search

therontarigo / freebsd-user-namespace

Userspace Filesystem Namespace
Other
4 stars 0 forks source link

Unioning directories (like unionfs) #1

Open probonopd opened 2 years ago

probonopd commented 2 years ago

Is unioning directories possible?

I would like to union directories over /, e.g., I have /some/path/to/app/usr/local/bin/myapp and I would like to blend /some/path/to/app/ with / so that if the real /some/path/to/app/ does not contain myapp it would still show up there.

Currently this is probably possible by constructing a long FILEPATHMAP by hand that takes care of each and every file, but it would much easier if one could say "merge /some/path/to/app/ with / recursively. As a result, /some/path/to/app/usr/local/bin/myapp should be available at /usr/local/bin/myapp.

Possible?

My use case: Making application bundles without having to recompile application binaries.

Using the "real" unionfs is not possible in my use case for two reasons:

  1. It requires root permissions, which is not desirable for my use case
  2. Unioning over / does not work because /some/path/to/app is inside /
therontarigo commented 2 years ago

I would like to union directories over /, e.g., I have /some/path/to/app/usr/local/bin/myapp and I would like to blend /some/path/to/app/ with / so that if the real /some/path/to/app/ does not contain myapp it would still show up there.

Do you mean "so that if the real /usr/local/bin/ does not contain myapp it would still show" ?

The "real" unionfs, besides requiring root, is incomplete and dangerous. Some of the challenges with its implementation unfortunately also exist in a userspace implementation.

Currently the approach of UserNS is to translate paths independently of filesystem contents before passing full control to the system call with no further intervention. Unioning will require a tighter coupling, either by a retry-on-failure mechanism on a list of possible target paths or by checking file existence in the path mapper itself. The latter option also involves a redesign as path mapping will need to return opened file descriptors instead of paths to avoid introducing time-of-check to time-of-use inconsistencies. That is ultimately the better solution as it will facilitate compatibility of this project with a true sandbox such as https://github.com/unrelentingtech/capsicumizer.

Currently this is probably possible by constructing a long FILEPATHMAP by hand

This should be constructed programmatically from a bundle's manifest or by walking the directory. This is a potentially more performant solution than unioning as it allows each resolution to occur in userspace rather than making a failed attempt to open /some/path/to/app/usr/systemfile for every file provided by the system and not by the app (or, depending on layer order, for every file provided by the app after first checking it does not exist at the literal path).

probonopd commented 2 years ago

Do you mean "so that if the real /usr/local/bin/ does not contain myapp it would still show" ?

Correct.