mirabilosMar 2

So.

We have policy-rc.d in #Debian.

Yet, #debhelper-added scriptlets in maintainer scripts call systemctl if [ -d /run/systemd ].

Which is bad if you’re in an #schroot with /run bind-mounted from the host and the host is running systemd (a customer system, none of mine).

What I need is a way to #whiteout a directory from a #bind #mount.

I heard #overlayfs can do that, but it seems to no longer exist.

Any other ideas¹?

(And yes, I want and need to bind-mount /run itself, as the #chroot adds sockets there that are then accessed from outside the chroot, viceque versa.)

① customer-compatible ones, please; switching the host system to sysvinit is one but the customer’s Ansible standardised on managing all systems with systemd…

HabrDec 29

[Перевод] Внутри ядра Docker: что на самом деле происходит при запуске контейнера

Когда вы вводите в командную строку docker run nginx — кажется, что произошло какое-то волшебство: за считанные секунды появляется полностью изолированная среда. Но здесь нет никакой магии, а просто инженерия ядра Linux. Давайте подробнее разберём эту тему подробнее и изучим, что именно происходит внутри ядра, когда Docker создаёт контейнер.

https://habr.com/ru/companies/timeweb/articles/981542/

#timeweb_статьи_перевод #docker #linux #oci #контейнеры #программирование #overlayfs #ядро

Внутри ядра Docker: что на самом деле происходит при запуске контейнера

Когда вы вводите в командную строку docker run nginx — кажется, что произошло какое-то волшебство: за считанные секунды появляется полностью изолированная среда. Но здесь нет никакой магии, а просто...

Хабр
Show threadDec 5

So yeah, I'm now using

#busybox mount

instead of plain mount for my #overlayfs shenanigans.

Dec 5

Adventures in #OverlayFS

The mount command for overlayfs, while supporting quite a few options, isn't terribly helpful when things go wrong. Often you just get:

wrong fs type, bad option, bad superblock on overlay, missing codepage or helper program, or other error.
dmesg(1) may have more information after failed mount system call.

Ran into this while mounting an overlay with more lowerdirs than usual - 26 in my case - and guess what, dmesg(1) did not have a single line of more information.

DennixNov 17
#overlayfs ++
Show threadFionaOct 9
Also #SELinux with /etc as #overlayfs leads to some really strange issues. Init scripts (which run as initrc_t) get various actions denied with the audit log message listing scontext=mount_t. The labels on the files look correct. If I switch to an r/w rootfs with /etc in it those issues just go away. Same if I use overlayfs and make noop edits to individual scripts so they are stored in the "upper" dir of the overlay. ​

One option would be to dig into how overlayfs works and interacts with SELinux. Another would be to work on restructuring things so /etc is only for local config (anything preinstalled in /usr) and drop the overlay. ​
Aaruni KaushikSep 24
I spent two hours yesterday debugging why my program which uses #bubblewrap and #overlayfs suddenly stopped working yesterday. Turns out, it was a kernel update and just needed a reboot...!
Show threadElse, SomeoneSep 10, 2025

33| import ./pkgs/top-level/impure.nix
...
error: getting status of '/nix/store/pa9ig1hkl5d3zrbkpiwvsna91fxbr2mp-source/pkgs/top-level/impure.nix': No such file or directory

#nix #nixos #overlayfs

st1nger  🏴‍☠️  Jun 27, 2025

Deep Down the Rabbit Hole: #Bash, #OverlayFS, and a 30-Year-Old Surprise #linux #sre #devops

https://sigma-star.at/blog/2025/06/deep-down-the-rabbit-hole-bash-overlayfs-and-a-30-year-old-surprise/

Deep Down the Rabbit Hole: Bash, OverlayFS, and a 30-Year-Old Surprise

This blog post describes a recent debugging session that led through a surprising set of issues involving Bash, `getcwd()`, and OverlayFS. What started as a simple customer bug report turned into a deep dive worth sharing.

sigma star gmbh
The DefendOps DiariesJun 18, 2025

Linux users: imagine your system's hidden door left wide open. CVE-2023-0386 lets attackers snag root access in popular distros. Is your setup at risk? Dive in to learn more before it’s too late.

https://thedefendopsdiaries.com/understanding-cve-2023-0386-a-critical-linux-vulnerability/

#cve20230386
#linuxvulnerability
#overlayfs
#cybersecurity
#linuxsecurity