> -----Original Message----- > From: Amir Goldstein <amir73il@xxxxxxxxx> > Sent: Tuesday, September 20, 2022 11:50 PM > To: Keyon Jie <yang.jie@xxxxxxxxxxxxxxx> > Cc: Miklos Szeredi <miklos@xxxxxxxxxx>; overlayfs <linux- > unionfs@xxxxxxxxxxxxxxx>; Jie, Keyon <keyon.jie@xxxxxxxxx> > Subject: Re: Does overlay driver work if built in to the kernel? > > On Wed, Sep 21, 2022 at 3:32 AM Keyon Jie <yang.jie@xxxxxxxxxxxxxxx> > wrote: > > > > Hi all, > > > > I am new to the overlayfs, I am hitting issues to make kernel modules > > work in a container environment where the Kubernetes feature really > need > > the overlayfs support. > > > > I figured out to make overlay driver built-in to the VM kernel (and then > > shared to the container), but looks like the Kubernetes always fail when > > trying to create overlayfs mounts, with errors like 'permission denied'. > > > > Usually, you want to look at the kernel log to see the reason for failure. > That is likely because the container is "unprivileged" > meaning not using the same uid 0 as the host. > > Don't know which kernel you are running, but overlayfs can be mounted > inside unprivileged container since kernel v5.11: > > https://lore.kernel.org/linux- > fsdevel/20201217142025.GB1236412@xxxxxxxxxxxxxxxxxxxxxxxxx/ Thank you Amir. I am using v5.10 kernel, so looks I can try to backport some of the patches and try it again. I assume take the 10-commits series from Miklos should be enough? vfs: move cap_convert_nscap() call into vfs_setxattr() vfs: verify source area in vfs_dedupe_file_range_one() ovl: check privs before decoding file handle ovl: make ioctl() safe ovl: simplify file splice ovl: user xattr ovl: do not fail when setting origin xattr ovl: do not fail because of O_NOATIME ovl: do not get metacopy for userxattr ovl: unprivieged mounts https://lore.kernel.org/linux-fsdevel/1725e01a-4d4d-aecb-bad6-54aa220b4cd2@xxxxxxxxxxxxxxxxxxx/T/ Thanks, ~Keyon > > > > > I am seeing that overlay driver is released with modular > > (CONFIG_OVERLAY_FS=m) in most (not sure if it is all) Linux > > distributions, so I am wondering if the overlay driver work when built > > in to the kernel? > > > > It can be built in or module. > That seems unrelated to your problem. > > Thanks, > Amir.
