Lines Matching +full:lower +full:- +full:case
1 .. SPDX-License-Identifier: GPL-2.0
10 overlay-filesystem functionality in Linux (sometimes referred to as
11 union-filesystems). An overlay-filesystem tries to present a
17 ---------------
25 While directories will report an st_dev from the overlay-filesystem,
26 non-directory objects may report an st_dev from the lower filesystem or
29 over the lifetime of a non-directory object. Many applications and
32 In the special case of all overlay layers on the same underlying
44 underlying filesystems rarely use the high inode number bits. In case
48 The "xino" feature can be enabled with the "-o xino=on" overlay mount option.
51 the lifetime of the filesystem. The "-o xino=auto" overlay mount option
60 +--------------+------------+------------+-----------------+----------------+
65 +--------------+-----+------+-----+------+--------+--------+--------+-------+
68 +--------------+-----+------+-----+------+--------+--------+--------+-------+
72 +--------------+-----+------+-----+------+--------+--------+--------+-------+
74 +--------------+-----+------+-----+------+--------+--------+--------+-------+
77 +--------------+-----+------+-----+------+--------+--------+--------+-------+
83 Upper and Lower
84 ---------------
86 An overlay filesystem combines two filesystems - an 'upper' filesystem
87 and a 'lower' filesystem. When a name exists in both filesystems, the
89 'lower' filesystem is either hidden or, in the case of directories,
92 It would be more correct to refer to an upper and lower 'directory
96 lower.
98 A wide range of filesystems supported by Linux can be the lower filesystem,
100 needed for OverlayFS to work. The lower filesystem does not need to be
101 writable. The lower filesystem can even be another overlayfs. The upper
106 A read-only overlay of two read-only filesystems may use any
110 -----------
113 upper and lower filesystems and refers to a non-directory in either,
114 then the lower object is hidden - the name refers only to the upper
117 Where both upper and lower objects are directories, a merged directory
123 mount -t overlay overlay -olowerdir=/lower,upperdir=/upper,\
134 exists, else the lower.
138 directory only. These attributes of the lower directory are hidden.
141 --------------------------------
143 In order to support rm and rmdir without changing the lower
146 directories (non-directories are always opaque).
150 matching name in the lower level is ignored, and the whiteout itself
155 directory in the lower filesystem with the same name is ignored.
158 -------
161 lower directories are each read and the name lists merged in the
162 obvious way (upper is read first, then lower - entries that already
163 exist are not re-added). This merged name list is cached in the
177 - read part of a directory
178 - remember an offset, and close the directory
179 - re-open the directory some time later
180 - seek to the remembered offset
187 underlying directory (upper or lower).
190 --------------------
192 When renaming a directory that is on the lower layer or merged (i.e. the
211 - OVERLAY_FS_REDIRECT_DIR:
213 - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW:
221 - "redirect_dir=BOOL":
223 - "redirect_always_follow=BOOL":
225 - "redirect_max=NUM":
230 - "redirect_dir=on":
232 - "redirect_dir=follow":
234 - "redirect_dir=nofollow":
236 - "redirect_dir=off":
241 indexed by the file handle of the lower inode and a file handle of the
246 lower directory. In that case, lookup returns an error and warns about
249 Because lower layer redirects cannot be verified with the index, enabling
254 Non-directories
255 ---------------
257 Objects that are not directories (files, symlinks, device-special
258 files etc.) are presented either from the upper or lower filesystem as
259 appropriate. When a file in the lower filesystem is accessed in a way
260 the requires write-access, such as opening for write access, changing
261 some metadata etc., the file is first copied from the lower filesystem
262 to the upper filesystem (copy_up). Note that creating a hard-link
267 opened for read-write but the data is not modified.
270 exists in the upper filesystem - creating it and any parents as
272 mode, mtime, symlink-target etc.) and then if the object is a file, the
273 data is copied from the lower to the upper filesystem. Finally any
278 filesystem - future operations on the file are barely noticed by the
284 ----------------
292 3) non-mounting task MAY gain additional privileges through the overlay,
293 compared to direct access on underlying lower or upper filesystems
300 b) check if mounting task would be allowed real operation on lower or
316 mount -t overlay overlay -olowerdir=/lower,upperdir=/upper,... /merged
320 cp -a /lower /upper
321 mount --bind /upper /merged
324 the time of copy (on-demand vs. up-front).
327 Multiple lower layers
328 ---------------------
330 Multiple lower layers can now be given using the colon (":") as a
333 mount -t overlay overlay -olowerdir=/lower1:/lower2:/lower3 /merged
336 that case the overlay will be read-only.
338 The specified lower directories will be stacked beginning from the
342 Note: directory names containing colons can be provided as lower layer by
345 mount -t overlay overlay -olowerdir=/a\:lower\:\:dir /merged
348 be configured as lower layer using the "lowerdir+" mount options and the
351 fsconfig(fs_fd, FSCONFIG_SET_STRING, "lowerdir+", "/a:lower::dir", 0);
353 In the latter case, colons in lower layer directory names will be escaped
357 ---------------------
373 Do not use metacopy=on with untrusted upper/lower directories. Otherwise
375 appropriate REDIRECT and METACOPY xattrs, and gain access to file on lower
387 Data-only lower layers
388 ----------------------
395 2) st_ino and st_dev object identifier from a file in a lower layer
397 3) data from a file in another lower layer (further below)
399 The "lower data" file can be on any lower layer, except from the top most
400 lower layer.
402 Below the top most lower layer, any number of lower most layers may be defined
403 as "data-only" lower layers, using double colon ("::") separators.
404 A normal lower layer is not allowed to be below a data-only layer, so single
410 mount -t overlay overlay -olowerdir=/l1:/l2:/l3::/do1::/do2 /merged
412 The paths of files in the "data-only" lower layers are not visible in the
414 in the "data-only" lower layers are not visible in overlayfs inodes.
416 Only the data of the files in the "data-only" lower layers may be visible
417 when a "metacopy" file in one of the lower layers above it, has a "redirect"
418 to the absolute path of the "lower data" file in the "data-only" lower layer.
420 Since kernel version v6.8, "data-only" lower layers can also be added using
431 fs-verity support
432 ----------------------
434 During metadata copy up of a lower file, if the source file has
435 fs-verity enabled and overlay verity support is enabled, then the
436 digest of the lower file is added to the "trusted.overlay.metacopy"
437 xattr. This is then used to verify the content of the lower file
442 that was in the lower at the time of the copy-up. If at any time
443 (during a mount, after a remount, etc) such a file in the lower is
446 digest check, or from a later read due to fs-verity) and a detailed
447 error is printed to the kernel logs. For more details of how fs-verity
454 layer is fully trusted (by using dm-verity or something similar), then
455 an untrusted lower layer can be used to supply validated file content
456 for all metacopy files. If additionally the untrusted lower
457 directories are specified as "Data-only", then they can only supply
464 - "off":
467 - "on":
472 - "require":
475 will only be used if the data file has fs-verity enabled,
476 otherwise a full copy-up is used.
479 --------------------------
481 Lower layers may be shared among several overlay mounts and that is indeed
482 a very common practice. An overlay mount may use the same lower layer
483 path as another overlay mount and it may use a lower layer path that is
484 beneath or above the path of another overlay lower layer path.
495 different lower layer path, is allowed, unless the "inodes index" feature
499 handle of the lower layer root directory, along with the UUID of the lower
502 the lower root directory file handle and lower filesystem UUID are compared
504 lower root origin, mount will fail with ESTALE. An overlayfs mount with
505 "inodes index" enabled will fail with EOPNOTSUPP if the lower filesystem
506 does not support NFS export, lower filesystem does not have a valid UUID or
510 mount time. So if same upper is mounted with different set of lower, mount
516 the copied layers will fail the verification of the lower root file handle.
519 Non-standard behavior
520 ---------------------
528 done in the case when the file resides on a lower layer.
530 b) If a file residing on a lower layer is opened for read-only and then
534 c) If a file residing on a lower layer is being executed, then opening that
545 If this feature is disabled, then rename(2) on a lower or merged directory
546 will fail with EXDEV ("Invalid cross-device link").
575 ---------------------------------
583 upper tree. Offline changes to the lower tree are only allowed if the
585 have not been used. If the lower tree is modified and any of these
590 behavior on offline changes of the underlying lower layer is different
593 On every copy_up, an NFS file handle of the lower inode, along with the
594 UUID of the lower filesystem, are encoded and stored in an extended
598 that found a lower directory at the lookup path or at the path pointed
600 that the found lower directory file handle and lower filesystem UUID
602 found lower directory does not match the stored origin, that directory
608 ----------
613 With the "nfs_export" feature, on copy_up of any lower object, an index
616 non-directory object, the index entry is a hard link to the upper inode.
624 1. For a non-upper object, encode a lower file handle from lower inode
625 2. For an indexed object, encode a lower file handle from copy_up origin
626 3. For a pure-upper object and for an existing non-indexed upper object,
630 - Header including path type information (e.g. lower/upper)
631 - UUID of the underlying filesystem
632 - Underlying filesystem encoding of underlying inode
641 3. For a lower file handle, lookup the handle in index directory by name.
644 5. For a non-directory, instantiate a disconnected overlay dentry from the
649 Decoding a non-directory file handle may return a disconnected dentry.
653 When overlay filesystem has multiple lower layers, a middle layer
654 directory may have a "redirect" to lower directory. Because middle layer
655 "redirects" are not indexed, a lower file handle that was encoded from the
657 layer directory. Similarly, a lower file handle that was encoded from a
660 directories that cannot be decoded from a lower file handle, these
666 The overlay filesystem does not support non-directory connectable file
675 read-write mount and will result in an error.
679 can be useful in case the underlying disk is copied and the UUID of this copy
680 is changed. This is only applicable if all lower/upper/work directories are on
685 -------------
690 - "null":
692 - "off":
695 - "on":
700 - "auto": (default)
709 --------------
737 ----------
739 The "-o userxattr" mount option forces overlayfs to use the
745 ---------
750 https://github.com/amir73il/unionmount-testsuite.git
754 # cd unionmount-testsuite
755 # ./run --ov --verify