fsgofer: add extension interface for custom backends#13216
Merged
Conversation
Building a custom gofer (e.g. for network-backed storage, encrypted filesystems, or tiered caches) currently requires forking the runsc binary and copying/maintaining unexported setup and seccomp code. This adds an Extension interface that lets custom filesystem backends register with the stock gofer and serve LisaFS connections for specific mounts without forking. The interface follows the socket.Provider-style registration pattern: NewConnection returns a nil lisafs.ConnectionImpl to decline a mount, and the first registered extension that returns a non-nil implementation handles it. NewConnection receives the sandbox's OCI runtime spec, the specific mount being served, the resolved mount path, and readonly state, so extensions can read sandbox-wide configuration from spec.Annotations and per-mount configuration from the mount itself without a side-channel. Stock fsgofer remains the default when no extension claims a mount. All mounts still share one lisafs.Server; extensions only choose the per-connection lisafs.ConnectionImpl and lisafs.ConnectionOpts now supported by lisafs.Server.CreateConnection. SeccompRules lets extensions declare additional syscalls, merged with the stock allowlist before installation. Zero behavior change when no extensions are registered: the stock fsgofer path runs unchanged, identical to today. This follows the same pattern as the network plugin: inactive when not configured, no impact on the default path. New package runsc/fsgofer/extension defines the Extension interface and registration. The gofer command iterates registered extensions for each mount before falling through to fsgofer. The seccomp filter install path accepts extra rules for merging extension rules with the stock allowlist. Also adds documentation in g3doc/user_guide/filesystem.md and pkg/lisafs/README.md describing how to use the extension interface.
copybara-service
Bot
force-pushed
the
test/cl918225708
branch
2 times, most recently
from
8c4dc0b to
ee7cb50
Compare
PiperOrigin-RevId: 918523699
copybara-service
Bot
force-pushed
the
test/cl918225708
branch
from
ee7cb50 to
a2521a9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fsgofer: add extension interface for custom backends
Building a custom gofer (e.g. for network-backed storage, encrypted filesystems, or tiered caches) currently requires forking the runsc binary and copying/maintaining unexported setup and seccomp code. This adds an
Extensioninterface that lets custom filesystem backends register with the stock gofer and serve LISAFS connections for specific mounts without forking.This builds on #13180, which moved LISAFS implementation selection and connection options to the connection. With that in place, custom backends can plug into the stock gofer without creating separate
lisafs.Serverinstances. All mounts continue to share onelisafs.Server, preserving the server-side filesystem tree and synchronization across stock and extension-backed mounts.Registered extensions are queried in order for each mount.
NewConnectionreturns a nillisafs.ConnectionImplto decline a mount, and the first extension that returns a non-nil implementation handles it.NewConnectionreceives the sandbox's OCI runtime spec, the specific*specs.Mountbeing served, the resolved mount path, and readonly state, so extensions can read sandbox-wide configuration fromspec.Annotationsand per-mount configuration from the mount itself without a side channel.Stock
fsgoferremains the default when no extension claims a mount. Extensions only choose the per-connectionlisafs.ConnectionImplandlisafs.ConnectionOptsnow supported bylisafs.Server.CreateConnection.SeccompRuleslets extensions declare additional syscalls, merged with the stock gofer allowlist before installation.There are no behavior changes when no extensions are registered.
Also adds documentation in
g3doc/user_guide/filesystem.mdandpkg/lisafs/README.mddescribing how to use the extension interface.FUTURE_COPYBARA_INTEGRATE_REVIEW=#12950 from shayonj:s/gofer-backend-v2 7139233