On Wed, Mar 19, 2025 at 12:59:31PM -0400, Theodore Ts'o wrote: > On Wed, Mar 19, 2025 at 10:55:39AM -0400, Demi Marie Obenour wrote: > > What kind of performance do the existing solutions (libguestfs, lklfuse) > > have? > > For most of the use cases that I'm aware of, which is to support > occasional file transfers through crappy USB thumb drives (the kind > which a nation state actor would to scatter in the parking lot of > their target), the performance doesn't really matter. Certainly these > are the ones which apply for the Android and ChromeOS use cases. Would this have sufficient performance for backups? > I suppose there is the use case of people who are running Adobe > Lightroom Classic on their Macbook Air where they are using an > external SSD because Apple's storage pricing is highway robbery, but > (a) it's MacOS, not Linux, and (b) this is arguably a much smaller > percentage of the use case cases in terms of millions and millions of > Android and Chrome Users. Most of the more naive Mac users probably > just pay $$$ to Apple and don't use external storage anyway. :-) > > > There are other options, like "run the filesystem in a tightly sandboxed > > userspace process, especially compiled through WebAssembly". The > > difficulty is making them sufficiently performant for distributions to > > actually use them. > > I suspect that using a kernel file system running in a guest VM and > then making it available via 9pfs would be far more performant than > something involving FUSE. But the details would all be in the > implementation, and the skill level of the engineer doing the work. Why do you suspect this? I'm genuinely curious, especially because my understanding is that virtiofs (which uses the FUSE protocol internally) is considered faster than 9pfs. > I'll also note that since you are mentioning Chrome OS and Android a > lot, there seems to be a lot of interest in using VM's as a security > boundary (see CrosVM[1] which is a Rust-based VMM). So it's likely > that this infrastructure would be available to you if you are doing > work in this area. > > [1] https://github.com/google/crosvm The need to resort to virtualization as a security boundary makes me wonder if Linux is designed for outdated threat models and security paradigms. Sadly, changing the threat model would be extremely expensive today. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
Attachment:
signature.asc
Description: PGP signature
