From fb75774a43d91824b6a03e63a0c65a689a85dbae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Rod=C3=A1k?= Date: Fri, 15 May 2026 09:22:44 +0200 Subject: [PATCH] Document tmpcopyup default behavior for tmpfs mounts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related to: https://github.com/containers/podman/issues/28684 Signed-off-by: Jan Rodák --- docs/source/markdown/options/mount.md | 4 ++++ docs/source/markdown/options/tmpfs.md | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/docs/source/markdown/options/mount.md b/docs/source/markdown/options/mount.md index 2421b50ec5..5fbb01c142 100644 --- a/docs/source/markdown/options/mount.md +++ b/docs/source/markdown/options/mount.md @@ -116,10 +116,14 @@ Options specific to type=**tmpfs** and **ramfs**: - *tmpcopyup*: Enable copyup from the image directory at the same location to the tmpfs/ramfs. Used by default. +When the tmpfs destination is inside a volume or bind mount, files from the parent mount are also copied into the tmpfs, so the parent content remains visible. Use **notmpcopyup** to mount an empty tmpfs that shadows the parent mount's subtree. + - *noatime*: Disable updating file access times when the file is read. - *notmpcopyup*: Disable copying files from the image to the tmpfs/ramfs. +Use this option when mounting a tmpfs inside a volume or bind mount to ensure the tmpfs properly shadows the parent mount's subtree. + - *U*, *chown*: *true* or *false* (default if unspecified: *false*). Set the uid and gid options for the tmpfs filesystem based on the UID and GID of the container. This is **not** recursive. Options specific to type=**devpts**: diff --git a/docs/source/markdown/options/tmpfs.md b/docs/source/markdown/options/tmpfs.md index 0426c89c78..ba055b889a 100644 --- a/docs/source/markdown/options/tmpfs.md +++ b/docs/source/markdown/options/tmpfs.md @@ -20,3 +20,14 @@ This command mounts a **tmpfs** at _/tmp_ within the container. The supported mo options are the same as the Linux default mount flags. If no options are specified, the system uses the following options: **rw,noexec,nosuid,nodev**. + +By default, Podman enables **tmpcopyup** on tmpfs mounts, which copies the contents +of the underlying image directory into the tmpfs before mounting it. This also +applies when the tmpfs destination is inside a volume or bind mount: files from +the parent mount are copied into the tmpfs, so the parent content remains visible. +To mount an empty tmpfs that shadows a parent mount's subtree, use the +**notmpcopyup** option: + +``` +$ podman <> --volume myvolume:/data --tmpfs /data/sub:notmpcopyup my_image +```