pub(crate) fn build_overlay_fd(
base: impl AsFd,
state: impl AsFd,
source: &str,
mount_attr_flags: Option<MountAttrFlags>,
) -> Result<OwnedFd>Expand description
Build an overlayfs fsmount fd from an existing state dir (upper+work).
upper is 0755: the merged view inherits permissions from upperdir, so 0700 would make the mountpoint inaccessible to non-root processes. work is kernel-internal and never visible; 0700 is fine. See: https://github.com/composefs/composefs-rs/issues/287