Containers now have top-level zram
I have posted about top-level zram in the aufs layered
filesystem:
https://bkhome.org/news/202205/a-rethink-of-easyos-architecture.html
And the introduction of a "save" icon on the desktop:
https://bkhome.org/news/202205/save-session-at-any-time.html
Early on, I was thinking that to support top-level zram for containers, each container would need its own zram device. However, yesterday I realised the obvious; the main layered filesystem and the layered filesystems of the containers, could all use the same zram. It is simply a matter of having a sub-folder in the zram for each aufs layer.
To explain that a bit more, in the initrd, the 'init' script sets up the main layered filesystem like this:
if [ $EOS_TOP_LEVEL_ZRAM -eq 1 ];then #20220521 20220529
mount -t aufs -o br=/easy_rw/mainrw=rw:${SESSIONHOME}=ro+wh:${sessionSFS}${EXTRASFS}/easy_ro/easy_sfs=ro aufs /easy_new
else
mount -t aufs -o br=${SESSIONHOME}=rw:${sessionSFS}${EXTRASFS}/easy_ro/easy_sfs=ro aufs /easy_new
fi
Folder /easy_rw is where /dev/zram1 is mounted. In this mount-point, sub-folders are created; "mainrw", and if containers are supported, "www", "console", etc. It is simply a matter of using each of these sub-folders as the top aufs layer.
After switch_root, that /easy_rw becomes /mnt/.easy_rw (which is
a small difference from the pups, which move the mount-points into
/initrd).
Hey presto, containers now also have the same running-in-zram feature. When the user clicks the "save" icon on the desktop, or chooses to save at shutdown, the main-desktop session as well as the container sessions, are saved. That is, the entire contents of /mnt/.easy-rw is saved, each sub-folder to its respective .session folder in the working-partition.
I have tested it, works great.
Changing the subject, I have been wondering about the future of containers in EasyOS. For myself, I don't use them. I did receive some feedback a couple of days ago, with a similar sentiment. Initially, the reaction is, yeah great, but then for daily use, where most of us just browse the web, just running Firefox on the main desktop is plenty secure -- considering that it runs non-root and with its own sandbox.
Maybe I will bring out both builds, with and without containers, for awhile, decide down-the-track which one to keep.
Containers do have lots of attractions. For example, running Easy
Dunfell I could run Easy Bookworm in a container, if I want access
to the bigger package repository. Or, I want to run an app with
the isolation and security offered by a container.
Tags: easy