EROFS snapshotter & differ

[cardyok]

What is the problem you're trying to solve

• The current overlay snapshotter will unpack each file & directory to overlayfs, which cause more metadata overhead and hard to track individual files integrity; Unexpected system crashes could cause layers inconsistently；

• There is no way to protect files, directories as well as filesystem layer hierarchy, e.g. make the whole layer immutable, and
  runtime data integrity protection;

• As also mentioned in Parallel Container Layer Unpacking #8881, although the current ContainerD fetches layers in parallel, but unpacks them in a single thread layer by layer sequentially. But this relies on 'rebase' snapshotter interface.

Describe the solution you'd like

• Introduce EROFS snapshotter and differ to tranform each OCI layer into EROFS format, so that each layer have only one file instead of massive files & directories, so that we could make the whole layer immutable, and enable runtime data integrity protection for these converted format;

• Each layer can be tranformed in parallel rather than applying these layers one by one, and the 'rebase' snapshotter interface mentioned by Derek can be implemented smoothly.

• EROFS layers can be merged into one read-only filesystem instance to mount. Its a better implementation of 'immutable container image' concept

Additional context

[hsiangkao]

By the way, in my mind, EROFS snapshotter can also be used for:

• Composefs model, which uses OSTree-like approach as content-addressable store to share ostree-blobs between different instances;
• gVisor use cases: such EROFS images can be directly mmaped into gvisor without passing through individual host files into a container anymore;
• More secure container runtimes (like Kata) can use this for effective image access too.