Re: Deprecating smbfs(5) and removing it before FreeBSD 14
- In reply to: David Chisnall : "Re: Deprecating smbfs(5) and removing it before FreeBSD 14"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 29 Oct 2021 15:27:27 UTC
On Fri, Oct 29, 2021 at 11:59:40AM +0100, David Chisnall wrote: > On 28/10/2021 16:26, Shawn Webb wrote: > > I wonder if providing a 9pfs client would be > > a good step in helping deprecate smbfs. > > Note: WSL2 uses 9p-over-VMBus, but most of the Linux world is moving away > from 9p-over-VirtIO to FUSE-over-VirtIO. This has a few big advantages: > > - The kernel already has solid FUSE support so this isn't a completely new > code path. > > - FUSE is designed around POSIX filesystem semantics, 9p isn't and this > mismatch causes problems in places. > > - FUSE filesystems can be exposed almost directly to the guest. For > example, if you have a networked filesystem you can run the FUSE FS in an > unprivileged userspace process and remove the entire host kernel storage > stack from the attack surface for the guest. > > - FUSE allows exposing buffer cache pages. The FUSE-over-VirtIO mechanism > makes it fairly easy to expose read-only root filesystem images to guests. > > The last point is especially important for container workloads where you may > have hundreds of containers in lightweight VMs on a single node all using > the same base layer. That's really cool. I hadn't heard about FUSE-over-VirtIO before. Thanks for the info! -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc