Writing to read-only devices with aufs2
When you call the command
to set up or change kernel options, you will find aufs2 beneath the File system option group, in the Miscellaneous filesystems submenu (see Figure 1).
If aufs is missing and everything else has succeeded so far, you should check to see whether the experimental features of the kernel have been enabled in the configuration.
The Maximum number of branches line shown in Figure 1 defines how many directories aufs can combine into one virtual directory. The Use inotify… line allows you to modify a branch directly and have the changes appear immediately in the mount point (which otherwise could give unexpected results, in that aufs does not monitor each file for changes until it is changed on the mount point). The NFS-exportable line enables some features that are needed for exporting directories via the NFS network filesystem, and the Ramfs as an aufs branch line is only needed if the initial ramdisk stays as the root filesystem after booting and is used as a writable branch for aufs.
The online help in the Documentation directory provides helpful details about each option.
This very simple concept of stacking a writable filesystem with a read-only filesystem becomes complicated when you consider the need for making changes inside the stack. For example, if a file residing in a ready-only directory branch is deleted, how do you make it go away? In the case of file deletion, a new "hidden" file (so-called "whiteout") is created in the writable branch to tell aufs to act as if the original file ceased to exist.
When writing to a file residing in an unwritable branch, a copy of the changed file must be created on the writable branch.
Even more complicated cases occur when handling operations like concurrent file access, differing permissions, and access methods for diverging files on different branches. Therefore, handling files in a stacked directory tree is not as easy as you might think, and in fact, the aufs source code is about the same size and complexity as the source code of a regular Linux disk-based filesystem.
A New Aufs
Recently, further development of aufs version 1 has stopped in favor of aufs2, which is a kernel extension for adding filesystem stacking capabilities directly into the kernel tree. At the same time, aufs author Junjiro Okajima switched from using CVS for source code management to Git, which is also used by the Linux kernel maintainers. According to the developer, the primary goals for creating aufs2 were to provide easier and wider review of the code and to make the source files simpler and smaller. Aufs1 consisted of several patch files that were highly dependent on kernel compile-time options and versions, whereas aufs2 just uses the kernel's own configuration system and compiles more easily.
If you have enabled aufs as a module (with the m option), aufs.ko will be built when you build all kernel modules with the command:
Alternatively, you can build only the aufs module while skipping all others with:
Because some exported filesystem functions changed when you patched the kernel, you might still need to recompile other modules, as well as the static kernel, so recompiling and installing the full kernel with all modules is recommended, followed by a reboot. After that, you can load the aufs module (if it is not statically compiled in) with:
If you mount a hard disk partition read-only
mount -r /dev/sdb1 /media/disk
and add a directory for writable data somewhere (/tmp should be sufficient)
you can now join the two directories as a virtual, writable directory. All the files will come from /media/disk first (the read-only branch), and behind the scenes, changed or newly created files will go to /tmp/cow:
mkdir /tmp/aufs mount -t aufs -o br:/tmp/cow=rw:/media/disk=ro none /tmp/aufs
Note that the list of directories associated with an aufs volume is NOT given as "device file" as usual in the mount command, but within the filesystem options (-o) as br:directory1:directory2: …, wherein all directories but the first should have a suffix =ro to mark them as read-only for aufs. The first directory has =rw for being writable.
Also, it is possible to virtually join the contents of multiple directories as one – for example, if you want to combine a collection of multiple multimedia files in a single directory when they are actually spread across several disks and locations.
To add directories to the stack, use the command
mount -o remount,append:new_directory /tmp/aufs
or remove them with the del mount option. The full set of aufs options, including a description of how to insert, remove, or modify specific branches from an aufs directory stack, is outlined in aufs.5, which is an nroff-formatted man page. To read aufs.5 without installation, use:
nroff -man Documentation/filesystems/aufs/aufs.5 | less
One aufs mount option that can be useful in a Live system is noplink, which disables permanent hard links to files on different branches, thereby saving a lot of valuable space on the writable branch.
VMware bids for a stake in the container industry with a bold effort to integrate containers with its classic virtualization system.
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm