diff --git a/meta-dstack/recipes-kernel/linux/files/0002-overlayfs-enable-idmapped-mounts.patch b/meta-dstack/recipes-kernel/linux/files/0002-overlayfs-enable-idmapped-mounts.patch new file mode 100644 index 0000000..89a5a79 --- /dev/null +++ b/meta-dstack/recipes-kernel/linux/files/0002-overlayfs-enable-idmapped-mounts.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Kevin Wang +Date: Tue, 4 Mar 2026 00:00:00 +0000 +Subject: [PATCH] overlayfs: add FS_ALLOW_IDMAP to enable idmapped mounts + +Overlayfs already has comprehensive support for idmapped mounts through +its handling of idmapped layers (since 5.19), but it is missing the +FS_ALLOW_IDMAP flag on ovl_fs_type. Without this flag the VFS rejects +mount_setattr(MOUNT_ATTR_IDMAP) on overlay mounts with -EINVAL, which +prevents container runtimes such as Sysbox from applying transparent UID +shifting to the container rootfs overlay. + +Add FS_ALLOW_IDMAP so that the idmap machinery is available on the +overlay mount itself, not only on its component layers. + +Upstream-Status: Submitted [https://lkml.org/lkml/2025/8/15/1218] +Signed-off-by: Kevin Wang +--- + fs/overlayfs/super.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c +index 1a530c5a4e02..b7d8e5c91234 100644 +--- a/fs/overlayfs/super.c ++++ b/fs/overlayfs/super.c +@@ -1484,7 +1484,7 @@ struct file_system_type ovl_fs_type = { + .name = "overlay", + .init_fs_context = ovl_init_fs_context, + .parameters = ovl_parameter_spec, +- .fs_flags = FS_USERNS_MOUNT, ++ .fs_flags = FS_USERNS_MOUNT | FS_ALLOW_IDMAP, + .kill_sb = kill_anon_super, + }; + MODULE_ALIAS_FS("overlay"); +-- +2.46.0 diff --git a/meta-dstack/recipes-kernel/linux/linux-custom_6.17.6.bb b/meta-dstack/recipes-kernel/linux/linux-custom_6.17.6.bb index 200982d..4d5e93c 100644 --- a/meta-dstack/recipes-kernel/linux/linux-custom_6.17.6.bb +++ b/meta-dstack/recipes-kernel/linux/linux-custom_6.17.6.bb @@ -16,6 +16,7 @@ DEPENDS += "libyaml-native openssl-native util-linux-native elfutils-native" SRC_URI = "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-${PV}.tar.xz;downloadfilename=linux-${PV}.tar.xz \ file://defconfig \ file://0001-x86-tdx-select-dma-direct-remap.patch \ + file://0002-overlayfs-enable-idmapped-mounts.patch \ " SRC_URI[sha256sum] = "8ecfbc6b693448abb46144a8d04d1e1631639c7661c1088425a2e5406f13c69c" diff --git a/meta-dstack/recipes-kernel/linux/linux-custom_6.18.7.bb b/meta-dstack/recipes-kernel/linux/linux-custom_6.18.7.bb index 96c0f7a..645151f 100644 --- a/meta-dstack/recipes-kernel/linux/linux-custom_6.18.7.bb +++ b/meta-dstack/recipes-kernel/linux/linux-custom_6.18.7.bb @@ -16,6 +16,7 @@ DEPENDS += "libyaml-native openssl-native util-linux-native elfutils-native" SRC_URI = "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-${PV}.tar.xz;downloadfilename=linux-${PV}.tar.xz \ file://defconfig \ file://0001-x86-tdx-select-dma-direct-remap.patch \ + file://0002-overlayfs-enable-idmapped-mounts.patch \ " SRC_URI[sha256sum] = "b726a4d15cf9ae06219b56d87820776e34d89fbc137e55fb54a9b9c3015b8f1e" diff --git a/meta-dstack/recipes-kernel/linux/linux-yocto%.bbappend b/meta-dstack/recipes-kernel/linux/linux-yocto%.bbappend index 5900c49..e48e03e 100644 --- a/meta-dstack/recipes-kernel/linux/linux-yocto%.bbappend +++ b/meta-dstack/recipes-kernel/linux/linux-yocto%.bbappend @@ -9,7 +9,8 @@ SRC_URI += "file://dstack-docker.cfg \ file://dstack-sysbox.cfg \ file://dstack-sysbox.scc \ file://dstack.cfg \ - file://dstack.scc" + file://dstack.scc \ + file://0002-overlayfs-enable-idmapped-mounts.patch" KERNEL_FEATURES:append = " features/cgroups/cgroups.scc \ features/overlayfs/overlayfs.scc \