Giters

containers / libkrun

A dynamic library providing Virtualization-based process isolation capabilities

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Question] Upstreaming TSI patches to Linux and support for snapshotting

sidkshatriya opened this issue · comments

commented

I find the use of TSI (Transparent Socket Impersonation) in the guest VM to communicate with the host very interesting. It simplifies the whole networking story in the VM which is always a huge hassle.

I notice that TSI is still implemented as a series of patches to the Linux kernel. My understanding is that TSI is planned to be upstreamed into Linux proper.

However, its been sometime since these patches were out there and wanted to know when this might be merged into the mainline.

So currently we have the convenience of TSI via a patched kernel and on the other hand we have user space networking like slirp. Why was the use of something like slirp not considered as an option in krunvm?

I am also interested in the possibility of snapshotting the VM like firecracker does. Is that a feature that is considered interesting/useful to the libkrun project?

commented

I notice that TSI is still implemented as a series of patches to the Linux kernel. My understanding is that TSI is planned to be upstreamed into Linux proper.

However, its been sometime since these patches were out there and wanted to know when this might be merged into the mainline.

My intention is to send the TSI patch as soon as the patchset adding support for SOCK_DGRAM to vsock gets merged, as we depend on it.

So currently we have the convenience of TSI via a patched kernel and on the other hand we have user space networking like slirp. Why was the use of something like slirp not considered as an option in krunvm?

One of libkrun's main goals is to have the smallest possible footprint, in all senses. The TSI solution is an order of magnitude smaller than slirp, consumes less CPU cycles for the same work, uses less memory, and performs better.

I am also interested in the possibility of snapshotting the VM like firecracker does. Is that a feature that is considered interesting/useful to the libkrun project?

So far we don't have an immediate use case that requires snapshotting.

commented

Thanks for your quick response.

Before I go, I also wanted to appreciate usage of user space virtiofs in the VMM. It is another cool feature of your VMM. In fact, I find the whole combination of buildah + virtiofs + TSI + encapsulation of the linux kernel in libkrunfw + minimalistic interface of libkrun really well thought.

I even found the embedding of init.krun and making it available via the passthrough filesystem very cool.

Congratulations on designing such a nice VMM !