diff options
| author | Nicolas Lacasse <nlacasse@google.com> | 2018-08-14 16:24:46 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-08-14 16:25:58 -0700 |
| commit | e8a4f2e133c3a7fb4a2dceb6675ebc57ea4f7350 (patch) | |
| tree | c95b1a34bbf725905ea6afa5a74e52982abaff28 /runsc/main.go | |
| parent | d4939f6dc22e5607cf2ff8d2a9eb1178e47b0a22 (diff) | |
runsc: Change cache policy for root fs and volume mounts.
Previously, gofer filesystems were configured with the default "fscache"
policy, which caches filesystem metadata and contents aggressively. While this
setting is best for performance, it means that changes from inside the sandbox
may not be immediately propagated outside the sandbox, and vice-versa.
This CL changes volumes and the root fs configuration to use a new
"remote-revalidate" cache policy which tries to retain as much caching as
possible while still making fs changes visible across the sandbox boundary.
This cache policy is enabled by default for the root filesystem. The default
value for the "--file-access" flag is still "proxy", but the behavior is
changed to use the new cache policy.
A new value for the "--file-access" flag is added, called "proxy-exclusive",
which turns on the previous aggressive caching behavior. As the name implies,
this flag should be used when the sandbox has "exclusive" access to the
filesystem.
All volume mounts are configured to use the new cache policy, since it is
safest and most likely to be correct. There is not currently a way to change
this behavior, but it's possible to add such a mechanism in the future. The
configurability is a smaller issue for volumes, since most of the expensive
application fs operations (walking + stating files) will likely served by the
root fs.
PiperOrigin-RevId: 208735037
Change-Id: Ife048fab1948205f6665df8563434dbc6ca8cfc9
Diffstat (limited to 'runsc/main.go')
| -rw-r--r-- | runsc/main.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/runsc/main.go b/runsc/main.go index 10ae44b5e..b36100cca 100644 --- a/runsc/main.go +++ b/runsc/main.go @@ -57,7 +57,7 @@ var ( // Flags that control sandbox runtime behavior. platform = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm") network = flag.String("network", "sandbox", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.") - fileAccess = flag.String("file-access", "proxy", "specifies which filesystem to use: proxy (default), direct. Using a proxy is more secure because it disallows the sandbox from opennig files directly in the host.") + fileAccess = flag.String("file-access", "proxy-exclusive", "specifies which filesystem to use: proxy-exclusive (default), proxy-shared, or direct. Using a proxy is more secure because it disallows the sandbox from opening files directly in the host. Setting 'proxy-shared' will disable caches and should be used if external modifications to the filesystem are expected.") overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.") multiContainer = flag.Bool("multi-container", false, "enable *experimental* multi-container support.") watchdogAction = flag.String("watchdog-action", "log", "sets what action the watchdog takes when triggered: log (default), panic.") @@ -119,6 +119,10 @@ func main() { cmd.Fatalf("%v", err) } + if *fileAccess == "proxy" && *overlay { + cmd.Fatalf("overlay flag is incompatible with file-access=proxy") + } + // Create a new Config from the flags. conf := &boot.Config{ RootDir: *rootDir, |