Skip to content

Add SMB volume driver via direct guest CIFS mount#1414

Open
tonycoco wants to merge 1 commit intoapple:mainfrom
tonycoco:feature/smb-volume-driver
Open

Add SMB volume driver via direct guest CIFS mount#1414
tonycoco wants to merge 1 commit intoapple:mainfrom
tonycoco:feature/smb-volume-driver

Conversation

@tonycoco
Copy link
Copy Markdown

@tonycoco tonycoco commented Apr 12, 2026
edited
Loading

Add NFS and SMB volume drivers via direct guest mounts

Adds --driver nfs and --driver smb to container volume create. Both drivers mount network shares directly inside the Linux guest rather than going through virtiofs, eliminating the host-side mount hop.

When a volume is created with --driver smb or --driver nfs, no block image is created. The share path and options are stored as volume metadata. At container start, Utility.swift resolves the volume into a Filesystem.smb or Filesystem.nfs mount, which SandboxService.swift translates into a .any guest mount with type cifs or nfs respectively.

Usage:

SMB

container volume create --driver smb \
  --opt share=//192.168.1.1/Media \
  --opt username=user \
  --opt password=secret \
  --opt vers=3.0 \
  myshare

NFS

container volume create --driver nfs \
  --opt share=nas.local:/exports/data \
  --opt addr=nas.local \
  --opt vers=3 \
  --opt proto=tcp \
  myexport

container run -v myshare:/media alpine ls /media

Boolean mount flags (e.g. nolock, mfsymlinks) can be passed as --opt nolock= with an empty value and are serialized as bare flags in the mount data string.

Kernel requirement

This depends on a pending change to apple/containerization. The default guest kernel ships with CONFIG_CIFS=y disabled. A PR to that repo is needed to enable it in kernel/config-arm64 — without it, SMB mounts fail at runtime with errno 19 (ENODEV). NFS (CONFIG_NFS_FS) is already enabled in the current kernel config but is not compiled into the shipped kernel binary, so a rebuild is required for both drivers to work end-to-end.

The required containerization change is a single line in kernel/config-arm64:

# Before
# CONFIG_CIFS is not set

# After
CONFIG_CIFS=y
# CONFIG_CIFS_STATS2 is not set
CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y
CONFIG_CIFS_UPCALL=y
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
# CONFIG_CIFS_DEBUG is not set
CONFIG_CIFS_DFS_UPCALL=y
# CONFIG_CIFS_SMB_DIRECT is not set

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update

Motivation and Context

#1413

Testing

  • Tested locally
  • Added/updated tests
  • Added/updated docs

@tonycoco tonycoco force-pushed the feature/smb-volume-driver branch from 5f179cd to afb3797 Compare April 12, 2026 05:25
@tonycoco
Add SMB volume driver via direct guest CIFS mount
68ff885 
Add --driver smb to container volume create. SMB volumes store the
share path and credentials as metadata with no block image. At
container start, they are resolved into a cifs mount directly inside
the Linux guest rather than going through virtiofs.

Supported driver opts: share, username, password, domain.
@tonycoco tonycoco force-pushed the feature/smb-volume-driver branch from afb3797 to 68ff885 Compare April 12, 2026 16:22
@tonycoco tonycoco marked this pull request as ready for review April 12, 2026 16:29
@tonycoco tonycoco mentioned this pull request Apr 13, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@vxnkjyffmq-code vxnkjyffmq-code vxnkjyffmq-code approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tonycoco @vxnkjyffmq-code @katiewasnothere