Using overlayfs in (unprivileged) namespace

Philipp Wendler ml at philippwendler.de
Mon Feb 15 18:47:49 UTC 2016


Hello Serge,

Am 15.02.2016 um 19:18 schrieb Serge Hallyn:
> Quoting Philipp Wendler (ml at philippwendler.de):
>> I would like to mount an overlayfs inside unprivileged user and mount
>> namespaces (i.e., the user creating the namespaces is a regular user
>> with no special privileges).
>> This works mostly fine, but it fails as soon as I try to delete a file
>> which exists in the "lower" directory of the overlay,
>> because overlayfs then needs to create a "whiteout" file,
>> for which it uses a device node with 0/0 device number
>> (https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt),
>> but I do not have the permission to create device nodes.
>>
>> Is there any way to make overlayfs work fully in my situation,
>> without requiring additional privileges?
>> If not, is this something that could be made work in the future?
>> Of course, creating arbitrary devices nodes is something that cannot be
>> granted to an unprivileged user, but in this case it is only a specific
>> device node with device numbers 0/0, and it is a kernel module creating
>> the device node on behalf of me.
>>
>> I am currently using Linux 4.2. To reproduce the problem,
> 
> Exactly what version from where?
> 
> It sounds to me like you're hitting
> 
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1531747

Thank you for pointing this out!
This bug is different from my original problem, but now that that one is
solved I tried to reproduce this Ubuntu bug, and indeed I am hitting it,
too.

Greetings, Philipp


More information about the Containers mailing list