run example, which enables all latest features and provides test coverage for constant st_ino/st_dev. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: update documentation w.r.t "xino" featureAmir Goldstein2018-04-121-6/+33
| | | | | Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: document NFS exportAmir Goldstein2018-01-241-4/+69
| | | | | | | | Document NFS export design. Followup patches will implement this design. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: add support for "nfs_export" configurationAmir Goldstein2018-01-241-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | | Introduce the "nfs_export" config, module and mount options. The NFS export feature depends on the "index" feature and enables two implicit overlayfs features: "index_all" and "verify_lower". The "index_all" feature creates an index on copy up of every file and directory. The "verify_lower" feature uses the full index to detect overlay filesystems inconsistencies on lookup, like redirect from multiple upper dirs to the same lower dir. NFS export can be enabled for non-upper mount with no index. However, because lower layer redirects cannot be verified with the index, enabling NFS export support on an overlay with no upper layer requires turning off redirect follow (e.g. "redirect_dir=nofollow"). The full index may incur some overhead on mount time, especially when verifying that lower directory file handles are not stale. NFS export support, full index and consistency verification will be implemented by following patches. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: update documentation of inodes index featureAmir Goldstein2018-01-241-3/+3
| | | | | | | | | | Document that inode index feature solves breaking hard links on copy up. Simplify Kconfig backward compatibility disclaimer. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: don't follow redirects if redirect_dir=offMiklos Szeredi2017-12-111-0/+34
| | | | | | | | | | | | | | | | | | Overlayfs is following redirects even when redirects are disabled. If this is unintentional (probably the majority of cases) then this can be a problem. E.g. upper layer comes from untrusted USB drive, and attacker crafts a redirect to enable read access to otherwise unreadable directories. If "redirect_dir=off", then turn off following as well as creation of redirects. If "redirect_dir=follow", then turn on following, but turn off creation of redirects (which is what "redirect_dir=off" does now). This is a backward incompatible change, so make it dependent on a config option. Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: fix regression caused by exclusive upper/work dir protectionAmir Goldstein2017-10-051-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enforcing exclusive ownership on upper/work dirs caused a docker regression: https://github.com/moby/moby/issues/34672. Euan spotted the regression and pointed to the offending commit. Vivek has brought the regression to my attention and provided this reproducer: Terminal 1: mount -t overlay -o workdir=work,lowerdir=lower,upperdir=upper none merged/ Terminal 2: unshare -m Terminal 1: umount merged mount -t overlay -o workdir=work,lowerdir=lower,upperdir=upper none merged/ mount: /root/overlay-testing/merged: none already mounted or mount point busy To fix the regression, I replaced the error with an alarming warning. With index feature enabled, mount does fail, but logs a suggestion to override exclusive dir protection by disabling index. Note that index=off mount does take the inuse locks, so a concurrent index=off will issue the warning and a concurrent index=on mount will fail. Documentation was updated to reflect this change. Fixes: 2cac0c00a6cd ("ovl: get exclusive ownership on upper/work dirs") Cc: <stable@vger.kernel.org> # v4.13 Reported-by: Euan Kemp <euank@euank.com> Reported-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: document copying layers restrictions with inodes indexAmir Goldstein2017-07-041-0/+34
| | | | | | | | | | | | | | | | The inodes index feature introduces a behavior change - on mount, upper root origin file handle is verified to match the lower root dir. This implies that copied layers cannot be mounted with the inodes index feature enabled, without explicitly removing the upper dir origin xattr and the index dir. The inodes index feature is required to support: - Prevent breaking hardlinks on copy up - NFS export support (upcoming) - Overlayfs snapshots (POC) Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: update documentation w.r.t. constant inode numbersAmir Goldstein2017-05-051-1/+8
| | | | | Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: fix reStructuredText syntax errors in documentationAmir Goldstein2016-12-161-3/+4
| | | | | | | | | - Fix broken long line block quote - Fix missing newline before bullets list - Use correct numbered list syntax Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: redirect on rename-dirMiklos Szeredi2016-12-161-2/+19
| | | | | | | | | | | | | | | | Current code returns EXDEV when a directory would need to be copied up to move. We could copy up the directory tree in this case, but there's another, simpler solution: point to old lower directory from moved upper directory. This is achieved with a "trusted.overlay.redirect" xattr storing the path relative to the root of the overlay. After such attribute has been set, the directory can be moved without further actions required. This is a backward incompatible feature, old kernels won't be able to correctly mount an overlay containing redirected directories. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: update docMiklos Szeredi2016-12-161-3/+3
| | | | | | | | The quirk for file locks and leases no longer applies. Add missing info about renaming directory residing on lower layer. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: update docMiklos Szeredi2016-09-011-5/+3
| | | | | | Some of the documented quirks no longer apply. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* ovl: update documentationMiklos Szeredi2016-05-271-9/+0
| | | | | | Two "fixme" items are actually fixed now. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
* Remove email address from Documentation/filesystems/overlayfs.txtNeilBrown2015-11-111-1/+2
| | | | | | | | | | | I'm getting a surprising large number of questions about overlayfs sent to me personally, rather than to a relevant mailing list. So remove my email address from the documentation, and add a note about looking in the MAINTAINERS file. Signed-off-by: NeilBrown <neilb@suse.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* ovl: document lower layer orderingMiklos Szeredi2015-01-081-2/+6
| | | | | Reported-by: Fabian Sturm <fabian.sturm@aduu.de> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
* ovl: add testsuite to docsMiklos Szeredi2014-12-131-0/+12
| | | | | Reported-by: Sedat Dilek <sedat.dilek@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
* ovl: support multiple lower layersMiklos Szeredi2014-12-131-0/+12
| | | | | | | | Allow "lowerdir=" option to contain multiple lower directories separated by a colon (e.g. "lowerdir=/bin:/usr/bin"). Colon characters in filenames can be escaped with a backslash. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
* ovl: rename filesystem type to "overlay"Miklos Szeredi2014-11-201-1/+1
| | | | | | | | | | | | | | | Some distributions carry an "old" format of overlayfs while mainline has a "new" format. The distros will possibly want to keep the old overlayfs alongside the new for compatibility reasons. To make it possible to differentiate the two versions change the name of the new one from "overlayfs" to "overlay". Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com> Cc: Andy Whitcroft <apw@canonical.com>
* overlay: overlay filesystem documentationNeil Brown2014-10-241-0/+198
Document the overlay filesystem. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>