Skip to content

LinuxContainer/LinuxPod: Single file support #487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dcantah merged 1 commit into from
Jan 23, 2026
Merged

LinuxContainer/LinuxPod: Single file support #487

dcantah merged 1 commit into from
Jan 23, 2026
+598 −6

Conversation

@dcantah
Copy link
Contributor

@dcantah dcantah commented Jan 22, 2026
edited
Loading

Fixes #79

This adds support for single file (virtiofs based) mounts to the two main container types. This is transparent, and doesn't need to be setup by a user, so there is no visible API change. Virtiofs does not support single file mounts today, and it would be less than ideal from a security standpoint to just expose the parent directory of the file to the vm and then bind mount in the file, so we chose the following:

  1. Create a temp directory the container types will manage.
  2. Hardlink in the file we want.
  3. Share that tempdir into the vm.
  4. Finally bind mount in the file into the container.

The main goal I wanted for this is to leave the logic out of the VirtualMachineInstance. I really want this to just be a little dance the container types do, and leave the vm out of it. Because of that, most of the logic is shoved in a new FileMountContext type that does the dirty tricks of rewriting what the user asked for to be a bind mount from a temporary holding spot we'll use in the guest for these temp directories.

One of the downsides to this is today the tempdirs are solely on the main volume, so cross volume will need to copy the file to the tempdir, so writes won't get written back.

@dcantah @dcoulstock @JaewonHur
LinuxContainer/LinuxPod: Single file support
62a0614 
This adds support for single file (virtiofs based) mounts
to the two main container types. This is transparent, and
doesn't need to be setup by a user, so there is no visible
API change. Virtiofs does not support single file mounts today,
and it would be less than ideal from a security standpoint to
just expose the parent directory of the file to the vm and then
bind mount in the file, so we chose the following:

1. Create a temp directory the container types will manage.
2. Hardlink in the file we want.
3. Share that tempdir into the vm.
4. Finally bind mount in the file into the container.

The main goal I wanted for this is to leave the logic out of the
`VirtualMachineInstance`. I really want this to just be a little dance
the container types do, and leave the vm out of it. Because of that,
most of the logic is shoved in a new `FileMountContext` type that
does the dirty tricks of rewriting what the user asked for to be
a bind mount from a temporary holding spot we'll use in the guest
for these temp directories.

One of the downsides to this is today the tempdirs are solely on the
main volume, so cross volume will need to copy the file to the
tempdir, so writes won't get written back.

Co-authored-by: Dean Coulstock <d_coulstock@apple.com>
Co-authored-by: Jaewon Hur <hurjaewon@snu.ac.kr>
@dcantah dcantah force-pushed the support-single-file-mounts branch from fe68317 to 62a0614 Compare January 22, 2026 23:19
jglogan
jglogan reviewed Jan 22, 2026
View reviewed changes
jglogan
jglogan reviewed Jan 22, 2026
View reviewed changes
jglogan
jglogan approved these changes Jan 23, 2026
View reviewed changes
Sources/Containerization/FileMount.swift
try FileManager.default.linkItem(at: resolvedSource, to: destURL)
} catch {
// Hardlink failed. Fall back to copy
try FileManager.default.copyItem(at: resolvedSource, to: destURL)
Copy link
Contributor

@jglogan jglogan Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might want our documentation on Mount to state that the caller is responsible for determining whether cross-filesystem mounts are present.

For "caller == container" we'd want to warn the user in the case that their single file mount won't actually propagate guest writes through to the host file.

@dcantah dcantah merged commit 1a01741 into apple:main Jan 23, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jglogan jglogan jglogan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Single file mount support

2 participants

@dcantah @jglogan