From 1bee2561425fb4af2a64433618cf000acf37c319 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Tue, 28 Jan 2025 13:48:01 +0000
Subject: [PATCH] docs: clarify unmaintained status of overlayfs in
 configure.ac (#6632)

Since users are still asking about it (see #6631).

Relates to #2799 #4178.
---
 configure    | 11 ++++++++++-
 configure.ac | 11 ++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 0a7fbce792..c57dcc642b 100755
--- a/configure
+++ b/configure
@@ -4248,7 +4248,16 @@ then :
 
 fi
 
-# overlayfs features temporarily disabled pending fixes
+# The --overlay and related options are not supported anymore due to security
+# concerns (see CVE-2021-26910 and #4178), issues on newer kernels (see #2799)
+# and overall lack of interest in fixing and maintaining them.
+#
+# Support is unlikely to be restored for the foreseeable future unless someone
+# picks up the work, as it would require auditing the overlayfs code to ensure
+# that it is secure and that it works properly.
+#
+# It is highly recommended to leave this option disabled; the overlayfs code
+# that remains is only intended for testing/debugging purposes.
 HAVE_OVERLAYFS=""
 
 #AC_ARG_ENABLE([overlayfs],
diff --git a/configure.ac b/configure.ac
index 38428d5bc6..59efa8a193 100644
--- a/configure.ac
+++ b/configure.ac
@@ -129,7 +129,16 @@ AS_IF([test "x$enable_dbusproxy" != "xno"], [
 	HAVE_DBUSPROXY="-DHAVE_DBUSPROXY"
 ])
 
-# overlayfs features temporarily disabled pending fixes
+# The --overlay and related options are not supported anymore due to security
+# concerns (see CVE-2021-26910 and #4178), issues on newer kernels (see #2799)
+# and overall lack of interest in fixing and maintaining them.
+#
+# Support is unlikely to be restored for the foreseeable future unless someone
+# picks up the work, as it would require auditing the overlayfs code to ensure
+# that it is secure and that it works properly.
+#
+# It is highly recommended to leave this option disabled; the overlayfs code
+# that remains is only intended for testing/debugging purposes.
 HAVE_OVERLAYFS=""
 AC_SUBST([HAVE_OVERLAYFS])
 #AC_ARG_ENABLE([overlayfs],