Aufs

Aufs (Another Union File System) is an advanced multi-layered unification filesystem. Aufs was originally a re-design and re-implementation of the popular UnionFS, however after adding many new original ideas it became entirely separate from UnionFS. Aufs is considered a UnionFS alternative since it supports many of the same features.

Currently Aufs is in version 4.

Features

• The ability to unite several directories into a single virtual filesystem. Calling the member directory as a branch;
• Specification of the permission flags on each branch (readonly, readwrite, and whiteout-able);
• Via upper writable branch, internal copyup and whiteout is possible (files and directories on the readonly branch are logically modifiable);
• Dynamic branch manipulation (add, delete, etc.)

Installation

Users currently have two options in Gentoo to obtain support for Aufs in the kernel:

1. Emerge the appropriate Aufs package. This could be either sys-fs/aufs3 or sys-fs/aufs4 This will download and install Aufs support to the existing kernel sources allowing the user to keep using the same (patched) sources. After the Aufs patch has been applied a re-configuration and re-compilation of the kernel (or at least the kernel modules) must be performed in order to obtain Aufs support. One caveat to this approach is that the Aufs patches can only be applied to a hardened-sources (sys-kernel/hardened-sources) kernel with specific options enabled. For most users the next option is a simpler choice.
2. Emerge the pre-patched (sys-kernel/aufs-sources) package. This method will install another set of kernel sources that have had the Aufs3 patches applied. The new sources will show up in /usr/src/linux using a X suffixed name scheme. Proceed to the relevant section below if this method has been chosen. The kernel will then need to be reconfigured and recompiled.

Search the net for anything older than the 3.x version. Why would anyone desire to use an older version?

From here on out, this article will suppose the second option (sys-fs/aufs4) was chosen. See the aufs-sources entry in the kernel overview for more information concerning the sys-kernel/aufs-sources package.

Preparation

If hardened sources are not yet emerged on the system, do so presently:

After the emerge process is finished, list the available sources:

  [1]   linux-3.19.3-gentoo
  [2]   linux-3.19.3-hardened

Use eselect to set the symlink to the hardened kernel sources:

Host Kernel

For the Aufs package not to complain upon install, quite a few features must be enabled in the kernel. Navigate to the kernel sources directory:

Using a method of choice, set the following options in the kernel to prepare for the Aufs patches:

[*] Enable loadable module support  --->
   [*]   Module unloading
   [*]   Module versioning support
File systems  --->
   [*] FUSE (Filesystem in Userspace) support
   [*] Inotify support for userspace
   Miscellaneous filesystems  --->
      [*]   Apple Extended HFS file system support
      [*]     HFS+ POSIX Access Control Lists
   [*] Network File Systems  --->
      [*]   NFS client support

If using hardened sources, also check the following:

Security options  --->
   Grsecurity  --->
      [*] Grsecurity
         Customize Configuration  --->
	    PaX  --->
	       [*] Enable various PaX features
                  Address Space Layout Randomization  ---> 
                     [*] Address Space Layout Randomization
                     [*] Randomize kernel stack base
                     [*] Randomize user stack and mmap() bases
                  Miscellaneous hardening features  --->
                     [*] Sanitize all freed memory
                     [*] Sanitize kernel stack

After the features have been set, build the kernel:

USE flags

Emerge Aufs

To install the Aufs patch-set onto hardened kernel sources run the following command:

Configuration

In order to work with Aufs, the sys-fs/aufs-util package is needed; utilities are always necessary for Aufs. This packages should be pulled in when emerging sys-fs/aufs3. In the case that it is not, run:

Kernel configuration

Aufs must now be enabled in the kernel:

File systems  --->
   [*] Miscellaneous filesystems  --->
      <*>   Aufs (Advanced multi layered unification filesystem) support
            Maximum number of branches (127)  --->
      [ ]   Detect direct branch access (bypassing aufs)
      [ ]   NFS-exportable aufs
      [ ]   support for XATTR/EA (including Security Labels)
      [ ]   File-based Hierarchical Storage Management
      [ ]   Readdir in userspace
      [ ]   Show whiteouts
      [ ]   Ramfs (initramfs/rootfs) as an aufs branch
      [ ]   Fuse fs as an aufs branch
      [*]   Hfsplus as an aufs branch
      [ ]   Debug aufs

Troubleshooting

Kernel configuration

When installing sys-fs/aufs3 many issues are a result of an incorrect kernel configuration. Currently the ebuild does not helpfully provide messages instructing the user on which kernel features must be enabled for correct kernel configuration.

Reading the kernel configuration section above is one helpful method to determine which features are missing. Another method is to open the actual ebuild file and investigate. Although opening an ebuild may seem like a daunting task, it is really not difficult at all. Use a favorite pager or text editor, browse to the ebuild's directory (/usr/portage/sys-fs/aufs3 is the default location for Portage's ebuilds), and open the ebuild file that failed to install the selected software version. Supposing aufs3-3_p20150223.ebuild was the selected ebuild:

Look in the pkg_setup function for kernel variable names that may not be selected in the current kernel configuration. If missing features are found, then update the kernel sources accordingly.

See also

• UnionFS - The original union filesystem.
• OverlayFS - An overlay filesystem.