Docker cannot work on other overlayfs filesystems such as ecryptfs won't start overlayfs: filesystem on '/home/docker/overlay2/check-overlayfs-support130645871/upper' not supported as upperdir

This does not seem to be officially documented but makes sense that an overlay on an overlay does not work and is considered an unsupported filesystem as is even NTFS .  Some admins/organizations try to use ecyptfs as a simple solution to encrypt the contents of Docker.  Instead, you could probably use something like Luks to encrypt it all.

One other half measure that you can use, is to do mount a volume that is encrypted to your container.  If all the sensitive data is located on the volume alone, that would provide a better level of security than no encryption.  However, if during the operation of the container, data is copied to portions of the container that are not part of the encrypted mount volume, then this does expose any of those portions of data.  It also won't help protect any secrets that are stored in Docker, since those will live in unencrypted /var/lib/docker, so keep that in mind.

You'll get errors like this when trying to run on ecryptfs or another overlayfs system:

[graphdriver] trying configured driver: overlay2
failed to mount overlay: invalid argument     storage-driver=overlay2
failed to start daemon: error initializing graphdriver: driver not supported: overlay2

overlayfs: filesystem on '/home/docker/overlay2/check-overlayfs-support130645871/upper' not supported as upperdir

Basically Docker mainly supports and recommends overlayfs, so this does create a limitation if the data directory for docker (by default /var/lib/docker) is already using overlayfs for any reason.

References:

https://github.com/moby/moby/pull/23121

https://github.com/moby/moby/issues/22577

https://forums.rancher.com/t/overlayfs-filesystem-on-not-supported-as-upperdir/20690


Tags:

docker, overlayfs, filesystems, ecryptfs, filesystem, overlay, supported, upperdirthis, documented, unsupported, ntfs, admins, organizations, ecyptfs, encrypt, contents, luks, ll, errors, upperdir, mainly, supports, recommends, limitation, directory, default, var, lib, references, https, github, moby, forums, rancher,

Latest Articles

  • How high can a Xeon CPU get?
  • bash fix PATH environment variable "command not found" solution
  • Ubuntu Linux Mint Debian Redhat Youtube Cannot Play HD or 4K videos, dropped frames or high CPU usage with Nvidia or AMD Driver
  • hostapd example configuration for high speed AC on 5GHz using WPA2
  • hostapd how to enable and use WPS to connect wireless devices like printers
  • Dell Server Workstation iDRAC Dead after Firmware Update Solution R720, R320, R730
  • Cloned VM/Server/Computer in Linux won't boot and goes to initramfs busybox Solution
  • How To Add Windows 7 8 10 11 to GRUB Boot List Dual Booting
  • How to configure OpenDKIM on Linux with Postfix and setup bind zonefile
  • Debian Ubuntu 10/11/12 Linux how to get tftpd-hpa server setup tutorial
  • efibootmgr: option requires an argument -- 'd' efibootmgr version 15 grub-install.real: error: efibootmgr failed to register the boot entry: Operation not permitted.
  • Apache Error Won't start SSL Cert Issue Solution Unable to configure verify locations for client authentication SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line SSL Library Error: 185090057 error:0B084009:x509 certif
  • Linux Debian Mint Ubuntu Bridge br0 gets random IP
  • redis requirements
  • How to kill a docker swarm
  • docker swarm silly issues
  • isc-dhcp-server dhcpd how to get longer lease
  • nvidia cannot resume from sleep Comm: nvidia-sleep.sh Tainted: Linux Ubuntu Mint Debian
  • zfs and LUKS how to recover in Linux
  • [error] (28)No space left on device: Cannot create SSLMutex Apache Solution Linux CentOS Ubuntu Debian Mint
    • Copyright © realtechtalk.com 2024