Container runtimes use bind mounts on BTRFS filesystems, so tracking the source directory is trivial - it's provided in the dev_name argument. However, it's not that easy with overlayfs - in that case, dev_name is overlay and the source path is provided in options, which end up in the data argument.
Checking the data argument (of type *void with the page size) is trickier and requires more work.
Container runtimes use bind mounts on BTRFS filesystems, so tracking the source directory is trivial - it's provided in the
dev_nameargument. However, it's not that easy with overlayfs - in that case,dev_nameisoverlayand the source path is provided in options, which end up in thedataargument.Checking the
dataargument (of type*voidwith the page size) is trickier and requires more work.