From: Michael Opdenacker <michael.opdenacker@rootcommit.com>
To: Vyacheslav Yurkov <uvv.mail@gmail.com>
Cc: michael.opdenacker@rootcommit.com, yocto@lists.yoctoproject.org
Subject: Re: overlayfs-etc on top of dm-verity?
Date: Thu, 26 Mar 2026 09:56:21 +0000 (UTC) [thread overview]
Message-ID: <aab17025-f0f2-4c04-b370-8789624eb571@rootcommit.com> (raw)
In-Reply-To: <bfaae86a-5b66-4abf-95ef-0fd345ffcada@rootcommit.com>
Greetings,
On 3/25/26 10:20 PM, Michael Opdenacker wrote:
> Hi Slava and community,
>
> Do you know if overlayfs and in particular our overlayfs-etc class
> works when /etc is on a dm-verity root filesystem?
>
> Without dm-verity (regular ext4 or erofs root filesystem), everything
> looks all right:
> # mount | grep overlay
> /data/overlay-etc/upper on /etc type overlay
> (rw,relatime,lowerdir=/etc,upperdir=/data/overlay-etc/upper,workdir=/data/overlay-etc/work,uuid=on)
>
> When /etc is on /dev/mapper/rootfs (dm-verity), everything seems
> messed up:
> # mount | grep overlay
> overlay on /var/cache type overlay
> (rw,relatime,lowerdir=/var/cache,upperdir=/var/volatile/cache,workdir=/var/volatile/.cache-work,uuid=on)
> overlay on /var/lib type overlay
> (rw,relatime,lowerdir=/var/lib,upperdir=/var/volatile/lib,workdir=/var/volatile/.lib-work,uuid=on)
> overlay on /var/spool type overlay
> (rw,relatime,lowerdir=/var/spool,upperdir=/var/volatile/spool,workdir=/var/volatile/.spool-work,uuid=on)
> overlay on /srv type overlay
> (rw,relatime,lowerdir=/srv,upperdir=/var/volatile/srv,workdir=/var/volatile/.srv-work,uuid=on)
>
> Systemd may be messing up, as only in this case, it does:
> Starting Bind mount volatile /var/cache...
> Starting Bind mount volatile /var/lib...
> Starting Bind mount volatile /var/spool...
> Starting Bind mount volatile /srv...
>
> But these bind mounts show up as overlay mounts!
>
> Has anyone already encountered such an issue?
I eventually managed to get /etc mounted as an overlay. It seems that
/sbin/init was started instead of /sbin/preinit as specified in the
kernel command line.
I hardcoded the call to /sbin/preinit by customizing
openembedded-core/meta/recipes-core/initrdscripts/initramfs-framework/finish
(in a bbappend file, of course).
The code looks right though, I need to understand why this happens.
Another weirdness that remains is these volatile mounts for /var/cache/,
/var/lib, /var/spool and /srv, which I didn't have with a regular
read-only root filesystem.
I'll keep you posted.
Cheers
Michael.
--
Root Commit
Embedded Linux Training and Consulting
https://rootcommit.com
next prev parent reply other threads:[~2026-03-26 9:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-25 21:20 overlayfs-etc on top of dm-verity? Michael Opdenacker
2026-03-26 9:56 ` Michael Opdenacker [this message]
2026-03-26 17:41 ` Michael Opdenacker
2026-03-26 22:19 ` [yocto] " Francesco Valla
2026-04-09 19:18 ` Michael Opdenacker
-- strict thread matches above, loose matches on Subject: below --
2026-03-27 13:26 Ayoub Zaki
2026-03-30 16:51 ` Michael Opdenacker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aab17025-f0f2-4c04-b370-8789624eb571@rootcommit.com \
--to=michael.opdenacker@rootcommit.com \
--cc=uvv.mail@gmail.com \
--cc=yocto@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox