On Thu, Sep 24, 2015 at 01:43:23PM +0300, Alexey Naidyonov wrote: > Hello; > > I found that writing to overlayfs mount may be denied to a process > with own user namespace and uid=0 inside that namespace, unless I > explicitly chown lower-work/work directory to a parent namespace uid > corresponding to that user namespace uid 0. > > The test case might be found at > https://unix.stackexchange.com/questions/229782/overlayfs-doesnt-work-with-unprivileged-user-namespace > > Tried with debian's 4.1.6 and 4.2-trunk. > > Could someone please clarify if this is a bug or a feature, and if > this might be changed in future? Which directory are you saying must belong to namespace root here? You should not be able to read things in the underlay that the namespace root could not read, and not write to overlay directories that your namepsace root cannot write. If you could you could copy up protected files into an overlay by specifying a protected underlay (think ~/over overlaying on /etc) or overwrite profiled files by specifying a protected overlay (think ~/under overlayed by /etc). -apw -- To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
