foo safe?

Asked Oct 13 '15 at 16:38

Active Oct 13 '15 at 16:51

Viewed 471 times

Consider the following union mount:

mount -t overlay -o lowerdir=/.pre-foo/lower,upperdir=/.pre-foo/upper,workdir=/.pre-foo/work overlay /foo

I would like to obfuscate that /.pre-foo to minimize the chance of some process to modify my underlying folders while the union is mounted. I could get it with the following "recursive" mount:

mount -t overlay -o lowerdir=/foo/lower,upperdir=/foo/upper,workdir=/foo/work overlay /foo

My question is: Is this safe? Is there any security and/or performance risk in mounting an overlay "recursively"?

edited Oct 13 '15 at 16:51

roaima

107,089
14
139
261

asked Oct 13 '15 at 16:38

Laércio de Sousa

yes. its fine. do it. – mikeserv Oct 13 '15 at 17:34
1

I believe the question might be more clearly stated as follows: (1) Can `lowerdir`, `upperdir` and `workdir` be nested _inside_ the mount point (`/foo`, in this case)? (2) Is such nesting secure and performant? (3) After the mount is performed, will the nested `lowerdir`, `upperdir` and `workdir` be hidden, protected, and only accessible through the "view" provided by the overlay? – mpb Dec 14 '16 at 18:42

OverlayFS: Is mounting /foo/lower:/foo/upper to /foo safe?

0 Answers0