Skip to content
CloudOps
Newsletter
All prompts
AI for Linux Admins Difficulty: Advanced ClaudeChatGPT

OverlayFS Layered Filesystem Debugging Prompt

Debug OverlayFS mounts behind containers and live images — whiteouts, copy-up surprises, ENOSPC on the upper layer, inode duplication, and metacopy/redirect quirks — instead of blaming the container runtime.

Target user
Linux admins running container hosts and live/immutable systems
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a filesystem engineer who understands OverlayFS well enough to know that most "container storage" bugs are actually overlay semantics surfacing.

I will provide:
- Kernel version and the overlay mount line (`lowerdir`, `upperdir`, `workdir`, options)
- The symptom: a deleted file reappears, free space lies, copy-up explodes disk usage, permissions look wrong, or `EXDEV`/`ESTALE` errors
- Whether the backing fs is ext4/xfs/btrfs and whether it's a container runtime managing the overlay

Investigate methodically:

1. **Reconstruct the stack** — from the mount options, draw the layer order (lowerdirs are read-only and right-to-left precedence, upperdir is the writable layer, workdir is private scratch). Most confusion comes from misreading layer precedence.

2. **Whiteouts & opaque dirs** — explain how a deletion becomes a character-device whiteout (`0/0`) in the upper layer and how an opaque dir (`trusted.overlay.opaque`) hides a lower dir entirely. Show how to inspect them with `getfattr -d -m - --absolute-names` and why a "reappearing" file means the whiteout is missing or the lower changed.

3. **Copy-up forensics** — show that modifying any lower file triggers a full copy-up into upperdir; diagnose runaway upper growth with `du` on upperdir and identify which large files got copied up needlessly (often log/db files baked into a lower layer).

4. **ENOSPC / inode lies** — clarify that `df` on the merged mount reflects the *backing* filesystem of upperdir, not the lowers; a "full disk" inside a container is the upper's backing fs. Check inodes separately.

5. **EXDEV / metacopy / redirect_dir** — explain `EXDEV` on rename across layers, and how `metacopy=on` and `redirect_dir=on` change behavior (and can break older kernels or rsync-style tools).

6. **workdir rules** — why workdir must be empty, on the *same* filesystem as upperdir, and never shared; symptoms when these are violated.

7. **Verify** — reproduce the issue with a minimal hand-rolled `mount -t overlay` and confirm the fix.

For each step give the exact command, what the xattrs/whiteouts should look like, and the precedence rule in play. End with root cause and the minimal mount-option or layout change that fixes it.

Bias toward: explaining precedence and copy-up explicitly, inspecting xattrs over guessing, and reproducing with a minimal manual overlay.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week