Description
--directfs is currently a sandbox-wide setting. When it is enabled, runsc adds the directfs mount option to every gofer-backed mount, and the sentry expects the gofer’s Mount RPC to return a host file descriptor for each mount root.
That works for the stock gofer, but it makes directfs hard to use with custom gofer backends that serve virtual or network-backed filesystems. Those backends may not have a real host directory to donate for a particular mount, even though the rest of the sandbox could safely use directfs. Today, the practical workaround is to disable --directfs globally, which also disables it for rootfs and ordinary bind mounts that would otherwise benefit from it.
Is this feature related to a specific bug?
No specific bug. This comes up when mixing stock gofer mounts with custom gofer mounts in the same sandbox.
Do you have a specific solution in mind?
Add a per-mount opt-out using the existing mount hint annotations, for example:
dev.gvisor.spec.mount.<NAME>.directfs: "off"
When this annotation is set to off, runsc would suppress the directfs gofer mount option for that mount only, even if --directfs is enabled globally. The default behavior would remain unchanged. Mounts without the annotation would continue to use directfs whenever the global flag is enabled.
The implementation could also accept on as the explicit default value, but the main feature request is the off opt-out.
Description
--directfsis currently a sandbox-wide setting. When it is enabled, runsc adds thedirectfsmount option to every gofer-backed mount, and the sentry expects the gofer’sMountRPC to return a host file descriptor for each mount root.That works for the stock gofer, but it makes directfs hard to use with custom gofer backends that serve virtual or network-backed filesystems. Those backends may not have a real host directory to donate for a particular mount, even though the rest of the sandbox could safely use directfs. Today, the practical workaround is to disable
--directfsglobally, which also disables it for rootfs and ordinary bind mounts that would otherwise benefit from it.Is this feature related to a specific bug?
No specific bug. This comes up when mixing stock gofer mounts with custom gofer mounts in the same sandbox.
Do you have a specific solution in mind?
Add a per-mount opt-out using the existing mount hint annotations, for example:
dev.gvisor.spec.mount.<NAME>.directfs: "off"When this annotation is set to
off, runsc would suppress thedirectfsgofer mount option for that mount only, even if--directfsis enabled globally. The default behavior would remain unchanged. Mounts without the annotation would continue to use directfs whenever the global flag is enabled.The implementation could also accept
onas the explicit default value, but the main feature request is theoffopt-out.