Red Hat engineers Alexander Larsso and Giuseppe Scrivano Announcing the development of a new Linux kernel filesystem “Composefs”, Composefs is a new opportunistically-sharing and verifiableread onlyFile system.
In simple terms, composefs is a way to build and use read only images in a way similar to squashfs images using loopback. But apart from that, composefs has two new features: it allows file data to be shared between images (on disk and in the page cache), and second it has dm-verity-like read verification.
squashfs is a compressed read-only file system based on the Linux kernel. It can compress the entire file system or a single directory into a read-only file, and then store it in a device, partition or ordinary file.
If you zip the file into a device, you can mount the image, and if it’s just a file, you can use it as a loopback device.
At present, Composefs has two suitable initial use cases. The first one is to use opportunistic sharing for the podman container layer: use composefs mount as the lower-level directory in the overlay mount, and the upper-level directory is the container working directory. Composefs allows any two images File-level disk and page caches are automatically shared between .
The second is to use the composefs validation feature in the ostree project. Ostree uses content-addressable object storage, but it is currently referenced by hardlink fields. The object store and the tree that references it will require signing and verification at download time, but there will be no verification at runtime. Runtime validation can be achieved if you replace the hardlink farm with a composefs image pointing to an existing object store.
There are now six RFC patches implementing Composefs’ kernel driver, while Composefs’ userspace tools are on GitHub at composefs repository for development.
For more details, please check the announcement email.
#Red #Hat #Engineers #Develop #Composefs #Linux #Filesystem