Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Lite My Fuse: File System in User Space

Steven Lembark
PRO
July 21, 2022
Technology
0
7

Lite My Fuse: File System in User Space

The FUSE filesystem allows users to mount all sorts of storage and "filesystems" for per-process use. Obvious uses are encrypted filesystems or remote storage, but accessing a phone or camera, layered filesystems, or even an XML document as a tree are available. The "User" space makes the FUSE systems especially flexible and easy to use since they don't require superuser access to install into the kernel.

This talk describes the basics of *NIX filesystems, how FUSE fits into the system, and gives a few examples of using the filesystems.

Steven Lembark
PRO

July 21, 2022
Tweet

More Decks by Steven Lembark

See All by Steven Lembark
calendar-tables.pdf
lembark
PRO
0
3
Evolution of OOP: mro for EVERY::LAST one of us!
lembark
PRO
0
42
The $path to Knowlege: What little it takes to test perl.
lembark
PRO
0
42
Climbing a Tree: Refactoring FindBin::libs for Raku
lembark
PRO
0
120
Raku Memory Manglement: Checking yourself out.
lembark
PRO
0
41
Benchmarks: Avoding Lies & Damn Lies
lembark
PRO
0
5
Why you ever meta data you didn’t like: Standardized testing without copies.
lembark
PRO
0
4
Raku Regexen: Reducing line noise in your code.
lembark
PRO
0
13
Smoke & Mirrors: Containerizing Perl Testing
lembark
PRO
0
7

Other Decks in Technology

See All in Technology
バクラクのAI-OCR機能の体験を支える良質なデータセット作成の仕組み / data-centric-ai-bakuraku-dataset
yuya4
1
530
Exadata Database Cloud (Exadata Cloud Service) サービス技術詳細
oracle4engineer
PRO
0
29k
「無料・容量無制限でアップロード」を 支える みてねのコスト削減術
mixi_engineers
PRO
0
250
ウォンテッドリーの5年間に渡る推薦システムの変遷
hakubishin3
0
620
組織の立ち上げと体制変更の1年
tarappo
2
920
よくわかるフォルシアのエンジニア 旅行プラットフォーム部編
forcia_dev_pr
0
210
金融系子会社でレガシーシステムしか作ったことないけど、モダン開発に挑戦してみた
marikashiotsuki
1
120
「エンジニアリングで運用を改善する」ためのAmazon CloudWatch活用
mitsuaki96
1
860
AWS Direct Connectと愉快なGWたちのおさらい
minorun365
5
1.1k
応用から学ぶ強化学習
nearme_tech
0
210
失敗から学ぶQA組織
taro_nanairo
1
290
Riverpodに機能追加したときの話
k9i
4
300

Featured

See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
The Invisible Customer
myddelton
113
12k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.4k
In The Pink: A Labor of Love
frogandcode
133
21k
The Illustrated Children's Guide to Kubernetes
chrisshort
26
44k
Code Review Best Practice
trishagee
53
12k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
50k
The Cult of Friendly URLs
andyhume
70
5.2k
Rebuilding a faster, lazier Slack
samanthasiow
70
7.7k
GraphQLとの向き合い方2022年版
quramy
23
11k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
110
17k
Into the Great Unknown - MozCon
thekraken
6
490

Transcript

  1. FUSE:
    Being where you aren't, seeing what I can't.
    Steven Lembark
    Workhorse Computing
    [email protected]

    View Slide

  2. In the beginning was System7
    And it was good... enough.
    One big innovation: mount points.
    No device names, just "absolute paths"
    One "filesystem" to rule them all.

    View Slide

  3. I nodes, you nodes, we all need...
    Another innovation: "node" vs "link".
    Directory is a flat file of inodes + names.
    "Inode" has ownership, mods, allocation.
    Allows for symlinks.

    View Slide

  4. Directory as indirection.
    One aside...

    View Slide

  5. Directory as indirection.
    Directories
    Directories
    are
    are
    not
    not
    Folders
    Folders

    View Slide

  6. UNIX Directories
    Dir contents are universal.
    dirent = basename -> inode

    View Slide

  7. UNIX Directories
    Dir contents are universal.
    dirent = basename -> inode
    “link”

    View Slide

  8. UNIX Directories
    Inodes defined by filesystem.
    Owner, group, mods, size, type...
    Can vary by filesystem type.

    View Slide

  9. UNIX Directories
    Inodes defined by filesystem.
    Owner, group, mods, size, type...
    Can vary by filesystem type.
    stat( inode ) returns data.

    View Slide

  10. UNIX Directories
    Inodes defined by filesystem.
    Owner, group, mods, size, type...
    Can vary by filesystem type.
    stat can be expensive.

    View Slide

  11. Directory as indirection.
    Filesystem requires kernel support.
    Indirection across physical devices.

    View Slide

  12. Directory as indirection.
    Filesystem requires kernel support.
    Hey, what about remote devices?
    NFS extended "inode" to "vnode".
    ”virtual node”

    View Slide

  13. "vnode" abstracts device
    Replace single "filesystem".
    More OO-ish: vnode has "handler".
    Allows for multiple filesystem types.
    Semantics are specific to handler.

    View Slide

  14. One thing didn't change
    Q: What do: LVM, NFS, XFS, BTRFS,
    F2FS, ext2, ext3, ext4, proc, sysfs, tmpfs
    have in common?

    View Slide

  15. One thing didn't change
    Q: What do: LVM, NFS, XFS, BTRFS,
    F2FS, ext2, ext3, ext4, proc, sysfs, tmpfs
    have in common?
    A: /etc/fstab
    The only way to get there from here.

    View Slide

  16. /etc/fstab makes mounts SU-only
    Only SU can "mount" or "umount".
    "users" allows mounting by non-SU
    UID's.
    Only at locations defined by /etc/fstab.
    Defined by SU.

    View Slide

  17. Getting personal
    Some filesystems are personal:
    Only make sense to one UID at a time.
    Possibly only one process.
    Examples:
    Encryption.
    Access via ssh.

    View Slide

  18. Breaking the tyranny: FUSE
    "fusermount" allows non-SU mounts.
    May be private to process or UID
    mounting.
    May be invisible to other proc's or UIDS.

    View Slide

  19. A bit of indirection
    "Normal" mounts go into the kernel.
    FUSE mounts come back out again:

    View Slide

  20. View Slide

  21. Available for any number of systems
    Fuse for FreeBSD
    Fuse4X (now merged with OSXFuse.)
    MacFUSE
    OSXFuse successor to MacFUSE
    Dokan Windows user mode
    NetBSD starting with NetBSD-6.0
    MINIX 3 starting with version 3.2.0

    View Slide

  22. Example: sshfs
    Replace NFS with ssh.
    Secure.
    Less chatty: single mountpoint.
    User mounts in their own space.

    View Slide

  23. Example: sshfs
    ssh connection is specific to a process.
    Or process group.
    sshfs not well suited to general mounts.

    View Slide

  24. Mounting sshfs
    Step 1: Make sure ssh works.
    $ ssh-add;
    $ ssh jeeves;
    [email protected] ~ $

    View Slide

  25. Executing sshfs mount
    One approach: /etc/fstab.
    Saves remembering it all.
    Fine for a desktop: only one user.

    View Slide

  26. /etc/fstab entry for sshfs
    jeeves:/images /mnt/remote/images \
    fuse.sshfs \
    user,noauto,nonempty,reconnect 0 0
    Filesytem type "fuse.sshfs"
    Delegates mount.
    "users" allows non-SU mount.

    View Slide

  27. Do it manually
    "sshfs" is user-land mount utility:
    $ sshfs jeeves:/var/tmp /var/tmp/11061/
    $ sshfs -u jeeves:/var/tmp /var/tmp/11061/

    View Slide

  28. Make it magical
    afuse is a userland automounter:
    $ afuse -o mount_template='sshfs \
    -o ServerAliveInterval=10 \
    -o reconnect %r:/ %m' \
    -o unmount_template= \
    'fusermount -u -z \ %m' ~/mnt/ssh ;

    View Slide

  29. FUSE mounts are private
    Non-SU proc's mount for themselves.
    sshfs option: "allow_other".
    Makes mounts visible to other users.
    Without even SU cannot see contents.

    View Slide

  30. Hide your porn
    encfs == encrypted FUSE.
    Passphrase required to mount volume.
    SU cannot access deciphered content.
    SU can back up enciphered space.

    View Slide

  31. Example: My notebook
    ~lembark/.bash_profile:
    cd /var/tmp;
    /opt/bin/extmount $HOME;
    cd $HOME;
    exec bash --login

    View Slide

  32. It takes two to tango
    Or mount encfs: one enciphered, one not.
    drwxr-s--- 71 lembark lembark 12288 Mar
    9 17:56 lembark
    drwxr-s--- 71 lembark lembark 12288 Mar
    9 17:56 .lembark

    View Slide

  33. The enchpered portion is visible to others
    But not very useful:
    $ ls -1
    total 262689
    0d9jdsFuZmhxlsqwQ7GMV,Pt
    0KvCQ2RXsi2YTGe7K0G3OHtG
    0NzQCAtLUiL1XTAfFjzPfBID
    ...

    View Slide

  34. Mounting the encfs
    #!/bin/bash
    mount=${1-$HOME};
    shadow=$(dirname $mount)/.$(basename $mount);
    /usr/bin/encfs –ondemand \
    --extpass=/opt/bin/extpass -i 60 $shadow \
    $mount -o nonempty ;

    View Slide

  35. Getting the password
    Encfs wants md5, not text.
    Fix: Grab the input and output md5_hex:
    #!/bin/perl
    my $phrase = shift || acquire_password;
    say md5_base64 $phrase;

    View Slide

  36. Backing up
    # ls /home/lembark
    ls: cannot access /home/lembark:
    Permission denied
    SU can back up /home/.lembark.
    Backups are enciphered.

    View Slide

  37. More examples
    adbfs Android via USB.
    CloudFusion DropBox, Google Drive...
    fuse-archive Read-only compressed.
    gphotofs Mount a camera.
    s3fs AWS S3 as a filesytem

    View Slide

  38. Bedside Reading
    The Design and Implementation of the
    4.3BSD UNIX Operating System
    Sam Leffler, Kirk McKusick, Michael
    Karels & John Quartermann.
    1989, Addison-Wesley. ISBN 0-201-06196-1.

    View Slide

  39. Bedside Reading
    https://www.usenix.org/legacy/events/
    usenix99/full_papers/zadok/zadok.pdf
    Extending File Systems Using Stackable
    Templates

    View Slide

  40. Bedside Reading
    https://github.com/pcarrier/afuse/
    Userland fuse automounter.

    View Slide

  41. Bedside Reading
    $ man mount.sshfs;
    $ man -k encfs;

    View Slide

  42. Bedside Reading
    https://wiki.archlinux.org/title/FUSE
    Nice list of fuse systems.

    View Slide