← Back to team overview

kernel-packages team mailing list archive

Re: [Bug 1531747] Re: overlay: mkdir fails if directory exists in lowerdir in a user namespace


> Something I'm still not sure about is what would happen if you made a
> symlink, bind mount, etc. in upperdir with the same name as an unrelated
> file in lowerdir. This is worth checking out.

just tried a symlink and it didn't seem to affect the host directory
(/opt/cisco) which was symlinked to /tmp/upper/cisco in the container to
begin with.

> > It looks like no, since
> > 
> > root@w1:/tmp# mount -t overlay -o lowerdir=lower,upperdir=upper,workdir=workdir overlay /mnt
> > root@w1:/tmp# ls /mnt
> > cisco
> > root@w1:/tmp# rmdir /mnt/cisco
> > rmdir: failed to remove ‘/mnt/cisco’: Read-only file system
> > root@w1:/tmp# mv /mnt/cisco /mnt/c2
> > mv: cannot move ‘/mnt/cisco’ to ‘/mnt/c2’: Read-only file system
> > 
> > (here w1 is a unpriv container with /hostopt a bind mount of /opt on the
> > host;  cisco a directory both in host's /opt and in /tmp/lowerdir)
> I think I'm missing something here. I don't know why your mount is
> read-only.

Because a directory in workdir is owned by uid -1 (root on the host).

> But even if it wasn't, cisco is in lowerdir and thus should
> never be modified or removed in any case. Removing it in /mnt should (I

Right, but I was trying to use workdir as a vector to make changes to
something in the host's opt.  Not lowerdir.

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  overlay: mkdir fails if directory exists in lowerdir in a user

Status in linux package in Ubuntu:
Status in linux source package in Wily:
Status in linux source package in Xenial:

Bug description:
  If a directory exists in the lowerdir but not in the mounted
  overlay, then mkdir of the directory in the target dir results
  in a mysterious -EPERM.  I've seen this both in wily kernel
  (4.2.0-22-generic #27-Ubuntu) and in a hand-built xenial
  master-next (with unrelated patches added).

  #!/bin/sh -ex
  dir=`mktemp -d`
  cleanup() {
   umount -l $dir/t
   rm -rf $dir

  trap cleanup EXIT

  echo "dir is $dir"
  mkdir -p $dir/l $dir/u $dir/w $dir/t
  mkdir $dir/l/dev
  mount -t overlay -o lowerdir=$dir/l,upperdir=$dir/u,workdir=$dir/w o $dir/t
  stat $dir/t/dev
  rmdir $dir/t/dev
  mkdir $dir/t/dev
  echo $?
  echo "mkdir should have succeeded"

  The above will work on the host, but fail in a user namespace, i.e
  in a regular lxd container.

To manage notifications about this bug go to: