On Thu, May 18, 2017, at 06:08 AM, Anand Jain wrote: > By looking at the logs we should be able to know when was the FS > mounted and unmounted and the options used, so to help forensic > investigations. Worth noting here that systemd already tracks mounts (via monitoring /proc/self/mountinfo) and logs them to the journal, and for mounts it initiates, logs both start and completion. It doesn't log the options right now, but that wouldn't be hard to add (particularly since systemd has structured logging). On the flip side of course that's only for mount namespaces where systemd is used, and given user namespaces, a lot of use cases don't involve a systemd-per-container. But that said, I find the log spam today from e.g. docker + devicemapper + xfs annoying, and switching to overlay2 fixed that as a side effect which is nice. Having overlay2 log would reintroduce that problem.
