So to elucidate…
-
If I am going to have a single underlying image for /, /etc and /var, I will have to create this diffset based on a fresh installation that I install all the same packages into. At this point it will be pristine and manual changes into the generic will be correct.
-
But if at any later date I want to merge stuff into the underlay the only way to do this is to also repeat changes (package additions etc) on the underlay, and then repeat the difference creation.
-
So I guess the only way to do this is to keep repeating changes. Merging into the underlying rootfs then never happens, all overlays stay the same and only get stuff taken out of that is already present in the underlay, what we do is reduce the overlays, not integrate stuff into the underlay.
-
Then, the underlay image can be one image for /usr etc., and for /etc and /var, as long as I can overlay together existing directories and not just devices (bind mount stuff together), which works just fine.
-
In fact, I can keep a single monolithic overlay as well for each container. But this doesn’t work because I want some directories to be ro and others rw, so you still have rw /, /etc and /var overlays for the main container, and rw /etc/ and /var overlays for the other containers.
-
On the other hand, if you keep this in the same filesystem tree, it will still be one overlay for each container.
-
I mean also that we do integrate into the underlying /etc and /var, but only manually, however sometimes this also changes files in /var.