composefs-backend: Implement bootc usr-overlay

Johan-Liebert1 · Johan-Liebert1 · commit 57441395e203 · 2025-09-24T14:19:43.000+05:30
Similar to ostree, mount a transient overlayfs on /usr

Signed-off-by: Pragyan Poudyal &lt;pragyanpoudyal41999@gmail.com&gt;
diff --git a/crates/initramfs/src/lib.rs b/crates/initramfs/src/lib.rs
@@ -179,7 +179,9 @@ fn overlay_state(base: impl AsFd, state: impl AsFd, source: &str) -> Result<()>
     mount_at_wrapper(fs, base, ".").context("Moving mount")
 }
 
-fn overlay_transient(base: impl AsFd) -> Result<()> {
+/// Mounts a transient overlayfs with passed in fd as the lowerdir
+#[context("Mounting transient overlayfs")]
+pub fn overlay_transient(base: impl AsFd) -> Result<()> {
     overlay_state(base, prepare_mount(mount_tmpfs()?)?, "transient")
 }
 
diff --git a/crates/lib/src/bootc_composefs/state.rs b/crates/lib/src/bootc_composefs/state.rs
@@ -2,10 +2,14 @@ use std::os::unix::fs::symlink;
 use std::{fs::create_dir_all, process::Command};
 
 use anyhow::{Context, Result};
+use bootc_initramfs_setup::overlay_transient;
 use bootc_kernel_cmdline::utf8::Cmdline;
 use bootc_mount::tempmount::TempMount;
+use bootc_mount::{mnt_point_details, run_findmnt};
 use bootc_utils::CommandRunExt;
 use camino::Utf8PathBuf;
+use cap_std_ext::cap_std::ambient_authority;
+use cap_std_ext::cap_std::fs_utf8::Dir;
 use cap_std_ext::{cap_std, dirext::CapStdExtDirExt};
 use composefs::fsverity::{FsVerityHashValue, Sha256HashValue};
 use fn_error_context::context;
@@ -163,3 +167,29 @@ pub(crate) fn write_composefs_state(
 
     Ok(())
 }
+
+pub(crate) fn composefs_usr_overlay() -> Result<()> {
+    let findmnt_rs = run_findmnt(&[], None)?;
+    let root_mnt = findmnt_rs
+        .filesystems
+        .iter()
+        .next()
+        .ok_or(anyhow::anyhow!("Failed to get root mount"))?;
+
+    let usr_mnt = mnt_point_details("/usr", root_mnt);
+
+    if let Some(usr_mnt) = usr_mnt {
+        if usr_mnt.fstype == "overlay" {
+            println!("A writeable overlayfs is already mounted on /usr");
+            return Ok(());
+        }
+    }
+
+    let usr = Dir::open_ambient_dir("/usr", ambient_authority())?;
+    overlay_transient(usr)?;
+
+    println!("A writeable overlayfs is now mounted on /usr");
+    println!("All changes there will be discarded on reboot.");
+
+    Ok(())
+}
diff --git a/crates/lib/src/cli.rs b/crates/lib/src/cli.rs
@@ -31,8 +31,9 @@ use serde::{Deserialize, Serialize};
 
 #[cfg(feature = "composefs-backend")]
 use crate::bootc_composefs::{
-    finalize::composefs_native_finalize, rollback::composefs_rollback, status::composefs_booted,
-    switch::switch_composefs, update::upgrade_composefs,
+    finalize::composefs_native_finalize, rollback::composefs_rollback,
+    state::composefs_usr_overlay, status::composefs_booted, switch::switch_composefs,
+    update::upgrade_composefs,
 };
 use crate::deploy::RequiredHostSpec;
 use crate::lints;
@@ -1283,7 +1284,17 @@ async fn run_from_opt(opt: Opt) -> Result<()> {
             Ok(())
         }
         Opt::Edit(opts) => edit(opts).await,
-        Opt::UsrOverlay => usroverlay().await,
+        Opt::UsrOverlay => {
+            #[cfg(feature = "composefs-backend")]
+            if composefs_booted()?.is_some() {
+                composefs_usr_overlay()
+            } else {
+                usroverlay().await
+            }
+
+            #[cfg(not(feature = "composefs-backend"))]
+            usroverlay().await
+        }
         Opt::Container(opts) => match opts {
             ContainerOpts::Lint {
                 rootfs,
diff --git a/crates/mount/src/mount.rs b/crates/mount/src/mount.rs
@@ -115,6 +115,27 @@ pub fn is_source_mounted(path: &str, mounted_fs: &Filesystem) -> bool {
     false
 }
 
+// Recursively check a given filesystem to see if it contains an already mounted target
+// Returns the mount details
+pub fn mnt_point_details<'a>(
+    mount_point: &'a str,
+    mounted_fs: &'a Filesystem,
+) -> Option<&'a Filesystem> {
+    if mounted_fs.target == mount_point {
+        return Some(mounted_fs);
+    }
+
+    if let Some(ref children) = mounted_fs.children {
+        for child in children {
+            if let Some(details) = mnt_point_details(mount_point, child) {
+                return Some(details);
+            }
+        }
+    }
+
+    None
+}
+
 /// Mount a device to the target path.
 pub fn mount(dev: &str, target: &Utf8Path) -> Result<()> {
     Command::new("mount")

Original file line number	Diff line number	Diff line change
`@@ -179,7 +179,9 @@ fn overlay_state(base: impl AsFd, state: impl AsFd, source: &str) -> Result<()>`
`179`	`179`	`mount_at_wrapper(fs, base, ".").context("Moving mount")`
`180`	`180`	`}`
`181`	`181`
`182`		`-fn overlay_transient(base: impl AsFd) -> Result<()> {`
	`182`	`+/// Mounts a transient overlayfs with passed in fd as the lowerdir`
	`183`	`+#[context("Mounting transient overlayfs")]`
	`184`	`+pub fn overlay_transient(base: impl AsFd) -> Result<()> {`
`183`	`185`	`overlay_state(base, prepare_mount(mount_tmpfs()?)?, "transient")`
`184`	`186`	`}`
`185`	`187`