FS#71358 - [podman] fuse-overlayfs is no longer a required dependency with linux >= 5.11

Attached to Project: Community Packages
Opened by Sebastian Jug (jugs) - Friday, 25 June 2021, 12:47 GMT
Last edited by David Runge (dvzrv) - Sunday, 13 March 2022, 11:56 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To David Runge (dvzrv)
Morten Linderud (Foxboron)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
As of the 5.11 kernel there is support for rootless overlay support rendering fuse-overlayfs unnecessary.
Prior to the 5.11 kernel, fuse-overlayfs is still required.
This kernel support should increase container storage performance, and is desirable to the user.

Additional info:
https://www.redhat.com/sysadmin/podman-rootless-overlay

Steps to reproduce:

If you have an existing rootless podman install working (with fuse-overlayfs):
$ podman info --format json | jq . | grep -i overlay
"graphDriverName": "overlay",
"overlay.mount_program": {
"Executable": "/usr/bin/fuse-overlayfs",
"Package": "/usr/bin/fuse-overlayfs is owned by fuse-overlayfs 1.5.0-1",
"Version": "fusermount3 version: 3.10.4\nfuse-overlayfs: version 1.5\nFUSE library version 3.10.4\nusing FUSE kernel interface version 7.31"
"overlay.mountopt": "nodev"
"Native Overlay Diff": "false",

With fuse-overlayfs the user container storage directory will also have a file present by default in:
$HOME/.local/share/containers/storage/overlay/.has-mount-program

Finally there will be no `overlay` kernel module loaded:
$ lsmod | grep overlay
(nothing)

To convert to kernel based user overlay support run:
`podman system reset`

Note: this will delete ALL user container storage!


After `podman system reset` or on a fresh install (no fuse-overlayfs):
$ podman info --format json | jq . | grep -i overlay
"graphDriverName": "overlay",
"Native Overlay Diff": "false",

$ stat $HOME/.local/share/containers/storage/overlay/.has-mount-program
stat: cannot statx '/home/user/.local/share/containers/storage/overlay/.has-mount-program': No such file or directory

$ lsmod | grep overlay
overlay 147456 0
This task depends upon

Closed by  David Runge (dvzrv)
Sunday, 13 March 2022, 11:56 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed with podman 4.0.1-2
Comment by Morten Linderud (Foxboron) - Monday, 28 June 2021, 20:10 GMT
Is this only for the stock kernel? I have a hunch this doesn't work for linux-hardened for instance.
Comment by Sebastian Jug (jugs) - Monday, 28 June 2021, 21:02 GMT
Rootless containers don't work on linux-hardened out of the box as is already (unprivileged userns disabled).
I would have the same assumption regarding the user overlay kernel support as well but I haven't dug deeper at this point.
Comment by Morten Linderud (Foxboron) - Monday, 28 June 2021, 21:06 GMT
Ack, it's not part of the current podman release. Need to test this, figure out how to document the change and figure out other issues as well. Thanks!
Comment by David Runge (dvzrv) - Friday, 01 October 2021, 10:09 GMT
IIUC this will not work on linux-lts, right?
Comment by Sebastian Jug (jugs) - Thursday, 07 October 2021, 13:54 GMT
Not unless it's >= 5.11

Loading...