clarify that overlayfs is required for ACLs

cvmfs · Feb 21, 2020 · a74b8f0 · a74b8f0
1 parent c82ced5
commit a74b8f0
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/cpt-releasenotes.rst b/cpt-releasenotes.rst
@@ -94,7 +94,11 @@ POSIX ACLs
 This release adds support for storing and enforcing POSIX ACLs. In order to store
 ACLs during publication, simply enable extended attributes by setting
 ``CVMFS_INCLUDE_XATTRS=true`` in the repository's server.conf configuration
-file. In order to enforce ACLs on the client side, set ``CVMFS_ENFORCE_ACLS=true``
+file. Note that ACLs require overlayfs as a union file system; aufs does not
+support storing ACLs. For systems with both aufs and overlayfs installed, the
+``CVMFS_UNION_FS_TYPE`` parameter can be used to select overlayfs.
+
+In order to enforce ACLs on the client side, set ``CVMFS_ENFORCE_ACLS=true``
 in the client configuration. Enforcing POSIX ACLs requires libfuse 3 on the
 client node. If only libfuse 2 is available, the client will refuse to mount
 with enforced ACLs.

diff --git a/cpt-repo.rst b/cpt-repo.rst
@@ -1064,7 +1064,7 @@ Those paths may contain shell wildcards such as asterisk (``*``) and
 question mark (``?``). This is useful for specifying patterns for
 creating nested catalogs as new files are installed. A very good use of
 the patterns is to identify directories where software releases will be
-installed. Manually-placed ``.cvmfscatalog`` files can still be used 
+installed. Manually-placed ``.cvmfscatalog`` files can still be used
 along with ``.cvmfsdirtab``.
 
 In addition, lines in ``.cvmfsdirtab`` that begin with an exclamation
@@ -1609,13 +1609,12 @@ Repositories for Container Images
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Repositories containing Linux container image contents (that is: container root
-file systems) should have the following configuration::
+file systems) should use overlayfs as a union file system and have the following
+configuration::
 
-    CVMFS_IGNORE_SPECIAL_FILES=true
     CVMFS_INCLUDE_XATTRS=true
     CVMFS_VIRTUAL_DIR=true
 
-This ensures that left-over device files in the root file system do not break
-publication on CernVM-FS but instead they get silently dropped.  Extended
-attributes of files, such as file capabilities and SElinux attributes, are
-recorded.  And previous file system revisions can be accessed from the clients.
+Extended attributes of files, such as file capabilities and SElinux attributes,
+are recorded. And previous file system revisions can be accessed from the
+clients.