On Sat, Jul 06, 2024 at 05:15:08PM +0000, Chuck Lever III wrote: > In an earlier email Mike mentioned that Hammerspace isn't > interested in providing a centrally managed directory of > block devices that could be utilized by the MDS to simply > inform the client of local devices. I don't think that's > the only possible solution for discovering the locality of > storage devices. Btw, no matter what Hammerspace feels (and why that matters for Linux), the block layout is not a good idea for bypassing the network between supposedly isolated containers. It completely bypasses the NFS security model, which is an spectacularly bad idea if the clients aren't fully trusted. I've mentioned this before, but I absolutely do not advocate for using the block layout as a network bypass here. The concept to do local file I/O from the client in cases where we can do it is absolutely sensible. I just don't think doing it is a magic unmanaged layer is a good idea, and figuring out how to pass the opened file from nfsd to the client without risking security problems and creating painful layering violations needs to be solved.
