6

I found a very unusual behaviour about the root file system / on modern macOS which are now all using the Apple propriatary file system APFS.

With a basic set of filesystems defined through the Big Sur installation as follows:

### 18:04 noether:/ # mount | grep disk1 /dev/disk1s5s1 on / (apfs, sealed, local, read-only, journaled) /dev/disk1s4 on /System/Volumes/VM (apfs, local, noexec, journaled, noatime, nobrowse) /dev/disk1s2 on /System/Volumes/Preboot (apfs, local, journaled, nobrowse) /dev/disk1s6 on /System/Volumes/Update (apfs, local, journaled, nobrowse) /dev/disk1s1 on /System/Volumes/Data (apfs, local, journaled, nobrowse) /dev/disk1s5 on /Volumes/noether 1 250 Go 1 (apfs, sealed, local, journaled, nobrowse) ### 18:04 noether:/ #

I discovered that at the base of this file system, i.e. in / directly there are files which belongs to the / FS when some other belongs to the /System/Volumes/Data FS:

### 18:14 noether:/ # ffs -------------------------------------------- file volume -------------------------------------------- .file / .vol / Applications /System/Volumes/Data Library /System/Volumes/Data System / Users /System/Volumes/Data Volumes /System/Volumes/Data bin / cores /System/Volumes/Data dev /dev etc /System/Volumes/Data home opt /System/Volumes/Data private /System/Volumes/Data sbin / tmp /System/Volumes/Data usr / var /System/Volumes/Data ### 18:14 noether:/ #

( where ffs is a small shell script¹ printing the FS a file belongs to in the working directory ).

How is this possible when there is only one FS which can be mounted on / and some of these files are symbolic links toward /System/Volumes/Data ( like home ) but some others are plain directories ( like opt and private ):

### 18:20 noether:/ # ls -alt total 18 drwxr-xr-x 19 root wheel 608 Aug 3 18:50 Volumes drwxrwxr-x 32 root admin 1024 Aug 3 12:33 Applications drwxr-xr-x 15 root admin 480 Jul 19 15:54 Users lrwxr-xr-x 1 root wheel 25 Jul 13 23:22 home -> /System/Volumes/Data/home dr-xr-xr-x 3 root wheel 8886 Jul 13 23:22 dev drwxr-xr-x 15 root wheel 480 Mar 26 21:47 opt drwxr-xr-x 71 root wheel 2272 Jan 20 2024 Library drwxr-xr-x 20 root wheel 640 Jan 1 2020 . drwxr-xr-x 20 root wheel 640 Jan 1 2020 .. lrwxr-xr-x 1 root admin 36 Jan 1 2020 .VolumeIcon.icns -> System/Volumes/Data/.VolumeIcon.icns ---------- 1 root admin 0 Jan 1 2020 .file drwxr-xr-x 2 root wheel 64 Jan 1 2020 .vol drwxr-xr-x@ 9 root wheel 288 Jan 1 2020 System drwxr-xr-x@ 38 root wheel 1216 Jan 1 2020 bin drwxr-xr-x 2 root wheel 64 Jan 1 2020 cores lrwxr-xr-x@ 1 root wheel 11 Jan 1 2020 etc -> private/etc drwxr-xr-x 6 root wheel 192 Jan 1 2020 private drwxr-xr-x@ 65 root wheel 2080 Jan 1 2020 sbin lrwxr-xr-x@ 1 root wheel 11 Jan 1 2020 tmp -> private/tmp drwxr-xr-x@ 11 root wheel 352 Jan 1 2020 usr lrwxr-xr-x@ 1 root wheel 11 Jan 1 2020 var -> private/var ### 18:20 noether:/

I know that this cannot work on any Unix. This can only be related to APFS special features.

I am digging inside the Apple documentation about this anomaly.

¹) ffs source:

#!/bin/sh printf "--------------------------------------------\n%-20s\t%-32s\n--------------------------------------------\n" "file" "volume" for _file in .* * ; do if [ -e ${_file} ] ; then _volume=`df ${_file} | awk '/dev/ { print $NF}'` printf "%-20s\t%-32s\n" "${_file}" "${_volume}" fi done
Improve this question
0

1 Answer 1

Reset to default
10

An APFS filesystem can consist of multiple volumes, each of which has its own mount point. Each volume appears as a separate block device, but they all use the same disk space. A macOS installation has a root volume, a Data volume and a few others that contain non-user-serviceable files. The root volume is read-only except when doing maintenance (such as jailbreaking, restoring backups or upgrading the base OS).

Several directories of the root filesystem need to be modifiable in day-to-day use. All of these directories are in the Data volume. In order to make this as transparent as possible, those directories appear as actual directories: they are seen as directories by stat(2) and ls(1), and pwd -P does not expand them further. However, under the hood, they are not directories, but firmlinks, which are intermediate between hard links and symbolic links. They are directional, unlike hard links. But they are pointers to a specific entry in the same filesystem rather than to a named path, unlike symbolic links. Firmlinks are new in macOS 10.15 Catalina.

See How to find firmlinks. I can't find a utility that reveals whether a given directory is actually a firmlink. You can see the list of firmlinks from the root volume to the Data volume that are supposed to be present on your system in /usr/share/firmlinks.

Improve this answer
1
  • This volume grouping with the appearance of a uniq name space is only applied to a very special set: the / and the /System/Volumes/Data. This is implemented with the APFS concept of "Volume Group" in ΑppIe wording, and the file, outside of the FS internal , you named: /usr/share/firmlinks Commented Aug 7, 2024 at 7:04

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.