apple
diff --git a/‎Makefile‎
Lines changed: 2 additions & 1 deletion b/‎Makefile‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎Package.swift‎
Lines changed: 2 additions & 0 deletions b/‎Package.swift‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎Sources/Containerization/AttachedFilesystem.swift‎
Lines changed: 4 additions & 4 deletions b/‎Sources/Containerization/AttachedFilesystem.swift‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎Sources/Containerization/HTTP2ConnectBufferingHandler.swift‎
Lines changed: 90 additions & 0 deletions b/‎Sources/Containerization/HTTP2ConnectBufferingHandler.swift‎
Lines changed: 90 additions & 0 deletions
diff --git a/‎Sources/Containerization/Image/ImageStore/ImageStore+Export.swift‎
Lines changed: 2 additions & 2 deletions b/‎Sources/Containerization/Image/ImageStore/ImageStore+Export.swift‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎Sources/Containerization/LinuxContainer.swift‎
Lines changed: 41 additions & 4 deletions b/‎Sources/Containerization/LinuxContainer.swift‎
Lines changed: 41 additions & 4 deletions
@@ -123,10 +123,11 @@ endif
 .PHONY: init
 init: containerization vminitd
 	@echo Creating init.ext4...
-	@rm -f bin/init.rootfs.tar.gz bin/init.block
+	@rm -f bin/init.rootfs.tar.gz bin/init.block bin/initfs.ext4
 	@./bin/cctl rootfs create \
 		--vminitd vminitd/bin/vminitd \
 		--vmexec vminitd/bin/vmexec \
+		--ext4 ./bin/initfs.ext4 \
 		--label org.opencontainers.image.source=https://github.com/apple/containerization \
 		--image vminit:latest \
 		bin/init.rootfs.tar.gz
 
@@ -269,6 +269,8 @@ package.targets.append(
         dependencies: [
             .product(name: "Logging", package: "swift-log"),
             .product(name: "ArgumentParser", package: "swift-argument-parser"),
+            .product(name: "NIOCore", package: "swift-nio"),
+            .product(name: "NIOPosix", package: "swift-nio"),
             "Containerization",
         ],
         path: "Sources/Integration"
 
@@ -29,14 +29,14 @@ public struct AttachedFilesystem: Sendable {
     public var options: [String]
 
     public init(mount: Mount, allocator: any AddressAllocator<Character>) throws {
-        switch mount.type {
-        case "virtiofs":
+        switch mount.runtimeOptions {
+        case .virtiofs:
             let name = try hashMountSource(source: mount.source)
             self.source = name
-        case "ext4":
+        case .virtioblk:
             let char = try allocator.allocate()
             self.source = "/dev/vd\(char)"
-        default:
+        case .shared, .any:
             self.source = mount.source
         }
         self.type = mount.type
 
@@ -0,0 +1,90 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2026 Apple Inc. and the Containerization project authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+import ContainerizationError
+import GRPCCore
+import GRPCNIOTransportCore
+import NIOCore
+import NIOPosix
+
+/// Buffers incoming bytes until the full gRPC HTTP/2 pipeline is configured, then replays them.
+///
+/// This prevents the race condition where the vminitd server's initial HTTP/2 SETTINGS frame
+/// arrives and is discarded before `configureGRPCClientPipeline` has finished installing
+/// `ClientConnectionHandler`.
+///
+/// The handler is added via `ClientBootstrap.channelInitializer`, which runs before
+/// `registerAlreadyConfigured0` adds the fd to epoll/kqueue — guaranteeing it is in place
+/// before any bytes can arrive on the socket.
+///
+/// When `NIOHTTP2Handler` is added to the pipeline (inside `configureGRPCClientPipeline`), its
+/// `handlerAdded` fires an outbound flush (the HTTP/2 client preface). We intercept that flush
+/// and schedule a deferred removal via the event loop. Because `configureGRPCClientPipeline` runs
+/// as a single synchronous event loop task, the deferred removal is guaranteed to run after that
+/// entire task completes — i.e., after `ClientConnectionHandler` is also in the pipeline.
+/// Buffered bytes are replayed atomically as part of the pipeline removal.
+
+// FIXME: This handler is needed until the swift GRPC libraries offers us a way to create a
+// client transport from an existing fd. Remove this type when such an API exists.
+public final class HTTP2ConnectBufferingHandler: ChannelDuplexHandler, RemovableChannelHandler {
+    public typealias InboundIn = ByteBuffer
+    public typealias InboundOut = ByteBuffer
+    public typealias OutboundIn = ByteBuffer
+    public typealias OutboundOut = ByteBuffer
+
+    private var removalScheduled = false
+    private var bufferedReads: [NIOAny] = []
+
+    public init() {}
+
+    public func channelRead(context: ChannelHandlerContext, data: NIOAny) {
+        bufferedReads.append(data)
+    }
+
+    public func channelReadComplete(context: ChannelHandlerContext) {
+        // Suppress while buffering; a single readComplete is emitted after replay.
+    }
+
+    public func flush(context: ChannelHandlerContext) {
+        if !removalScheduled {
+            removalScheduled = true
+            // Defer removal to the next event loop task. configureGRPCClientPipeline runs as a
+            // single synchronous event loop task, so this deferred task is guaranteed to run
+            // after that whole task completes (including ClientConnectionHandler being added).
+            context.eventLoop.assumeIsolatedUnsafeUnchecked().execute {
+                context.pipeline.syncOperations.removeHandler(self, promise: nil)
+            }
+        }
+        context.flush()
+    }
+
+    public func removeHandler(context: ChannelHandlerContext, removalToken: ChannelHandlerContext.RemovalToken) {
+        var didRead = false
+        while !bufferedReads.isEmpty {
+            context.fireChannelRead(bufferedReads.removeFirst())
+            didRead = true
+        }
+        if didRead {
+            context.fireChannelReadComplete()
+        }
+        context.leavePipeline(removalToken: removalToken)
+    }
+
+    public func channelInactive(context: ChannelHandlerContext) {
+        bufferedReads.removeAll()
+        context.fireChannelInactive()
+    }
+}
@@ -40,7 +40,7 @@ extension ImageStore {
         }
 
         @discardableResult
-        public func export(index: Descriptor, platforms: (Platform) -> Bool) async throws -> Descriptor {
+        public func export(index: Descriptor, platforms: (Platform) -> Bool, filter: (Descriptor) -> Bool = { _ in true }) async throws -> Descriptor {
             var pushQueue: [[Descriptor]] = []
             var current: [Descriptor] = [index]
             while !current.isEmpty {
@@ -61,7 +61,7 @@ extension ImageStore {
             try await withThrowingTaskGroup(of: Void.self) { group in
                 for layerGroup in pushQueue.reversed() {
                     for chunk in layerGroup.chunks(ofCount: 8) {
-                        for desc in chunk {
+                        for desc in chunk.filter(filter) {
                             guard let content = try await self.contentStore.get(digest: desc.digest) else {
                                 throw ContainerizationError(.notFound, message: "content with digest \(desc.digest)")
                             }
 
@@ -246,6 +246,24 @@ public final class LinuxContainer: Container, Sendable {
         mutating func setErrored(error: Swift.Error) {
             self = .errored(error)
         }
+
+        func vm(_ operation: String) throws -> any VirtualMachineInstance {
+            switch self {
+            case .created(let state):
+                return state.vm
+            case .started(let state):
+                return state.vm
+            case .paused(let state):
+                return state.vm
+            case .errored(let err):
+                throw err
+            default:
+                throw ContainerizationError(
+                    .invalidState,
+                    message: "failed to \(operation): container must be created, running, or paused"
+                )
+            }
+        }
     }
 
     private let vmm: VirtualMachineManager
@@ -590,12 +608,16 @@ extension LinuxContainer {
                     // For every interface asked for:
                     // 1. Add the address requested
                     // 2. Online the adapter
-                    // 3. If a gateway IP address is present, add the default route.
+                    // 3. For the first interface, add the default route
+                    var defaultRouteSet = false
                     for (index, i) in self.interfaces.enumerated() {
                         let name = "eth\(index)"
                         self.logger?.debug("setting up interface \(name) with address \(i.ipv4Address)")
                         try await agent.addressAdd(name: name, ipv4Address: i.ipv4Address)
                         try await agent.up(name: name, mtu: i.mtu)
+                        if defaultRouteSet {
+                            continue
+                        }
                         if let ipv4Gateway = i.ipv4Gateway {
                             if !i.ipv4Address.contains(ipv4Gateway) {
                                 self.logger?.debug("gateway \(ipv4Gateway) is outside subnet \(i.ipv4Address), adding a route first")
@@ -606,6 +628,7 @@ extension LinuxContainer {
                             self.logger?.debug("no gateway for \(name)")
                             try await agent.routeAddDefault(name: name, ipv4Gateway: nil)
                         }
+                        defaultRouteSet = true
                     }
 
                     // Setup /etc/resolv.conf and /etc/hosts if asked for.
@@ -818,7 +841,7 @@ extension LinuxContainer {
     }
 
     /// Send a signal to the container.
-    public func kill(_ signal: Int32) async throws {
+    public func kill(_ signal: Signal) async throws {
         try await self.state.withLock {
             let state = try $0.startedState("kill")
             try await state.process.kill(signal)
@@ -874,7 +897,7 @@ extension LinuxContainer {
                 agent: agent,
                 vm: startedState.vm,
                 logger: self.logger,
-                onDelete: { [weak self] in
+                onDelete: { [weak self = self] in
                     await self?.removeProcess(id: id)
                 }
             )
@@ -911,7 +934,7 @@ extension LinuxContainer {
                 agent: agent,
                 vm: state.vm,
                 logger: self.logger,
-                onDelete: { [weak self] in
+                onDelete: { [weak self = self] in
                     await self?.removeProcess(id: id)
                 }
             )
@@ -931,6 +954,20 @@ extension LinuxContainer {
         }
     }
 
+    /// Provides scoped access to the underlying virtual machine instance.
+    ///
+    /// Most users should prefer the higher level APIs on ``LinuxContainer``
+    /// directly. This is intended for advanced use cases that need to interact
+    /// with the virtual machine outside of the container abstraction.
+    public func withVirtualMachineInstance<T: Sendable>(
+        _ fn: @Sendable (any VirtualMachineInstance) async throws -> T
+    ) async throws -> T {
+        let vm = try await self.state.withLock { state in
+            try state.vm("withVirtualMachineInstance")
+        }
+        return try await fn(vm)
+    }
+
     /// Close the containers standard input to signal no more input is
     /// arriving.
     public func closeStdin() async throws {