diff options
Diffstat (limited to 'g3doc/user_guide/filesystem.md')
| -rw-r--r-- | g3doc/user_guide/filesystem.md | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/g3doc/user_guide/filesystem.md b/g3doc/user_guide/filesystem.md index 50a1c0020..6c69f42a1 100644 --- a/g3doc/user_guide/filesystem.md +++ b/g3doc/user_guide/filesystem.md @@ -4,19 +4,19 @@ gVisor accesses the filesystem through a file proxy, called the Gofer. The gofer runs as a separate process, that is isolated from the sandbox. Gofer instances -communicate with their respective sentry using the 9P protocol. For a more detailed -explanation see [Overview > Gofer](../../architecture_guide/#gofer). +communicate with their respective sentry using the 9P protocol. For a more +detailed explanation see [Overview > Gofer](../../architecture_guide/#gofer). ## Sandbox overlay -To isolate the host filesystem from the sandbox, you can set a writable tmpfs overlay -on top of the entire filesystem. All modifications are made to the overlay, keeping -the host filesystem unmodified. +To isolate the host filesystem from the sandbox, you can set a writable tmpfs +overlay on top of the entire filesystem. All modifications are made to the +overlay, keeping the host filesystem unmodified. > Note: All created and modified files are stored in memory inside the sandbox. -To use the tmpfs overlay, add the following `runtimeArgs` to your Docker configuration -(`/etc/docker/daemon.json`) and restart the Docker daemon: +To use the tmpfs overlay, add the following `runtimeArgs` to your Docker +configuration (`/etc/docker/daemon.json`) and restart the Docker daemon: ```json { @@ -33,17 +33,18 @@ To use the tmpfs overlay, add the following `runtimeArgs` to your Docker configu ## Shared root filesystem -The root filesystem is where the image is extracted and is not generally modified -from outside the sandbox. This allows for some optimizations, like skipping checks -to determine if a directory has changed since the last time it was cached, thus -missing updates that may have happened. If you need to `docker cp` files inside the -root filesystem, you may want to enable shared mode. Just be aware that file system -access will be slower due to the extra checks that are required. +The root filesystem is where the image is extracted and is not generally +modified from outside the sandbox. This allows for some optimizations, like +skipping checks to determine if a directory has changed since the last time it +was cached, thus missing updates that may have happened. If you need to `docker +cp` files inside the root filesystem, you may want to enable shared mode. Just +be aware that file system access will be slower due to the extra checks that are +required. > Note: External mounts are always shared. -To use set the root filesystem shared, add the following `runtimeArgs` to your Docker -configuration (`/etc/docker/daemon.json`) and restart the Docker daemon: +To use set the root filesystem shared, add the following `runtimeArgs` to your +Docker configuration (`/etc/docker/daemon.json`) and restart the Docker daemon: ```json { |