Date: Fri, 29 Oct 2021 11:27:27 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: David Chisnall <theraven@FreeBSD.org> Cc: freebsd-current@freebsd.org Subject: Re: Deprecating smbfs(5) and removing it before FreeBSD 14 Message-ID: <20211029152727.z2spglz42epu3ftm@mutt-hbsd> In-Reply-To: <157d6222-0a89-230d-8e54-ec0b785af6a3@FreeBSD.org> References: <CAPyFy2CJKxMQQKwD3N=MTe-P4KodN77e3YCEh4z0Ssf9sXWEcQ@mail.gmail.com> <20211028152642.ejvwewkztewotln4@mutt-hbsd> <157d6222-0a89-230d-8e54-ec0b785af6a3@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--4z55ztnv2sz7wolt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 29, 2021 at 11:59:40AM +0100, David Chisnall wrote: > On 28/10/2021 16:26, Shawn Webb wrote: > > I wonder if providing a 9pfs client would be > > a good step in helping deprecate smbfs. >=20 > Note: WSL2 uses 9p-over-VMBus, but most of the Linux world is moving away > from 9p-over-VirtIO to FUSE-over-VirtIO. This has a few big advantages: >=20 > - The kernel already has solid FUSE support so this isn't a completely n= ew > code path. >=20 > - FUSE is designed around POSIX filesystem semantics, 9p isn't and this > mismatch causes problems in places. >=20 > - FUSE filesystems can be exposed almost directly to the guest. For > example, if you have a networked filesystem you can run the FUSE FS in an > unprivileged userspace process and remove the entire host kernel storage > stack from the attack surface for the guest. >=20 > - FUSE allows exposing buffer cache pages. The FUSE-over-VirtIO mechani= sm > makes it fairly easy to expose read-only root filesystem images to guests. >=20 > The last point is especially important for container workloads where you = may > have hundreds of containers in lightweight VMs on a single node all using > the same base layer. That's really cool. I hadn't heard about FUSE-over-VirtIO before. Thanks for the info! --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --4z55ztnv2sz7wolt Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmF8Et0ACgkQ/y5nonf4 4fqmZg/9GFPjdFgnYtr5jS0dvtsTTDdCSg53ZibB+5FGN0+kcixMWn59yeKjZ+uu gho1XaXPeggyirJOGlF8nvvLepBXMvfYWrzEgHhWjNWRygvlDa8ljFwJcrr/D4VM m7ngg4bKGcQwQJ1A65XEVmTBBEPQbOxFE/2aUpHIZYX+K2/a+CGHQ4lJk0jVXJyF cpIS5n6/u9ZNxjF3T9ASOgRoRbodj1sVIRUiP/bcNVMAE8FzFh2poCW3OJI1wTdm F2nSFofwqGaRUg53x66T0ZmI256pE/5hRrHZS48S7YqSHfh8IifA13SORZPkZcq6 xOePWNwaEUZNR9+PpCLEnKDbaGt3vx/e472Wac285iIf2Skwl744aioRkLQlhHau QaPe0/WMGomfoAhDwPVyFBO28rxILAAtm6tQr8GYQA1q32L6dG8B/m0n0ZYo+dzK vgNwN5RNC6roI88NhZt3ppMjZ9+BVguJN/7wk5sfGeaRGnnAl3ocerZFAl/HrPcH sqOjHziOIewPaQxNW6x0iCS/u3iA8of7ubYm/PRXhmYg6xQ/aE8YG7FZmLwq7KnZ 57DFRA12BkxoMfoS7Dp3KGz++RkKKrrxTobfBAF6i5CPBEn5x38rITBfmxyeq/GZ 2ShHqTvnjwmR/0x0XMCc+1kV+0YKtYUuv0+uSqu6dMLYUdrfDiY= =wzY0 -----END PGP SIGNATURE----- --4z55ztnv2sz7wolt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20211029152727.z2spglz42epu3ftm>