Share filesystem between Firecracker guest and Ubuntu host systems?

[petermp79]

Hello,

Wonder if there are any guidelines for creating share filesystem between the guess and ubuntu host system?

[ad-m]

Do you think that a special approach to the Firecracker virtual machine is necessary in this case?

[dhrgit]

There's currently no way of sharing a filesystem between the microvm and the host. I.e. Firecracker requires exclusive access to the files it's using as disk devices.

This feature has been the topic of recent discussions, but its addition is not on the roadmap.

[petermp79]

I guess we can use nfs or samba for now. Thank for your clarification. I was looking at traditional QEMU/virt-manager but it looks confusing for microvm.

On Fri, Jan 25, 2019 at 5:39 AM Dan Horobeanu ***@***.***> wrote: There's currently no way of sharing a filesystem between the microvm and the host. I.e. Firecracker requires exclusive access to the files it's using as disk devices. This feature has been the topic of recent discussions, but its addition is not on the roadmap. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#889 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AqMrcvlDJl_6TsG5XDs5MLPWJI95CzFZks5vGwkmgaJpZM4aR-25> .

-- ================================================================ Confidentiality Notice: This communication and any attachments are intended solely for the addressee(s) named above and may contain confidential and legally privileged information. Unauthorized use, disclosure or copying is prohibited. If you have received this communication in error, please notify the sender immediately by replying to this communication and then deleting it from your system. Thank you. This electronic communication is covered by the Electronic Communications Privacy Act of 1986, Codified at 18 U.S.C. §§ 1367, 2510-2521, 2701-2710, 3121-3126.Also, see: http://www.ftc.gov/privacy/glbact/glbsub1.htm - Gramm-Leach-Bliley Act 15 USC, Subchapter I, Sec. 6801-6809

[raduweiss]

We currently think that, for Firecracker, the additional risk of exposing a complex file system virtualization attack surface is not really warranted by the use cases we've seen so far.

However, this may change as we understand more of what real-world container workloads actually need in order to seamlessly to within VM isolation. We're getting feedback there from the Kata Container & firecracker-containerd folks.

So real-world use-cases that don't have a simple alternative implementation will weight a lot in this discussion.

Finally, there's also the option of doing this via rust-vmm a new drive to build some common virtualization components in Rust. Eventually, most of Firecracker will be made up of rust-vmm crates, and then groups that want Firecracker + filesystem virtualization, could create / consume all appropriate rust-vmm crates and roll their own. But this is just a vision that the community is starting to work towards right now, it will take some time to come to fruition.

I'm closing the issue now, feel free to re-open if you want to continue the conversation 😄.

[raduweiss]

We'll be looking at this as part of #1180.

[Mart-Bogdan]

For ones who are interested in this. SSH can be used to transfer viles in/out of vm using scp or rsync.

Also if really needed to have fs mounted inside, sshd on host can be set up and fuse-ssh used inside to create mount. Well you can mount internal to vm FS into host this way as well.

I for now just use KDE's built in sftp support in Dolphin ssh://123.11.11.11 . I guess Gnome has similar feature.