When a copy up of a directory occurs which has the opaque xattr set, the xattr
remains in the upper directory. The immediate behavior with overlayfs is that
the upper directory is not treated as opaque, however after a remount the
opaque flag is used and upper directory is treated as opaque. This causes
files created in the lower layer to be hidden. The expected behavior is that
once an opaque directory is copied up, the opaque flag is removed.

This only impacts mounts which have multiple lower directories. Docker recently
added a new implementation of the overlay driver which uses multiple lower 
directories and manifests this bug.

How to reproduce
#!/bin/sh
cd $(mktemp -d)
mkdir -p lower1/lib
touch lower1/lib/hidden
mkdir -p lower2/lib
touch lower2/lib/not-hidden
setfattr -n trusted.overlay.opaque -v y lower2/lib
mkdir upper
mkdir work
mkdir merged
mount -t overlay overlay -o lowerdir=lower2:lower1,upperdir=upper,workdir=work merged
ls merged/lib # only "not-hidden"
touch merged/lib/newfile
ls merged/lib # both "not-hidden" and "newfile"
getfattr -n trusted.overlay.opaque upper/lib # shows xattr is set
umount merged
mount -t overlay overlay -o lowerdir=lower2:lower1,upperdir=upper,workdir=work merged
ls merged/lib # only "newfile", expected "not-hidden" as well
umount merged

Discovered by
https://github.com/docker/docker/issues/25244

Working patch
https://github.com/dmcgowan/linux/commit/7fb53fb84640d16cf043500e304f4e28a9619b4e