This is referring to https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt, section "Changes to underlying filesystems": "Changes to the underlying filesystems while part of a mounted overlay filesystem are not allowed. If the underlying filesystem is changed, the behavior of the overlay is undefined, though it will not result in a crash or deadlock." Practice shows that changes done to the currently active system will usually not be visible to the update environment, but there's no guarantee. In the worst case it may happen that files from the live system that were changed after snapshot creation could be visible during an update already. It should be added that those files would be visible on next boot anyway, but it may influence e.g. scripts that don't expect the different contents. (Example: A package gets a major version update with a new configuration file; after package installation a script tries to customize some values; while the package was installing the same configuration file was changed in the live environment; if the file leaked into the update environment the customization script may operate on the wrong version of the configuration file.) Unfortunately there is currently no way to formalize the behavior. My original thought to use overlay snapshots (https://github.com/amir73il/overlayfs/wiki/Snapshots-HOWTO) also won't work, as those have the same limitation.