gofer: add pluggable provider interface for custom filesystem backends #12950
Open
shayonj wants to merge 1 commit intogoogle:masterfrom
Open
gofer: add pluggable provider interface for custom filesystem backends #12950shayonj wants to merge 1 commit intogoogle:masterfrom
shayonj wants to merge 1 commit intogoogle:masterfrom
Conversation
Contributor
Author
|
Just to get this on your radar @ayushr2 and @EtiennePerot . This depends on #12923, hence the added commit from there. The more relevant piece of proposal is this commit - f0bb46f. Happy to also start a design discussion in Github issues if that seems more fitting. No rush and appreciate your time. |
shayonj
force-pushed
the
s/gofer-backend-v2
branch
from
f0bb46f to
c56e256
Compare
shayonj
force-pushed
the
s/gofer-backend-v2
branch
3 times, most recently
from
a61ff57 to
6eed079
Compare
Building a custom gofer (e.g. for network-backed storage, encrypted filesystems, or tiered caches) currently requires forking the runsc binary and copying/maintaining unexported setup and seccomp code. This adds a Provider interface that lets custom filesystem backends register with the stock gofer and serve LisaFS connections for specific mounts without forking. The interface follows the socket.Provider pattern: NewServer returns (nil, nil) to decline a mount, and the first registered provider that returns a non-nil server handles it. NewServer receives the sandbox's OCI runtime spec so providers can read per-mount configuration from spec.Annotations (endpoints, volume keys, auth modes) without a side-channel. Stock fsgofer remains the default when no provider claims a mount. SeccompRules lets providers declare additional syscalls, merged via filter.Rules() before installation. Zero behavior change when no providers are registered: the stock fsgofer path runs unchanged, identical to today. This follows the same pattern as the network plugin (config.NetworkPlugin): inactive when not configured, no impact on the default path. New package runsc/gofer/provider defines the Provider interface and registration. The gofer command (runsc/cmd/gofer.go) iterates registered providers for each mount before falling through to fsgofer. The seccomp filter (runsc/fsgofer/filter) gains InstallWithExtra for merging provider rules with the stock allowlist. Also adds documentation in g3doc/user_guide/filesystem.md and pkg/lisafs/README.md describing how to use the provider interface. Depends on google#12923 (GoferMountConf in specutils).
shayonj
force-pushed
the
s/gofer-backend-v2
branch
from
6eed079 to
0d024ed
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Building a custom gofer (e.g. for network-backed storage, encrypted filesystems, or tiered caches) currently requires forking the runsc binary and copying/maintaining unexported setup and seccomp code. This adds a
Providerinterface that lets custom filesystem backends register with the stock gofer and serve LisaFS connections for specific mounts without forking.This PR establishes the extension point itself. Example custom gofers (a minimal in-memory "hello", etc.) and a fuller custom-gofer guide can be follow up as separate PRs that depend on this one.
The interface follows the
socket.Providerpattern where theNewServerreturns(nil, nil)to decline a mount, and the first registered provider that returns a non-nil server handles it.NewServerreceives the sandbox's OCI runtime spec and the specific*specs.Mountbeing served, so providers can read sandbox-wide configuration fromspec.Annotations(endpoints, auth modes) and per-mount configuration from the mount itself (Source,Type,Options) without a side-channel. Stockfsgoferremains the default when no provider claims a mount. Also,SeccompRuleslets providers declare additional syscalls, merged viafilter.Rules()before installation.There are no behavior changes when no providers are registered which keeps the stock
fsgoferpath runs unchanged. This follows the same pattern as the network plugin (config.NetworkPlugin).Also adds documentation in
g3doc/user_guide/filesystem.mdandpkg/lisafs/README.mddescribing how to use the provider interface.