Re: [yocto] overlayfs-etc on top of dm-verity?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Francesco Valla <francesco@valla.it>
To: michael.opdenacker@rootcommit.com
Cc: yocto@lists.yoctoproject.org, Vyacheslav Yurkov <uvv.mail@gmail.com>
Subject: Re: [yocto] overlayfs-etc on top of dm-verity?
Date: Thu, 26 Mar 2026 23:19:38 +0100	[thread overview]
Message-ID: <acWttty52EgZmIn5@bywater> (raw)
In-Reply-To: <aab17025-f0f2-4c04-b370-8789624eb571@rootcommit.com>

Hi Michael,

On Thu, Mar 26, 2026 at 09:56:21AM +0000, Michael Opdenacker via lists.yoctoproject.org wrote:
> Greetings,
> 
> On 3/25/26 10:20 PM, Michael Opdenacker wrote:
> > Hi Slava and community,
> > 
> > Do you know if overlayfs and in particular our overlayfs-etc class works
> > when /etc is on a dm-verity root filesystem?
> > 
> > Without dm-verity (regular ext4 or erofs root filesystem), everything
> > looks all right:
> > # mount | grep overlay
> > /data/overlay-etc/upper on /etc type overlay (rw,relatime,lowerdir=/etc,upperdir=/data/overlay-etc/upper,workdir=/data/overlay-etc/work,uuid=on)
> > 
> > When /etc is on /dev/mapper/rootfs (dm-verity), everything seems messed
> > up:
> > # mount | grep overlay
> > overlay on /var/cache type overlay (rw,relatime,lowerdir=/var/cache,upperdir=/var/volatile/cache,workdir=/var/volatile/.cache-work,uuid=on)
> > overlay on /var/lib type overlay (rw,relatime,lowerdir=/var/lib,upperdir=/var/volatile/lib,workdir=/var/volatile/.lib-work,uuid=on)
> > overlay on /var/spool type overlay (rw,relatime,lowerdir=/var/spool,upperdir=/var/volatile/spool,workdir=/var/volatile/.spool-work,uuid=on)
> > overlay on /srv type overlay (rw,relatime,lowerdir=/srv,upperdir=/var/volatile/srv,workdir=/var/volatile/.srv-work,uuid=on)
> > 
> > Systemd may be messing up, as only in this case, it does:
> > ï¿½ ï¿½ ï¿½ ï¿½ ï¿½Starting Bind mount volatile /var/cache...
> > ï¿½ ï¿½ ï¿½ ï¿½ ï¿½Starting Bind mount volatile /var/lib...
> > ï¿½ ï¿½ ï¿½ ï¿½ ï¿½Starting Bind mount volatile /var/spool...
> > ï¿½ ï¿½ ï¿½ ï¿½ ï¿½Starting Bind mount volatile /srv...
> > 
> > But these bind mounts show up as overlay mounts!
> > 
> > Has anyone already encountered such an issue?
> 
> I eventually managed to get /etc mounted as an overlay. It seems that
> /sbin/init was started instead of /sbin/preinit as specified in the kernel
> command line.
> I hardcoded the call to /sbin/preinit by customizing
> openembedded-core/meta/recipes-core/initrdscripts/initramfs-framework/finish
> (in a bbappend file, of course).
> 
> The code looks right though, I need to understand why this happens.
> 
> Another weirdness that remains is these volatile mounts for /var/cache/,
> /var/lib, /var/spool and /srv, which I didn't have with a regular read-only
> root filesystem.

AFAIK, this should be the regular behavior on a read-only root
filesystem. The overlayfs mounts are created by services generated by:

  meta/recipes-core/volatile-binds/volatile-binds.bb

depending on the content of the VOLATILE_BINDS variable. For each couple
of upperdir-lowerdir specified there, a service is generated that
starts only if upperdir's parent is writable and lowerdir is not.

E.g.:
  lowerdir=/srv
  upperdir=/var/volatile/srv

In a vanilla openembedded-core system, a tmpfs is mounted on /var/volatile
by the fstab (that is, by the fstab systemd generator), so the
upperdir's parent directory (which is the same /var/volatile) is writable.

You can force a copy+bind behavior setting AVOID_OVERLAYFS=1.

> I'll keep you posted.
> Cheers
> Michael.
> 
> -- 
> Root Commit
> Embedded Linux Training and Consulting
> https://rootcommit.com
> 

Best regards,
Francesco

next prev parent reply	other threads:[~2026-03-26 22:19 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-25 21:20 overlayfs-etc on top of dm-verity? Michael Opdenacker
2026-03-26  9:56 ` Michael Opdenacker
2026-03-26 17:41   ` Michael Opdenacker
2026-03-26 22:19   ` Francesco Valla [this message]
2026-04-09 19:18     ` [yocto] " Michael Opdenacker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=acWttty52EgZmIn5@bywater \
    --to=francesco@valla.it \
    --cc=michael.opdenacker@rootcommit.com \
    --cc=uvv.mail@gmail.com \
    --cc=yocto@lists.yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.