Overlayfs mounts don't work on top of an ID-mapped ext4 volume ...

[ctalledo]

As of Linux 5.13, overlayfs mounts don't work on top of ID-mapped ext4 volumes.

For example, if I create a Sysbox container and mount an ext4 volume into it, Sysbox will ID-map the volume into the container (so that it shows up with proper permissions inside the rootless Sysbox container):

$ docker run --runtime=sysbox-runc -it --rm -v myvol:/mnt/myvol ghcr.io/nestybox/alpine-docker
/ # apk add findmnt
/ # findmnt | grep myvol
├─/mnt/myvol                                                 /dev/nvme1n1p1[/docker/volumes/myvol/_data]                                                                     ext4     rw,relatime,idmapped,errors=remount-ro

Then if we want to mount overlayfs on that ID-mapped volume, we get an error:

/ # cd /mnt/myvol
/mnt/myvol # mkdir upper lower work merged
/mnt/myvol # mount -t overlay overlay -o lowerdir=lower,upperdir=upper,workdir=work merged
mount: mounting overlay on merged failed: Invalid argument

For this same reason, when running Docker inside a Sysbox container, avoid modifying the "data-root" config inside the container at runtime (i.e., after the container is launched), as doing so may cause Docker to stop using it's preferred overlayfs storage driver and revert to the slower vfs storage driver.

[ctalledo]

As of Linux 5.13, overlayfs mounts don't work on top of ID-mapped ext4 volumes.

I've not tried with more recent versions of Linux, but I don't recall seeing any improvement in overlayfs towards ID-mapped mounts in recent kernel commits.