Skip to content

About using hardlinks ... MAKING RCC FASTER #63

Description

@vjmp

Expectations we had to remember:

  • you are always running mostly other people's code, so you have no idea what they are doing (weirdly, or otherwise)
  • multiple users (hackers included) could be using same machine/containers/hololib/shared disk
  • multiple processes will be running on same binaries (if hardlinked, copies otherwise)
  • since every different file in hololib exist just once, avoid corrupting those while others are using them (they can do anything, if you hand them copies, not originals)
  • MacOS behaves weirdly (with their security of things and file ownerships and syncinc)
  • Windows behaves weirdly (with antivirus/firewalls injected by kernel)
  • modern antivirus/firewall software works weirdly (and yanks executables even when application is already running [on suspicious activity])

These are @vjmp notes/memories from hardlinks and their use in rcc:

  • technically hardlinks would be very beneficial to reduce time (and diskspace) usage of environment creation and cleanup
  • we tried first use hardlinks in rcc environments, but there were some challenges
  • we had to back down to give each running robot their own files (to mess around with; you never know what weird stuff foreign code does inside with their filehandles)
  • one challenge is security, so allowing hardlinking between two different (maybe when at least one long-running code/robot is involved) environments opens up an attack vector from one environment to a next (if multiple people or containers have [write] access to same concrete file), and this is problem in SaaS like services using rcc
  • files that have relocations in them cannot be hardlinked from one environment to next, or some code will end up running/accessing/modifying things on wrong environment/directory (because they are referring other files based on "hardcoded" location information inside them); we saw robots (stacktraces) jumping from one environment to next
  • if processes are using locks on hardlinked files, it is not clear (to me) how other processes see those locks (when they actually should not have any knowledge of them)
  • if some process is using file, same inode should not be written at (like .pyc/.pyo files) by other processes (or they sweep feets under from other processes expecting those files do not change

Note: I might add to this list, if I remember other things.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions