mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
11ef8d3ba9
The "userxattr" option is needed for mounting overlayfs inside a user namespace with kernel >= 5.11. The "userxattr" option is NOT needed for the initial user namespace (aka "the host"). Also, Ubuntu (since circa 2015) and Debian (since 10) with kernel < 5.11 can mount the overlayfs in a user namespace without the "userxattr" option. The corresponding kernel commit: 2d2f2d7322ff43e0fe92bf8cccdc0b09449bf2e1 > **ovl: user xattr** > > Optionally allow using "user.overlay." namespace instead of "trusted.overlay." > ... > Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the > "user.overlay.redirect" or "user.overlay.metacopy" xattrs. Fix issue 42055 Related to containerd/containerd PR 5076 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> |
||
|---|---|---|
| .. | ||
| check.go | ||
| mount.go | ||
| overlay.go | ||
| overlay_test.go | ||
| overlay_unsupported.go | ||