You are not logged in.
- Topics: Active | Unanswered
#1 2026-05-20 13:22:03
- Wild Penguin
- Member
- Registered: 2015-03-19
- Posts: 398
Podman: overlayfs fails on linux-hardened and zfs [NOTABUG]
Hi,
After switching over to linux-hardened, my podman units with volumes will not start. Syslog says something like this (for all containers, I have others, too):
May 20 15:41:54 sigma systemd[2240]: Created slice Slice /user.
May 20 15:41:54 sigma systemd[2240]: Started podman-pause-cee2ced9.scope.
May 20 15:41:54 sigma systemd[2240]: sigmapmc.service: Main process exited, code=exited, status=125/n/a
May 20 15:41:55 sigma sigmapmc[2425]: Error: configure storage: kernel does not support overlay fs: 'overlay' is not supported over zfs at "/home/minecraft/.local/share/containers/storage/overlay": backing file system is unsupported fo>
May 20 15:41:55 sigma systemd[2240]: sigmapmc.service: Failed with result 'exit-code'.
May 20 15:41:55 sigma systemd[2240]: Failed to start Sigman MC-serveri 1.However, switching back to -LTS and the same container has no problems starting, and lists no problems regarding ZFS in the journal.
The unit file is fairly simple, generated by systemd generator from this quadlet (from user minecraft):
[Unit]
Description=My PMC Server
Wants=network.target
After=network.target
[Container]
AutoUpdate=registry
ContainerName=SigmaPMC
Image=localhost/pmc-fix
Volume=sigmapmc:/data
LogDriver=k8s-file
Environment=UPDATE_CHECK=0
PodmanArgs=--log-opt=path=/home/minecraft/SigmaPMClog.k8s
Timezone=local
[Service]
Restart=always
[Install]
WantedBy=multi-user.target default.targetFWIW I tested and can mount overlayfs under -hardened, so the error message seems certainly wrong in some way (misdetection / misreporting of the actual problem?).
My ZFS packages (incl. kernel modules) are from https://github.com/archzfs/archzfs :
$ pacman -Qs zfs
local/zfs-linux-hardened 2.4.2_7.0.9.hardened1.1-1 (archzfs-linux-hardened)
Kernel modules for the Zettabyte File System.
local/zfs-linux-lts 2.4.2_6.18.31.1-1 (archzfs-linux-lts)
Kernel modules for the Zettabyte File System.
local/zfs-utils 2.4.2-2 (archzfs-linux)
Kernel module support files for the Zettabyte File System.Any ideas as to culprit? Podman bug? linux-hardened limitation? Workarounds, besides not using -hardened?
Cheers!
Last edited by Wild Penguin (2026-05-20 17:02:01)
Offline
#2 2026-05-20 15:06:28
- Wild Penguin
- Member
- Registered: 2015-03-19
- Posts: 398
Re: Podman: overlayfs fails on linux-hardened and zfs [NOTABUG]
I've tested this on another home server (running btrfs) and it's the same issue:
May 20 18:02:35 archnuke pande-pmc[1130]: Error: configure storage: kernel does not support overlay fs: 'overlay' is not supported over btrfs at "/home/minecraft/.local/share/containers/storage/overlay": backing file system is unsupported for this graph driverSo it has nothing to do with zfs, it's just my (mis)interpretation of the error message.
I could do a minimal test case and see what the people at podman think... ?
Offline
#3 2026-05-20 17:01:35
- Wild Penguin
- Member
- Registered: 2015-03-19
- Posts: 398
Re: Podman: overlayfs fails on linux-hardened and zfs [NOTABUG]
Ok,
after a bit searching around I think this is by design of linux-hardened. It has a config option OVERLAY_FS_UNPRIVILEGED - and prevents users from mounting unprivileged overlayfs. Apparently this is a potential security hole.
Save for recompiling a custom -hardened kernel, users can not use native overlays with podman on -hardened.
https://github.com/anthraxx/linux-harde … 4c04851741
A workaround is to install fuse-overlayfs (looks like it has a performance penalty according to wiki; how large, I have no idea).
Last edited by Wild Penguin (2026-05-20 17:02:24)
Offline