Re: [yocto] overlayfs-etc on top of dm-verity?

public inbox for yocto@lists.yoctoproject.org
 help / color / mirror / Atom feed

From: Francesco Valla <francesco@valla.it>
To: michael.opdenacker@rootcommit.com
Cc: yocto@lists.yoctoproject.org, Vyacheslav Yurkov <uvv.mail@gmail.com>
Subject: Re: [yocto] overlayfs-etc on top of dm-verity?
Date: Thu, 26 Mar 2026 23:19:38 +0100	[thread overview]
Message-ID: <acWttty52EgZmIn5@bywater> (raw)
In-Reply-To: <aab17025-f0f2-4c04-b370-8789624eb571@rootcommit.com>

Hi Michael,

On Thu, Mar 26, 2026 at 09:56:21AM +0000, Michael Opdenacker via lists.yoctoproject.org wrote:
> Greetings,
> 
> On 3/25/26 10:20 PM, Michael Opdenacker wrote:
> > Hi Slava and community,
> > 
> > Do you know if overlayfs and in particular our overlayfs-etc class works
> > when /etc is on a dm-verity root filesystem?
> > 
> > Without dm-verity (regular ext4 or erofs root filesystem), everything
> > looks all right:
> > # mount | grep overlay
> > /data/overlay-etc/upper on /etc type overlay (rw,relatime,lowerdir=/etc,upperdir=/data/overlay-etc/upper,workdir=/data/overlay-etc/work,uuid=on)
> > 
> > When /etc is on /dev/mapper/rootfs (dm-verity), everything seems messed
> > up:
> > # mount | grep overlay
> > overlay on /var/cache type overlay (rw,relatime,lowerdir=/var/cache,upperdir=/var/volatile/cache,workdir=/var/volatile/.cache-work,uuid=on)
> > overlay on /var/lib type overlay (rw,relatime,lowerdir=/var/lib,upperdir=/var/volatile/lib,workdir=/var/volatile/.lib-work,uuid=on)
> > overlay on /var/spool type overlay (rw,relatime,lowerdir=/var/spool,upperdir=/var/volatile/spool,workdir=/var/volatile/.spool-work,uuid=on)
> > overlay on /srv type overlay (rw,relatime,lowerdir=/srv,upperdir=/var/volatile/srv,workdir=/var/volatile/.srv-work,uuid=on)
> > 
> > Systemd may be messing up, as only in this case, it does:
> > ï¿½ ï¿½ ï¿½ ï¿½ ï¿½Starting Bind mount volatile /var/cache...
> > ï¿½ ï¿½ ï¿½ ï¿½ ï¿½Starting Bind mount volatile /var/lib...
> > ï¿½ ï¿½ ï¿½ ï¿½ ï¿½Starting Bind mount volatile /var/spool...
> > ï¿½ ï¿½ ï¿½ ï¿½ ï¿½Starting Bind mount volatile /srv...
> > 
> > But these bind mounts show up as overlay mounts!
> > 
> > Has anyone already encountered such an issue?
> 
> I eventually managed to get /etc mounted as an overlay. It seems that
> /sbin/init was started instead of /sbin/preinit as specified in the kernel
> command line.
> I hardcoded the call to /sbin/preinit by customizing
> openembedded-core/meta/recipes-core/initrdscripts/initramfs-framework/finish
> (in a bbappend file, of course).
> 
> The code looks right though, I need to understand why this happens.
> 
> Another weirdness that remains is these volatile mounts for /var/cache/,
> /var/lib, /var/spool and /srv, which I didn't have with a regular read-only
> root filesystem.

AFAIK, this should be the regular behavior on a read-only root
filesystem. The overlayfs mounts are created by services generated by:

  meta/recipes-core/volatile-binds/volatile-binds.bb

depending on the content of the VOLATILE_BINDS variable. For each couple
of upperdir-lowerdir specified there, a service is generated that
starts only if upperdir's parent is writable and lowerdir is not.

E.g.:
  lowerdir=/srv
  upperdir=/var/volatile/srv

In a vanilla openembedded-core system, a tmpfs is mounted on /var/volatile
by the fstab (that is, by the fstab systemd generator), so the
upperdir's parent directory (which is the same /var/volatile) is writable.

You can force a copy+bind behavior setting AVOID_OVERLAYFS=1.

> I'll keep you posted.
> Cheers
> Michael.
> 
> -- 
> Root Commit
> Embedded Linux Training and Consulting
> https://rootcommit.com
> 

Best regards,
Francesco

next prev parent reply	other threads:[~2026-03-26 22:19 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-25 21:20 overlayfs-etc on top of dm-verity? Michael Opdenacker
2026-03-26  9:56 ` Michael Opdenacker
2026-03-26 17:41   ` Michael Opdenacker
2026-03-26 22:19   ` Francesco Valla [this message]
2026-04-09 19:18     ` [yocto] " Michael Opdenacker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=acWttty52EgZmIn5@bywater \
    --to=francesco@valla.it \
    --cc=michael.opdenacker@rootcommit.com \
    --cc=uvv.mail@gmail.com \
    --cc=yocto@lists.yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox