Skip to content

setup-root: Fix overlay permissions#294

Merged
cgwalters merged 1 commit into
composefs:mainfrom
cgwalters:fix-287-overlay-upper-permissions
May 15, 2026
Merged

setup-root: Fix overlay permissions#294
cgwalters merged 1 commit into
composefs:mainfrom
cgwalters:fix-287-overlay-upper-permissions

Conversation

@cgwalters
Copy link
Copy Markdown
Collaborator

@cgwalters cgwalters commented May 15, 2026

The overlayfs merged view inherits its root permissions from the upperdir; creating it as 0700 breaks unprivileged processes accessing it.

This mirrors what systemd does in volatile-root.c and nspawn-mount.c.

Fixes: #287

Assisted-by: OpenCode (claude-sonnet-4-6@default)

@cgwalters
setup-root: Fix overlay permissions
eb4d9c0 
The overlayfs merged view inherits its root permissions from the upperdir;
creating it as 0700 breaks unprivileged processes accessing it.

This mirrors what systemd does in volatile-root.c and nspawn-mount.c.

Fixes: composefs#287

Assisted-by: OpenCode (claude-sonnet-4-6@default)
Signed-off-by: Colin Walters <walters@verbum.org>
@cgwalters cgwalters mentioned this pull request May 15, 2026
Closed
@jeckersb jeckersb added this pull request to the merge queue May 15, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks May 15, 2026
@cgwalters cgwalters added this pull request to the merge queue May 15, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks May 15, 2026
@cgwalters cgwalters added this pull request to the merge queue May 15, 2026
Merged via the queue into composefs:main with commit 7e86960 May 15, 2026
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeckersb jeckersb jeckersb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

composefs-setup-root: Restrictive permissions for work/upper dirs prevent booting w/ transient root

2 participants

@cgwalters @jeckersb