Hi Alexander,
in that case we need to have single VFS server with own cache/page mapping for files being shared between different instance of containers (subsystems), not only for children’s? is it true for current implementation of [single VFS+FS server] <=> [[multiple subsystems]]?
I'm afraid you lost me. In Genode, a file system is accessed via a File_system session. This session provides an API for typical file/directory operations (open/create, symlink, watch, move). File content is transferred via a packet stream (cf. Genode Foundations Book). A VFS server would access e.g. a persistent file system and deliver its contents to its own clients, which could be separate subsystems. I see two places for caching here: First, the VFS server could cache some file content so that it can be delivered to multiple clients without transferring it from the block device multiple times. Second, the clients can perform their own (local) caching. Since I'm not familiar with the internals implementation though, I don't know to what extend such mechanisms are already implemented.
another question here is a way how to provide an access rights (different for different clients) which will use the same FS server. Do you have something like ACL applied to file system?
The VFS server has no notion of users or ACL, yet it is possible to provide different parts of the VFS to different clients/sessions. This is achieved by specifying a <policy>, which sets the root directory for the session and whether write operations are permitted. This basically provides per-directory access control.
or it just borrowed from, e.g. ext2 implementation (need to provide /etc/passwd and /etc/groups together with chmod/chown as separate files and utils)? I see in ssh_server.run some inline implementation of similar files...
Do you have own or external auth mechanism, like LDAP server/Radius/etc?
Natively, there is no notion of users in Genode. Instead, access control is conducted on a per-session basis. On the one hand, the init component takes care of routing a particular session request to a certain child component (or parent). On the other hand, the child providing the service may further allow the specification of session policies (as mentioned above) so that different clients receive different permissions.
Best Johannes