Skip to content

feat(fs): Add file-backed symlinks with stat virtualization for Linux #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

feat(fs): Add file-backed symlinks with stat virtualization for Linux #22

wants to merge 2 commits into from

Conversation

appcypher
Copy link
Member

@appcypher appcypher commented Jul 27, 2025
edited
Loading

Summary

This PR implements a dual symlink representation system for Linux filesystems (overlayfs and passthrough) to enable stat virtualization on symlinks. This solves the limitation where many Linux filesystems don't support extended attributes on symlinks.

Problem

On Linux, most filesystems (ext4, btrfs, etc.) don't support extended attributes on symlinks. This prevents us from virtualizing uid/gid/mode on symlinks, which is required for proper container filesystem isolation.

Solution

Implemented a file-backed symlink representation that:

  • Creates symlinks as regular files when stat virtualization is needed
  • Stores the link target as file content
  • Preserves the S_IFLNK file type in the override_stat xattr
  • Remains transparent to the VFS layer - applications see normal symlinks

Implementation Details

Core Changes

  • Symlink Creation: On Linux, symlinks are created as regular files (mode 0600) with the target path as content
  • Stat Override: The xattr format uid:gid:mode preserves the S_IFLNK file type
  • Readlink Support: Enhanced to detect and read file-backed symlinks transparently
  • Bug Fix: Fixed readlink to use /proc/self/fd/ for O_PATH file descriptors

Platform Behavior

  • Linux: Uses file-backed symlinks to support xattr-based stat virtualization
  • macOS: Continues using regular symlinks (macOS supports xattrs on symlinks)

Test Coverage

  • Comprehensive test updates with platform-specific verification
  • Tests for copy-up behavior, nested directories, and multiple layers
  • Verification of xattr content and physical file representation
  • All tests handle both symlink representations correctly

appcypher added 2 commits July 27, 2025 22:32
@appcypher
feat(fs): implement file-backed symlinks with virtualized stats for L…
9d77a4c 
…inux

This commit implements a dual symlink representation system for Linux filesystems
(overlayfs and passthrough) to support stat virtualization on symlinks.

## Overview

On Linux, many filesystems don't support extended attributes on symlinks, which
prevents us from virtualizing uid/gid/mode. This implementation provides two
symlink representations:

1. **Regular symlinks** - Traditional symlinks (when stat override not needed)
2. **File-backed symlinks** - Regular files storing the link target as content,
   with the actual file type (S_IFLNK) stored in the override xattr

## Key Changes

### Implementation (overlayfs & passthrough)

- Modified symlink creation to always use file-backed representation on Linux
- Symlink target is stored as file content (up to PATH_MAX bytes)
- File type S_IFLNK is preserved in the override_stat xattr
- Added proper readlink support for file-backed symlinks
- Fixed readlink to use /proc/self/fd/ for O_PATH file descriptors

### Platform Differences

- **Linux**: Uses file-backed symlinks to support xattr-based stat virtualization
- **macOS**: Continues using regular symlinks with xattr support

### Test Updates

- Comprehensive test updates with platform-specific verification
- Added detailed checks for xattr content and file representation
- Enhanced tests to verify copy-up behavior, nested symlinks, and edge cases
- All tests properly handle both symlink representations

## Technical Details

File-backed symlinks:
- Created as regular files with mode 0600
- Content: symlink target path
- xattr format: "uid:gid:mode" where mode includes S_IFLNK
- Transparent to VFS layer - appears as regular symlinks to applications

This approach ensures consistent behavior across different filesystem types
while maintaining full stat virtualization capabilities.

Fixes symlink stat virtualization on Linux filesystems that don't support
xattrs on symlinks.
@appcypher
fix(fs): fix macOS symlink tests in overlayfs
1d942a8 
- Use symlink_metadata() instead of exists() to check symlink existence
  since exists() follows symlinks and returns false for broken symlinks
- Add XATTR_NOFOLLOW flag when reading xattrs from symlinks on macOS
  to read from the symlink itself rather than its target

These changes ensure the tests properly validate symlink behavior on
macOS where xattrs can be set directly on symlinks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@appcypher