Using overlayfs in (unprivileged) namespace
ml at philippwendler.de
Mon Feb 15 18:47:49 UTC 2016
Am 15.02.2016 um 19:18 schrieb Serge Hallyn:
> Quoting Philipp Wendler (ml at philippwendler.de):
>> I would like to mount an overlayfs inside unprivileged user and mount
>> namespaces (i.e., the user creating the namespaces is a regular user
>> with no special privileges).
>> This works mostly fine, but it fails as soon as I try to delete a file
>> which exists in the "lower" directory of the overlay,
>> because overlayfs then needs to create a "whiteout" file,
>> for which it uses a device node with 0/0 device number
>> but I do not have the permission to create device nodes.
>> Is there any way to make overlayfs work fully in my situation,
>> without requiring additional privileges?
>> If not, is this something that could be made work in the future?
>> Of course, creating arbitrary devices nodes is something that cannot be
>> granted to an unprivileged user, but in this case it is only a specific
>> device node with device numbers 0/0, and it is a kernel module creating
>> the device node on behalf of me.
>> I am currently using Linux 4.2. To reproduce the problem,
> Exactly what version from where?
> It sounds to me like you're hitting
Thank you for pointing this out!
This bug is different from my original problem, but now that that one is
solved I tried to reproduce this Ubuntu bug, and indeed I am hitting it,
More information about the Containers