File: mount.composefs.md

package info (click to toggle)
composefs 1.0.8-3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 11,040 kB
  • sloc: ansic: 9,004; sh: 416; python: 225; makefile: 5
file content (73 lines) | stat: -rw-r--r-- 2,369 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
% mount.composefs 8 "" composefs "User Commands"

# NAME

mount.composefs - mount a composefs filesystem image

# SYNOPSIS

**mount.composefs** [-o OPTIONS] *IMAGE* *TARGETDIR*

# DESCRIPTION

The composefs project uses EROFS image file to store metadata, and one
or more separate directories containing content-addressed backing data
for regular files.

**mount.composefs** mounts such an EROFS file in combination with a given
set of basedir at the specified location. It can be called directly, or
as a mount helper by running `mount -t composefs ...`.

# OPTIONS

The provided *IMAGE* argument must be a valid composefs (EROFS)
metadata image.  The *TARGETDIR* will be used as a mount target.

**mount.composefs** accepts the following colon-separated mount
options when passed via the `-o OPTIONS` argument.

**basedir**=*PATH*
:   This path will be used to resolve non-empty file references
    stored in the composefs metadata image.  A primary use case is to have
    this be the same path provided to `mkcomposefs --digest-store=PATH`.

    Multiple paths can be specified, separated by `:`.

**digest**=*DIGEST*
:   The image file is validated to have the specified fs-verity digest
    before being used. This allows a chain of trust the ensures only
    the expected data is ever visible in the mount.

    This option also implies **verity**.

**idmap**=*PATH*
:   Specify a path to a user namespace whose ID mapping should be used.
    The typical format for this type of path is `/proc/<pid>/ns/user`

**verity**
:   If this is specified, all files in the *IMAGE* must specify an fs-verity
    digest, and all the files in the base dirs must have a matching fs-verity
    digest.

    Note: This needs support for the overlayfs "verity" option in the
    kernel, which was added in 6.6rc1.

**ro**
:  Mounts the filesystem read-only. This is mainly useful when using
   **upperdir** as unlayered composefs images are naturally readonly.

**rw**
:  Overrides a previous **ro** option

**upperdir**
:  Specify an upper dir in the overlayfs mount that composefs uses. This allows
   a writable layer on top of the composefs image. See overlayfs docs for details.

**workdir**
:  Specifies an overlayfs workdir to go with **upperdir**.

# SEE ALSO

**composefs-info(1)**, **mount.composefs(1)**

[composefs upstream](https://github.com/containers/composefs)