Linux supports various file systems such as EXT4, F2FS, Btrfs, and XFS. These traditional file systems mostly deal with a storage device containing several directories. But when it comes to handling loopback devices, the current filesystem can be tough to process the mounting.
Keeping that in mind, Christian Brauner, the Linux Kernel developer and senior engineer at Canonical (maker of Ubuntu), has proposed a new loop device file system, named loopfs. This file system is largely influenced by Android’s BinderFS which he implemented about two years ago. So, let’s dig deeper into loopfs to know more about it.
But before we begin, let’s understand what is a loop device.
What Is A Loop Device?
A loop device is similar to a block device but more like a regular file that mounts as a file system. Instead of mapping its data block to physical devices like hard disk, loop device maps data to blocks of a regular file. Hence, the kernel treats it as a block device.
For example, an ISO file is a single file but internally contains several files and directories. The operating system kernel can assume it as a physical disk partition and mount it as a loop device. Hence, if you want to attach a file (xyz.iso) to a Linux directory tree, you can use a loop to mount it as an entire filesystem.
Loopfs: A Loop Device File System
As per the Christian, “loopfs allows to dynamically allocate loop devices in sandboxed workloads without exposing /dev or /dev/loop-control to the workload in question and without having to implement a complex and also racy protocol to send around a file descriptors for loop devices.”
Find your dream job
Whenever a loop device mounts, loopfs creates a new instance that is independent of other loop device loopfs instances. In this way, privileged tools get their own private stash of loop device instances.
Additionally, you can also limit the number of loop devices available to a loopfs instance by setting the “max” mount option to a positive integer.
You can mount the loopfs filesystem by user namespace root to use it in containers. Mounting of images on loop devices is also secure owing to the syscall interception which handles the final mount syscall and performs the mount by a sufficiently privileged process.