0

Run the following commands on linux (4.4.59 and 4.9.8 are tested) will fail:

mkdir -p /tmp/proc mount -t overlay overlay -o lowerdir=/proc:/tmp/proc /tmp/proc

and there is a error message in dmesg:

overlayfs: maximum fs stacking depth exceeded

Why can't /proc be a layer of a overlay file system? If I replace /proc with /dev or /sys, it mounts without issue, so it seems there is something special with /proc.

P.S. The use case is creating a safer chroot environment, I want to make /dev, /sys and /proc read-only in chroot.

Duan Yao
  • 1,359
  • 1
  • 10
  • 12
  • 1
    https://stackoverflow.com/questions/25910229/how-provide-nested-mount-of-overlayfs hope this help – skr Jun 16 '17 at 10:33
  • 1
    @skr `mount -t overlay overlay -o lowerdir=/sys:/tmp/sys /tmp/sys` does work on my system, so I wonder why just /proc causes "maximum fs stacking depth exceeded"? – Duan Yao Jun 16 '17 at 10:49
  • 1
    Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. – jww Jun 16 '17 at 12:24
  • As a workaround, you can make a read-only bind mount. https://unix.stackexchange.com/questions/128336/why-doesnt-mount-respect-the-read-only-option-for-bind-mounts – Mark Plotnick Jun 17 '17 at 09:14
  • @jww You are right, so I created https://unix.stackexchange.com/questions/371915/why-cant-proc-be-a-layer-of-a-overlay-file-system-overlayfs-on-linux – Duan Yao Jun 19 '17 at 06:13
  • @MarkPlotnick Thanks. Now I use another workaround: `mount -t proc -o ro none /tmp/proc`, looks simpler than read-only bind mount, though sub-mounts don't show up automatically. – Duan Yao Jun 19 '17 at 06:16

0 Answers0