ViewFS

ViewFS is a module that virtualizes the file system structure, but is currently under development. Its main features are:

• possibility to hide Hiding of files, directories, hierarchies;
• possibility to mode files and directories without affecting the underlying filesystem;
• permissions redefinition;
• copy-on-Write access to files (and subtrees), to allow write access to read-only entities;
• merging of real and virtual directories.

ViewFS allows the user to give a new view of the filesystem to processes: this view is made of some kind of patchwork} of files, taken from the existing filesystem. With this module, potentially dangerous modifications of the filesystem can be tested in a safe virtual environment, because the real filesystem remains intact.

The module viewfs can be added as follows:

 $ um_add_module viewfs

Viewfs has no submodules. It supports four different modes selectable by options: move, merge, cow, mincow.

mode          source tree            existing tree at target dir

move          read-write             (inaccessible)
merge         read-only (EROFS)      read-write (for non-merged files)
cow           read-write             read-only (copied when written)
mincow        read-write             read-write (when permitted)

• -o move files or directories are simply moved across the file system. For example the following sequence hides all the home directroies but one.

 $ ls /home
 otherusr1 otherusr2 v2user
 $ mkdir /tmp/home
 $ mkdir /tmp/home/v2user
 $ um_add_service viewfs
 $ mount -t viewfs -o move /home/v2user /tmp/home/v2user
 $ mount -t viewfs -o move /tmp/home /home
 $ ls /home
 v2user
 $ 

This is the default mode, thus -o move can be omitted.

The test module unreal (see unreal) can be created by viewfs:

 $ mount -t viewfs / /unreal
 $ ls /unreal
 bin   boot .....
 $ ls /unreal/unreal
 ls: cannot access /unreal/unreal: No such file or directory
 $ mount -t viewfs / /unreal
 $ ls /unreal/unreal
 bin   boot .....
 $ ls /unreal/unreal/unreal
 ls: cannot access /unreal/unreal/unreal: No such file or directory
 $

• -o merge viewfs unifies the file system tree of the source file or directory with the tree at the mount point. File and directories in one of the tree are visible in the merged view. When the same path is defined in both trees viewfs returns the file or directory defined in the source tree. In the following example two directories (src and dest) are merged together. In the example 2 is at the same time an empty directory in src and a file in dest. In the resulting merged file system the file of \verb+dest+ gets hidden by the directory in src.

 $ ls -RF src dest
 dest:
 a/  b/  c/  f  g
 dest/a:
 a1  a2
 dest/b:
 b1  b2
 dest/c:
 src:
 b/  d/  e/
 src/b:
 b2/  b3
 src/b/b2:
 src/d:
 src/e:
 $ um_add_service viewfs
 $ mount -t viewfs -o merge src dest
 $ ls -R dest
 dest:
 a/  b/  c/  d/  e/  f  g
 dest/a:
 a1  a2
 dest/b:
 b1  b2/  b3
 dest/b/b2:
 dest/c:
 dest/d:
 dest/e:
 $ rmdir src/b/b2
 $ ls -F dest/b
 b1  b2  b3
 $

At the end of the example there is the removal of the directory src/b/b2. When src/b/b2 directory disappears, the pre-existing dest/b/b2 file returns visible. This behavior may appear counter intuitive, a file continue to exist after it has been removed, but this is the result of a pure file system merge (in the overlay model of View-OS mount). Merge is commonly used to add files and directories in a read only way. In this way the consistency is maintained as removal actions are denied.

• -o cow. This is the copy on write mode. The file system structures get merged (in the same way seen for the option -merge above. Files and directories in the mount point tree are not modified, all the changes takes place in the src subtree. It is possible to remove files and directories. When a file or a directory gets deleted it disappears (if some file or directory do exist under the same file in the mount point subtree it is hidden).

• -o mincow. The minimal copy on write support is a transparent service for all permitted operations, it becomes a copy on write service only for unaccessible files and directories.

 $ mkdir /tmp/newroot
 $ um_add_service viewfs
 $ mount -t viewfs -o mincow /tmp/newroot /
 $ echo ciao >>/etc/passwd
 $ tail /etc/passwd
 .....
 v2user:x:1000:1000::/home/v2user:/bin/bash
 ciao
 $ rm /etc/passwd
 $ ls /etc/passwd
 ls: cannot access /etc/passwd: No such file or directory
 $

At most one of the options of the list above can be set, as the modes are mutually exclusive. The same source directory can be mounted later with a different option. For example it is possible to modify a filesystem using viewfs-mincow and then mount the same modification in merge mode. In this way it is possible to (virtually) install a set of programs or update a system. When the directory is mounted later as viewfs-merge the programs will be seen as installed or the system updated (but no further modification are possible on that source dir).

It is possible to add -o except=.... option in the same way explained for unfuse.

viewfs supports also the -o renew mounting option. Renew is like a remount of the same already mounted file system, making visible new changes happened inside the source filesystem tree.

$ mount -t viewfs /tmp/tst2 /tmp/src
$ mount -t viewfs -o merge /tmp/src /tmp/dest
$ ls dest
a  b  c  ciao  f  g  tst2
$ mount -t viewfs -o merge /tmp/tst1 /tmp/src
$ ls dest
a  b  c  ciao  f  g  tst2
$ mount -t viewfs,renew -o merge /tmp/src /tmp/dest
$ ls dest
a  b  c  ciao  f  g  tst1  tst2
$ 

ViewFS supports virtual ownership and permission when the mount option -o vstat is set.

Virtual installation of software by ViewFS

View-OS allows the virtual installation of software. The following examples show hot to (virtually) install some Debian packets by ViewFS. It is possible to install software as users, there is no need to log in as root or to execute sudo commands.

Let us suppose that a user wants to try the tinyirc application, which we suppose it is not installed in the system:

 $ tinyirc
 bash: tinyirc: command not found

In a view-os machine our user can install it:

 $ um_add_service viewfs
 $ mkdir /tmp/newroot
 $ viewsu
 # mount -t viewfs -o mincow,except=/tmp,vstat /tmp/newroot /

some files must be deleted, recreated to avoid warnings (it is not possible to virtually access really protected files, but we can delete them or change them to read-write mode)

 # rm -rf /root/.aptitude
 # mkdir /root/.aptitude 
 # touch /root/.aptitude/config
 # touch /var/cache/debconf/passwords.dat

Now the packet can be installed in the standard way:

 # apt-get install tinyirc
 Reading package lists... Done
 Building dependency tree       
 Reading state information... Done
 ...
 Unpacking tinyirc (from .../tinyirc_1%3a1.1.dfsg.1-1_i386.deb) ...
 Processing triggers for menu ...
 Processing triggers for man-db ...
 Setting up tinyirc (1:1.1.dfsg.1-1) ...
 Reading package lists... Done             
 Building dependency tree       
 Reading state information... Done
 Reading extended state information       
 Initializing package states... Done
 Writing extended state information... Done
 Reading task descriptions... Done         
 # exit
 $ tinyirc
 TinyIRC 1.1 Copyright (C) 1991-1996 Nathan Laredo
 This is free software with ABSOLUTELY NO WARRANTY.
 ....

it works.