[GH-ISSUE #1588] Configurable location for Overlay Directories #1059

New issue

Closed

opened 2026-05-05 07:22:37 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 07:22:37 -06:00

Owner

Originally created by @jsm09a on GitHub (Oct 4, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1588

Enhancement request: Ability to specify an alternate location for the Overlay Directories (hdiff, hwork, odiff, owork) when using "--overlay-name=", preferably in the profile file for each application.

When using large overlays for application installation and testing, it would be nice to be able to move the overlay directories from ~/.firejail to an alternate location (e.g. an SSD partition). Unfortunately, even trying to set ~/.firejail to a symbolic link is rejected. Thanks !

Originally created by @jsm09a on GitHub (Oct 4, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1588 Enhancement request: Ability to specify an alternate location for the Overlay Directories (hdiff, hwork, odiff, owork) when using "--overlay-name=<name>", preferably in the profile file for each application. When using large overlays for application installation and testing, it would be nice to be able to move the overlay directories from ~/.firejail to an alternate location (e.g. an SSD partition). Unfortunately, even trying to set ~/.firejail to a symbolic link is rejected. Thanks !

gitea-mirror

2026-05-05 07:22:37 -06:00

closed this issue
added the
enhancement
label

gitea-mirror commented

2026-05-05 07:22:42 -06:00

Author

Owner

@jsm09a commented on GitHub (Oct 6, 2017):

After further testing, I've concluded that the OverlayFS containers are not quite as useful as I had hoped. Therefore, as the original author, I'd suggest that this enhancement request is not really that valuable and that development efforts might be better spent elsewhere ... I am taking the liberty of closing this issue at this time.

As per the Kernel documentation for the Overlay File System, "Changes to the underlying filesystems while part of a mounted overlayfilesystem are not allowed. If the underlying filesystem is changed,
the behavior of the overlay is undefined, though it will not result in a crash or deadlock.".

As such, the use of Overlays to install and run arbitrary application packages, although quite attractive, is not really recommended for general use on an operational system, as there will undoubtedly be ongoing changes in the "lower" directory. Furthermore, it appears (in my limited testing) that some of the FireJail features (such as seccomp.keep) are not fully effective when --overlay-name= is used.

@jsm09a commented on GitHub (Oct 6, 2017): After further testing, I've concluded that the OverlayFS containers are not quite as useful as I had hoped. Therefore, as the original author, I'd suggest that this enhancement request is not really that valuable and that development efforts might be better spent elsewhere ... I am taking the liberty of closing this issue at this time. As per the Kernel documentation for the Overlay File System, "Changes to the underlying filesystems while part of a mounted overlayfilesystem are not allowed. If the underlying filesystem is changed, the behavior of the overlay is undefined, though it will not result in a crash or deadlock.". As such, the use of Overlays to install and run arbitrary application packages, although quite attractive, is not really recommended for general use on an operational system, as there will undoubtedly be ongoing changes in the "lower" directory. Furthermore, it appears (in my limited testing) that some of the FireJail features (such as seccomp.keep) are not fully effective when --overlay-name= is used.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1059

No description provided.

Rows
Columns