Hello world,

According to this link Unable to start container with sysbox runtime after kernel update. · Issue #596 · nestybox/sysbox · GitHub it seems sysbox is on the cusp of some changes… switching over to idmapped and deprecating shiftfs.

I believe kernel 5.19 added ID-mapped-mount support for overlayfs (need to double-check). If true, then we will adjust sysbox to use ID-mapped-mounts for the container’s rootfs too, and at that point ID-mapped-mounts would essentially replace shiftfs for all practical purposes.

However I have not been able to find any discussion of how or when this is being implemented.

I appreciate any updates on this topic.

I have since read that Docker has bought nestybox, so is there a roadmap to include this in the next Docker releases?

Cesar has been kind enough to respond to clear this up: Unable to start container with sysbox runtime after kernel update. · Issue #596 · nestybox/sysbox · GitHub

assuming that in fact overlayfs supports ID-mapped-mounts, this will be included in the ~v0.7 release of Sysbox. Not sure on the timeline yet, likely ~Feb 2022.
In any case, overlayfs support for ID-mapped-mounts is a “nice-to-have”, but not a “must-have” as mentioned in my comment above.

there has been some movement on this:

FYI: commit with the fix for shiftfs in Ubuntu: ~ubuntu-kernel/ubuntu/+source/linux/+git/lunar - [no description]

Should be present in the upcoming Ubuntu 23.04 release (Lunar Lobster), due April 2023.

NOTE: the upcoming release of Sysbox (v0.6.0) will automatically check if shiftfs works on the host or not, and adjust accordingly. In platforms where it works, it will use it as needed. In platforms where it does not work, it will use an alternative mechanism. The new Sysbox release will also automatically check if the kernel supports ID-mapped mounts (kernel 5.12+) and overlayfs on ID-mapped mounted lower dirs (kernel 5.19+), and use both of these features. The latter one really makes shiftfs unnecessary going forward.