Docker cannot work on other overlayfs filesystems such as ecryptfs won't start overlayfs: filesystem on '/home/docker/overlay2/check-overlayfs-support130645871/upper' not supported as upperdir

This does not seem to be officially documented but makes sense that an overlay on an overlay does not work and is considered an unsupported filesystem as is even NTFS .  Some admins/organizations try to use ecyptfs as a simple solution to encrypt the contents of Docker.  Instead, you could probably use something like Luks to encrypt it all.

One other half measure that you can use, is to do mount a volume that is encrypted to your container.  If all the sensitive data is located on the volume alone, that would provide a better level of security than no encryption.  However, if during the operation of the container, data is copied to portions of the container that are not part of the encrypted mount volume, then this does expose any of those portions of data.  It also won't help protect any secrets that are stored in Docker, since those will live in unencrypted /var/lib/docker, so keep that in mind.

You'll get errors like this when trying to run on ecryptfs or another overlayfs system:

[graphdriver] trying configured driver: overlay2
failed to mount overlay: invalid argument     storage-driver=overlay2
failed to start daemon: error initializing graphdriver: driver not supported: overlay2

overlayfs: filesystem on '/home/docker/overlay2/check-overlayfs-support130645871/upper' not supported as upperdir

Basically Docker mainly supports and recommends overlayfs, so this does create a limitation if the data directory for docker (by default /var/lib/docker) is already using overlayfs for any reason.

References:

https://github.com/moby/moby/pull/23121

https://github.com/moby/moby/issues/22577

https://forums.rancher.com/t/overlayfs-filesystem-on-not-supported-as-upperdir/20690


Tags:

docker, overlayfs, filesystems, ecryptfs, filesystem, overlay, supported, upperdirthis, documented, unsupported, ntfs, admins, organizations, ecyptfs, encrypt, contents, luks, ll, errors, upperdir, mainly, supports, recommends, limitation, directory, default, var, lib, references, https, github, moby, forums, rancher,

Latest Articles

  • Bad Power Supply Issue Story Diagnosing Troubleshooting
  • Getting started with AI (Artificial Intelligence) in Linux / Ubuntu using by deploying LLM (Language Learing Models) using Ollama LLMA
  • microk8s kubernetes how to install OpenEBS
  • Flash LSI MegaRAID 2208 to IT mode in Linux Mint/Debian/Ubuntu
  • LSI MegaRAID in Linux Ubuntu / Centos Tutorial Setup Guide megacli
  • Convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/413. convert-im6.q16: no images defined `pts-time.jpg' @ error/convert.c/ConvertImageCommand/3258. solution ImageMagick P
  • Apache PHP sending expires header solution cannot use cache with CDN
  • How to install virt-manager in Mint 22/Ubuntu 22
  • Infiniband Guide
  • python mysql install error: /bin/sh: 1: mysql_config: not found /bin/sh: 1: mariadb_config: not found /bin/sh: 1: mysql_config: not found mysql_config --version
  • FreePBX 17 How To Add a Trunk
  • Docker Container Onboot Policy - How to make sure a container is always running
  • FreePBX 17 How To Add Phones / Extensions and Register
  • Warning: The driver descriptor says the physical block size is 2048 bytes, but Linux says it is 512 bytes. solution
  • Cisco How To Use a Third Party SIP Phone (eg. Avaya, 3CX)
  • Cisco Unified Communication Manager (CUCM) - How To Add Phones
  • pptp / pptpd not working in DD-WRT iptables / router
  • systemd-journald high memory usage solution
  • How to Install FreePBX 17 in Linux Debian Ubuntu Mint Guide
  • How To Install Cisco's CUCM (Cisco Unified Communication Manager) 12 Guide
    • Copyright © realtechtalk.com 2025