Hacker News new | ask | show | jobs
by esjeon 1051 days ago
I think it's a gVisor-specific concept. The page says:

> Directfs is a new filesystem access mode that uses these primitives to expose the container filesystem to the sandbox in a secure manner.

So, it's likely this is not a filesystem, but just an implementation detail.
1 comments
dilyevsky 1051 days ago
Yes, it's a gVisor feature. They basically utilize SCM_RIGHTS[0] Linux api to open files from the gofer process outside of sandbox and then pass opened fds into the sandbox.

[0] - https://blog.cloudflare.com/know-your-scm_rights/

link