Skip to content

runsc/boot: add per-mount directfs opt-out#13099

Open
shayonj wants to merge 1 commit intogoogle:masterfrom
shayonj:s/per-mount-directfs
Open

runsc/boot: add per-mount directfs opt-out#13099
shayonj wants to merge 1 commit intogoogle:masterfrom
shayonj:s/per-mount-directfs

Conversation

@shayonj
Copy link
Copy Markdown
Contributor

@shayonj shayonj commented May 6, 2026
edited
Loading

The --directfs flag is global: when enabled, every gofer mount in the
sandbox includes the "directfs" option, which causes the sentry to
require a host FD for the mount root from the gofer's Mount RPC reply.
Custom gofer servers that back virtual or network-backed filesystems
(e.g. a blob-store-backed volume gofer) cannot donate such an FD and
must currently disable --directfs globally to coexist with the stock
gofer, losing the directfs performance benefit on every other mount.

This PR adds a new "directfs" key to the
dev.gvisor.spec.mount..* mount annotation. When set to "off", the
sentry suppresses the directfs mount option for that mount only,
regardless of the global --directfs setting. The default ("on" or
unset) preserves current behavior.

Plumbing reuses the existing MountHint mechanism in runsc/boot. The
rootfs path passes no mount hint to goferMountData and is therefore
unaffected and the annotation only applies to submounts that are matched by
mount source. The opt-out is applied on the sentry mount-data path, so
a stock gofer may still donate a mount-root FD when --directfs is
enabled globally, but the sentry will not use directfs for an opted-out
mount.

Tests cover annotation parsing, including invalid values that are
ignored without dropping the rest of the hint, and goferMountData
behavior across the global directfs and per-mount opt-out combinations.

This does not change checkpoint or restore mechanics directly, but it
can reduce first-exec latency after restore in mixed custom-gofer
sandboxes. A custom mount can stay on the LisaFS RPC path while rootfs
and ordinary bind mounts continue to use directfs for binary, library,
and cache reads.

Fixes #13098.

@shayonj
runsc/boot: add per-mount directfs opt-out
4583775 
The --directfs flag is global: when enabled, every gofer mount in the
sandbox includes the "directfs" option, which causes the sentry to
require a host FD for the mount root from the gofer's Mount RPC reply.
Custom gofer servers that back virtual or network-backed filesystems
cannot donate such an FD and must currently disable --directfs globally,
losing the directfs performance benefit on every other mount.

Add a new "directfs" key to the dev.gvisor.spec.mount.<NAME>.*
mount annotation. When set to "off", the sentry suppresses the directfs
mount option for that mount only, regardless of the global --directfs
setting. The default ("on" or unset) preserves current behavior.

Plumbing reuses the existing MountHint mechanism in runsc/boot. The
rootfs path passes no mount hint to goferMountData and is therefore
unaffected; the annotation only applies to submounts that are matched by
mount source.

Tests cover annotation parsing and goferMountData behavior across the
global directfs and per-mount opt-out combinations.

Fixes google#13098
@shayonj shayonj force-pushed the s/per-mount-directfs branch from 7619e00 to 4583775 Compare May 6, 2026 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow directfs to be disabled for individual gofer mounts

1 participant

@shayonj