Writing to read-only devices with aufs2
When you call the command
to set up or change kernel options, you will find aufs2 beneath the File system option group, in the Miscellaneous filesystems submenu (see Figure 1).
If aufs is missing and everything else has succeeded so far, you should check to see whether the experimental features of the kernel have been enabled in the configuration.
The Maximum number of branches line shown in Figure 1 defines how many directories aufs can combine into one virtual directory. The Use inotify… line allows you to modify a branch directly and have the changes appear immediately in the mount point (which otherwise could give unexpected results, in that aufs does not monitor each file for changes until it is changed on the mount point). The NFS-exportable line enables some features that are needed for exporting directories via the NFS network filesystem, and the Ramfs as an aufs branch line is only needed if the initial ramdisk stays as the root filesystem after booting and is used as a writable branch for aufs.
The online help in the Documentation directory provides helpful details about each option.
This very simple concept of stacking a writable filesystem with a read-only filesystem becomes complicated when you consider the need for making changes inside the stack. For example, if a file residing in a ready-only directory branch is deleted, how do you make it go away? In the case of file deletion, a new "hidden" file (so-called "whiteout") is created in the writable branch to tell aufs to act as if the original file ceased to exist.
When writing to a file residing in an unwritable branch, a copy of the changed file must be created on the writable branch.
Even more complicated cases occur when handling operations like concurrent file access, differing permissions, and access methods for diverging files on different branches. Therefore, handling files in a stacked directory tree is not as easy as you might think, and in fact, the aufs source code is about the same size and complexity as the source code of a regular Linux disk-based filesystem.
A New Aufs
Recently, further development of aufs version 1 has stopped in favor of aufs2, which is a kernel extension for adding filesystem stacking capabilities directly into the kernel tree. At the same time, aufs author Junjiro Okajima switched from using CVS for source code management to Git, which is also used by the Linux kernel maintainers. According to the developer, the primary goals for creating aufs2 were to provide easier and wider review of the code and to make the source files simpler and smaller. Aufs1 consisted of several patch files that were highly dependent on kernel compile-time options and versions, whereas aufs2 just uses the kernel's own configuration system and compiles more easily.
If you have enabled aufs as a module (with the m option), aufs.ko will be built when you build all kernel modules with the command:
Alternatively, you can build only the aufs module while skipping all others with:
Because some exported filesystem functions changed when you patched the kernel, you might still need to recompile other modules, as well as the static kernel, so recompiling and installing the full kernel with all modules is recommended, followed by a reboot. After that, you can load the aufs module (if it is not statically compiled in) with:
If you mount a hard disk partition read-only
mount -r /dev/sdb1 /media/disk
and add a directory for writable data somewhere (/tmp should be sufficient)
you can now join the two directories as a virtual, writable directory. All the files will come from /media/disk first (the read-only branch), and behind the scenes, changed or newly created files will go to /tmp/cow:
mkdir /tmp/aufs mount -t aufs -o br:/tmp/cow=rw:/media/disk=ro none /tmp/aufs
Note that the list of directories associated with an aufs volume is NOT given as "device file" as usual in the mount command, but within the filesystem options (-o) as br:directory1:directory2: …, wherein all directories but the first should have a suffix =ro to mark them as read-only for aufs. The first directory has =rw for being writable.
Also, it is possible to virtually join the contents of multiple directories as one – for example, if you want to combine a collection of multiple multimedia files in a single directory when they are actually spread across several disks and locations.
To add directories to the stack, use the command
mount -o remount,append:new_directory /tmp/aufs
or remove them with the del mount option. The full set of aufs options, including a description of how to insert, remove, or modify specific branches from an aufs directory stack, is outlined in aufs.5, which is an nroff-formatted man page. To read aufs.5 without installation, use:
nroff -man Documentation/filesystems/aufs/aufs.5 | less
One aufs mount option that can be useful in a Live system is noplink, which disables permanent hard links to files on different branches, thereby saving a lot of valuable space on the writable branch.
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.