Quotas for VFS plugins

[Norman Feske]

Hello Pirmin,

On 19.03.20 10:10, Pirmin Duss wrote:
> We have a VFS component that provides a RAM file system to an untrusted
> component. If this component writes a file too large the VFS issues a
> resource request and is blocked.
> 
> We would like to add file system quotas to in order for the VFS to be
> able to limit the size components can write.

we contemplated the topic in the past and came to the conclusion that
content written to a shared file system cannot be reasonably accounted
to the producer of the content. Otherwise, the content would need to
disappear once the producer disappears. Generally, this is not the
behavior expected from a file system.

On the other hand, limiting the amount of data that can be hosted in a
specific part of the file system (regardless of who is the producer) is
certainly a good idea for use cases like the one you described above.

> The idea is to add this to all plugins for which it makes sense.

I can only think of the <ram> file system. Here, a new 'limit' attribute
may be handy for specifying an upper bound in bytes.

In contrast, when thinking of on-disk file systems, quota support would
somehow need to be supported by the file-system implementation, wouldn't
it? Here, I would naturally shield an untrusted client from others by
handling out a dedicated partition, which is naturally size-limited.

Hence, I would not try to create a general mechanism.

Cheers
Norman

-- 
Dr.-Ing. Norman Feske
Genode Labs

https://www.genode-labs.com · https://genode.org

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth