From c1efe37ecba2e48ae6a073756fc8ae8d6746f4fb Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 25 Jan 2025 06:02:33 -0300 Subject: [PATCH] docs: clarify unmaintained status of overlayfs in configure.ac Since users are still asking about it. Relates to #2799 #4178. --- configure | 10 +++++++++- configure.ac | 10 +++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/configure b/configure index 0a7fbce792..cd604b3fa4 100755 --- a/configure +++ b/configure @@ -4248,7 +4248,15 @@ then : fi -# overlayfs features temporarily disabled pending fixes +# The --overlay and related options are not supported anymore due to security +# concerns (see CVE-2021-26910 and #4178), issues on newer kernels (see #2799) +# and overall lack of interest in fixing and maintaining them. +# +# Support is unlikely to be restored, as it would require auditing the +# overlayfs code to ensure that it is secure and that it works properly. +# +# It is highly recommended to leave this option disabled; the overlayfs code +# that remains is only intended for testing/debugging purposes. HAVE_OVERLAYFS="" #AC_ARG_ENABLE([overlayfs], diff --git a/configure.ac b/configure.ac index 38428d5bc6..b0fafe8054 100644 --- a/configure.ac +++ b/configure.ac @@ -129,7 +129,15 @@ AS_IF([test "x$enable_dbusproxy" != "xno"], [ HAVE_DBUSPROXY="-DHAVE_DBUSPROXY" ]) -# overlayfs features temporarily disabled pending fixes +# The --overlay and related options are not supported anymore due to security +# concerns (see CVE-2021-26910 and #4178), issues on newer kernels (see #2799) +# and overall lack of interest in fixing and maintaining them. +# +# Support is unlikely to be restored, as it would require auditing the +# overlayfs code to ensure that it is secure and that it works properly. +# +# It is highly recommended to leave this option disabled; the overlayfs code +# that remains is only intended for testing/debugging purposes. HAVE_OVERLAYFS="" AC_SUBST([HAVE_OVERLAYFS]) #AC_ARG_ENABLE([overlayfs],