This is a follow-up to #43 which added support for bind-mounted volumes (and CoW clones of the same).
apple/container supports the notion of a "named volume", which is distinct from the bind-mounted volumes that sand uses for working directory clones (and other volumes mounted via --mount and --clone-mount).
Bind-mounted volumes are host filesystem directories that we give the sandbox container access to (read-only or read/write). The container sees essentially the same directory contents that the host sees on its filesystem. If the container has read/write access to the bind mount, then its changes will also be visible to the host filesystem. These are linux virtiofs mounts.
Named volumes in contrast are block devices, opaque to the host OS, and generally offer better performance that bind-mounted volumes at the expense of a less full-featured API. These are linux virtio blk device mounts.
See #43 (comment) for more information about the differences between the two volume types.
This is a follow-up to #43 which added support for bind-mounted volumes (and CoW clones of the same).
apple/containersupports the notion of a "named volume", which is distinct from the bind-mounted volumes that sand uses for working directory clones (and other volumes mounted via--mountand--clone-mount).Bind-mounted volumes are host filesystem directories that we give the sandbox container access to (read-only or read/write). The container sees essentially the same directory contents that the host sees on its filesystem. If the container has read/write access to the bind mount, then its changes will also be visible to the host filesystem. These are linux virtiofs mounts.
Named volumes in contrast are block devices, opaque to the host OS, and generally offer better performance that bind-mounted volumes at the expense of a less full-featured API. These are linux virtio blk device mounts.
See #43 (comment) for more information about the differences between the two volume types.