On 28/10/2021 16:26, Shawn Webb wrote:
I wonder if providing a 9pfs client would be a good step in helping deprecate smbfs.
Note: WSL2 uses 9p-over-VMBus, but most of the Linux world is moving away from 9p-over-VirtIO to FUSE-over-VirtIO. This has a few big advantages:
- The kernel already has solid FUSE support so this isn't a completely new code path.
- FUSE is designed around POSIX filesystem semantics, 9p isn't and this mismatch causes problems in places.
- FUSE filesystems can be exposed almost directly to the guest. For example, if you have a networked filesystem you can run the FUSE FS in an unprivileged userspace process and remove the entire host kernel storage stack from the attack surface for the guest.
- FUSE allows exposing buffer cache pages. The FUSE-over-VirtIO mechanism makes it fairly easy to expose read-only root filesystem images to guests.
The last point is especially important for container workloads where you may have hundreds of containers in lightweight VMs on a single node all using the same base layer.
David
