Speaker
Description
PuzzleFS is a container
filesystem designed to address the limitations of the existing OCI format. The
main goals of the project are reduced duplication, reproducible image builds,
direct mounting support and memory safety guarantees, some inspired by the
OCIv2 brainstorm document.
Reduced duplication is achieved using the content defined chunking algorithm
FastCDC. This implementation allows chunks to be shared among layers. Building
a new layer starting from an existing one allows reusing most of the chunks.
The author will showcase an end-to-end demo, starting by building a PuzzleFS
image using stacker, mounting it securely and running it with LXC.
Stacker is a tool for building
OCI images natively, with recent support for producing PuzzleFS images.
Reproducible image builds are achieved by defining a canonical representation
of the image format. Direct mounting support is a key feature of PuzzleFS and,
together with fs-verity, it provides data integrity. Currently, puzzlefs is
implemented as a userspace filesystem (FUSE). A read-only kernel filesystem
driver is available as a
POC.
Lastly, memory safety is critical to PuzzleFS, leading to the decision to
implement it in Rust. The same code is shared between user space and kernel
space in order to provide one secure implementation.