This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.
Please visit our production wiki at https://wiki.gentoo.org
Aufs
Aufs (Another Union File System) is an advanced multi-layered unification filesystem. Aufs was originally a re-design and re-implementation of the popular UnionFS, however after adding many new original ideas it became entirely separate from UnionFS. Aufs is considered a UnionFS alternative since it supports many of the same features.
Currently Aufs is in version 4.
Features
- The ability to unite several directories into a single virtual filesystem. Calling the member directory as a branch;
- Specification of the permission flags on each branch (readonly, readwrite, and whiteout-able);
- Via upper writable branch, internal copyup and whiteout is possible (files and directories on the readonly branch are logically modifiable);
- Dynamic branch manipulation (add, delete, etc.)
Installation
Users currently have two options in Gentoo to obtain support for Aufs in the kernel:
- Emerge the appropriate Aufs package. This could be either sys-fs/aufs3 or sys-fs/aufs4 This will download and install Aufs support to the existing kernel sources allowing the user to keep using the same (patched) sources. After the Aufs patch has been applied a re-configuration and re-compilation of the kernel (or at least the kernel modules) must be performed in order to obtain Aufs support. One caveat to this approach is that the Aufs patches can only be applied to a hardened-sources (sys-kernel/hardened-sources) kernel with specific options enabled. For most users the next option is a simpler choice.
- Emerge the pre-patched (sys-kernel/aufs-sources) package. This method will install another set of kernel sources that have had the Aufs3 patches applied. The new sources will show up in /usr/src/linux using a X suffixed name scheme. Proceed to the relevant section below if this method has been chosen. The kernel will then need to be reconfigured and recompiled.
Search the net for anything older than the 3.x version. Why would anyone desire to use an older version?
From here on out, this article will suppose the second option (sys-fs/aufs4) was chosen. See the aufs-sources entry in the kernel overview for more information concerning the sys-kernel/aufs-sources package.
Preparation
If hardened sources are not yet emerged on the system, do so presently:
root #
emerge --ask sys-kernel/hardened-sources
After the emerge process is finished, list the available sources:
root #
eselect kernel list
[1] linux-3.19.3-gentoo [2] linux-3.19.3-hardened
Use eselect to set the symlink to the hardened kernel sources:
root #
eselect kernel set 2
Host Kernel
For the Aufs package not to complain upon install, quite a few features must be enabled in the kernel. Navigate to the kernel sources directory:
root #
cd /usr/src/linux
Using a method of choice, set the following options in the kernel to prepare for the Aufs patches:
[*] Enable loadable module support ---> [*] Module unloading [*] Module versioning support File systems ---> [*] FUSE (Filesystem in Userspace) support [*] Inotify support for userspace Miscellaneous filesystems ---> [*] Apple Extended HFS file system support [*] HFS+ POSIX Access Control Lists [*] Network File Systems ---> [*] NFS client support
If using hardened sources, also check the following:
Security options ---> Grsecurity ---> [*] Grsecurity Customize Configuration ---> PaX ---> [*] Enable various PaX features Address Space Layout Randomization ---> [*] Address Space Layout Randomization [*] Randomize kernel stack base [*] Randomize user stack and mmap() bases Miscellaneous hardening features ---> [*] Sanitize all freed memory [*] Sanitize kernel stack
After the features have been set, build the kernel:
root #
make
Depending on the speed of the CPU(s) available, building the kernel could take a while. If the number of CPU cores in the system are known the
-jN
(where N
is a number) option can be used to speed up the complication process. See the build section of the manual kernel configuration article for more information.USE flags
Emerge Aufs
To install the Aufs patch-set onto hardened kernel sources run the following command:
root #
USE="kernel-patch" emerge -a sys-fs/aufs3
Configuration
In order to work with Aufs, the sys-fs/aufs-util package is needed; utilities are always necessary for Aufs. This packages should be pulled in when emerging sys-fs/aufs3. In the case that it is not, run:
root #
emerge --ask sys-fs/aufs-util
Kernel configuration
Aufs must now be enabled in the kernel:
File systems ---> [*] Miscellaneous filesystems ---> <*> Aufs (Advanced multi layered unification filesystem) support Maximum number of branches (127) ---> [ ] Detect direct branch access (bypassing aufs) [ ] NFS-exportable aufs [ ] support for XATTR/EA (including Security Labels) [ ] File-based Hierarchical Storage Management [ ] Readdir in userspace [ ] Show whiteouts [ ] Ramfs (initramfs/rootfs) as an aufs branch [ ] Fuse fs as an aufs branch [*] Hfsplus as an aufs branch [ ] Debug aufs
Troubleshooting
Kernel configuration
When installing sys-fs/aufs3 many issues are a result of an incorrect kernel configuration. Currently the ebuild does not helpfully provide messages instructing the user on which kernel features must be enabled for correct kernel configuration.
Reading the kernel configuration section above is one helpful method to determine which features are missing. Another method is to open the actual ebuild file and investigate. Although opening an ebuild may seem like a daunting task, it is really not difficult at all. Use a favorite pager or text editor, browse to the ebuild's directory (/usr/portage/sys-fs/aufs3 is the default location for Portage's ebuilds), and open the ebuild file that failed to install the selected software version. Supposing aufs3-3_p20150223.ebuild was the selected ebuild:
root #
less /usr/portage/sys-fs/aufs3/aufs3-3_p20150223.ebuild
Look in the pkg_setup
function for kernel variable names that may not be selected in the current kernel configuration. If missing features are found, then update the kernel sources accordingly.