Stay organized with collections
Save and categorize content based on your preferences.
This page provides an overview of the Container-Optimized OS file system
and describes how to mount and format disks.
File system
The Container-Optimized OS node image file system layout is optimized to
enhance node security. The boot disk space is split into three types of
partitions:
Root partition, which is mounted as read-only.
Stateful partitions, which are writable and stateful.
Stateless partitions, which are writable but the contents do not persist
across reboots.
When using Container-Optimized OS, be aware of the partitioning if you run
your own services that have certain expectations about the file system layout
outside of containers.
The root file system is mounted as read-only to protect system integrity.
However, home directories and /mnt/stateful_partition are persistent and
writable.
Working with the Container-Optimized OS file system
The following is a list of paths in the Container-Optimized OS node image file
system, along with their properties and recommended usage:
Path
Properties
Purpose
/
read-only
executable
The root filesystem is mounted as read-only to maintain integrity. The
kernel verifies integrity root filesystem during boot up, and refuses to boot
in case of errors.
/home
/var
writable
non-executable
stateful
These paths are meant for storing data that persists for the lifetime of
the boot disk. They are mounted from /mnt/stateful_partition.
/var/lib/google
/var/lib/docker
/var/lib/toolbox
writable
executable
stateful
These paths are working directories for Compute Engine packages (for example, the
accounts manager service), Docker, and Toolbox
respectively.
/var/lib/cloud
writable
executable
stateless
tmpfs
This path is the working directory of the cloud-init package.
/etc
writable
executable
stateless
tmpfs
Typically holds your configuration (for example,
systemd services defined via cloud-init).
It's a good idea to capture the desired state of your instances in
cloud-init, as cloud-init is applied when an
instance is newly created as well as when an instance is
restarted.
/tmp
writable
non-executable
stateless
tmpfs
Typically used as a scratch space and should not be used to store
persistent data.
/mnt/disks
writable
executable
stateless
tmpfs
You can mount persistent disks at directories under /mnt/disks.
The disks can be mounted by creating a subdirectory under /mnt/disks
directory. Since /etc/ is stateless on Container-Optimized OS, you
cannot use /etc/fstab to automatically fsck (file system consistency check)
and mount the disks on boot. But you can achieve the same by doing those
operations from the bootcmd section in your
cloud-config.
The following example mounts the disk DEVICE_ID
under the /mnt/disks directory.
Create a script file using the following contents:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eContainer-Optimized OS uses a file system layout with read-only root, stateful, and stateless partitions to enhance node security.\u003c/p\u003e\n"],["\u003cp\u003eThe root file system is read-only to protect system integrity, but home directories and \u003ccode\u003e/mnt/stateful_partition\u003c/code\u003e are writable and persistent.\u003c/p\u003e\n"],["\u003cp\u003eSpecific paths like \u003ccode\u003e/var/lib/google\u003c/code\u003e, \u003ccode\u003e/var/lib/docker\u003c/code\u003e, and \u003ccode\u003e/var/lib/toolbox\u003c/code\u003e are designated for working directories of certain services, and are stateful.\u003c/p\u003e\n"],["\u003cp\u003ePersistent disks can be attached and mounted under \u003ccode\u003e/mnt/disks\u003c/code\u003e using \u003ccode\u003ecloud-config\u003c/code\u003e scripts, as the \u003ccode\u003e/etc/fstab\u003c/code\u003e method is not available due to the stateless nature of \u003ccode\u003e/etc/\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eYou can use \u003ccode\u003ecloud-init\u003c/code\u003e to handle configuration and mounting of disks on Container-Optimized OS instances, ensuring that configurations are applied on creation and restarts.\u003c/p\u003e\n"]]],[],null,["# Disks and file system overview\n\nThis page provides an overview of the Container-Optimized OS file system\nand describes how to mount and format disks.\n\nFile system\n-----------\n\nThe Container-Optimized OS node image file system layout is optimized to\nenhance node security. The boot disk space is split into three types of\npartitions:\n\n- **Root partition**, which is mounted as read-only.\n- **Stateful partitions**, which are writable and stateful.\n- **Stateless partitions**, which are writable but the contents do not persist across reboots.\n\nWhen using Container-Optimized OS, be aware of the partitioning if you run\nyour own services that have certain expectations about the file system layout\noutside of containers.\n\nThe root file system is mounted as read-only to protect system integrity.\nHowever, home directories and `/mnt/stateful_partition` are persistent and\nwritable.\n\n### Working with the Container-Optimized OS file system\n\n\nThe following is a list of paths in the Container-Optimized OS node image file\nsystem, along with their properties and recommended usage:\n\nMounting and formatting disks\n-----------------------------\n\nYou can attach a persistent disk or create an instance with Local SSDs when using\nContainer-Optimized OS. Follow the instructions on [Formatting and mounting\na persistent disk](/compute/docs/disks/format-mount-disk-linux#format_linux) or\n[Format and mount a local SSD device](/compute/docs/disks/add-local-ssd#formatandmount)\nfor the appropriate use-case.\n\nThe disks can be mounted by creating a subdirectory under `/mnt/disks`\ndirectory. Since `/etc/` is stateless on Container-Optimized OS, you\ncannot use `/etc/fstab` to automatically fsck (file system consistency check)\nand mount the disks on boot. But you can achieve the same by doing those\noperations from the `bootcmd` section in your\n[`cloud-config`](http://cloudinit.readthedocs.io/en/latest/topics/examples.html).\n\nThe following example mounts the disk \u003cvar translate=\"no\"\u003eDEVICE_ID\u003c/var\u003e\nunder the `/mnt/disks` directory.\n\n1. Create a script file using the following contents:\n\n #cloud-config\n\n bootcmd:\n - fsck.ext4 -tvy /dev/\u003cvar translate=\"no\"\u003eDEVICE_ID\u003c/var\u003e\n - mkdir -p /mnt/disks/\u003cvar translate=\"no\"\u003eMNT_DIR\u003c/var\u003e\n - mount -t ext4 -o ... /dev/\u003cvar translate=\"no\"\u003eDEVICE_ID\u003c/var\u003e /mnt/disks/\u003cvar translate=\"no\"\u003eMNT_DIR\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eDEVICE_ID\u003c/var\u003e: the device ID of the disk that you want to format and mount.\n - \u003cvar translate=\"no\"\u003eMNT_DIR\u003c/var\u003e: the directory in which to mount your disk.\n\n Refer to the Linux documentation for a full set of options\n supported by the [`fsck.ext4`](http://man7.org/linux/man-pages/man8/e2fsck.8.html)\n and [`mount`](http://man7.org/linux/man-pages/man8/mount.8.html) commands.\n2. Update the VM metadata to include the script file by using the\n `--metadata-from-file` flag.\n\n To create a VM, use the following command: \n\n gcloud compute instances create \u003cvar translate=\"no\"\u003eINSTANCE_NAME\u003c/var\u003e \\\n --metadata-from-file user-data=\u003cvar translate=\"no\"\u003eSCRIPT_FILE_NAME\u003c/var\u003e\n\n To update an existing instance, use the following command: \n\n gcloud compute instances add-metadata \u003cvar translate=\"no\"\u003eINSTANCE_NAME\u003c/var\u003e \\\n --metadata-from-file user-data=\u003cvar translate=\"no\"\u003eSCRIPT_FILE_NAME\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eINSTANCE_NAME\u003c/var\u003e: the name of your VM instance.\n - \u003cvar translate=\"no\"\u003eSCRIPT_FILE_NAME\u003c/var\u003e: the name of the metadata script file."]]
