Alexander Larson, creator of Flatpak, working in Red Hat, I presented a preliminary version of patches with the implementation of the file system composefs for the Linux nucleus. The proposed file system resembles SquashFS and is also suitable for mounting images in the only reading mode. Differences are reduced to ensuring in composefs effective joint storage of the contents of several targeted disk images and supporting the authenticity of the readable data. As areas of application in which the FS Composefs may be in demand, the images of containers and use for the GIT-like repository OSTREE.
is called the images of containers.
Composefs applies a storage model with addressing based on contents, i.e. The primary identifier is not a file name, but a hash from the contents of the file. Such a model provides deduplication and allows you to actually store only one copy of the same files found in different shallow sections. For example, the images of containers contain many typical system files and in the case of composEFS, each of these files will be jointly used by all suspected images, without the use of tricks, such as a spray using rigid links. At the same time, common files are not only stored in the form of one copy on the disk, but also by one record in the page cache, which makes it possible to save both disk and RAM.
To save disk memory, data and metadata in mounted images are divided. When mounted, they indicate:
- Binar index, which contains all metadata file system, file names, access rights and other information, with the exception of the content of the files.
- The basic catalog in which the contents of the files of all mounted images are stored. Files are stored in binding to hash from their contents.
The binary index is created for each image of the FS, and the basic catalog is the same for all images. To verify the contents of individual files and the entire image in general storage, the FS-RERITY mechanism can be used, which, when contacting files, checks the compliance of the Hashi binary index with actual contents (i.e. if the attacker makes a change in the file in the basic catalog or data They will be damaged as a result of a malfunction, then such reconciliation will reveal a discrepancy).