gVisor - Gofer

In the context of gVisor (Google’s open-source container runtime), a Gofer is a specialized process that acts as a file system proxy.

To understand the Gofer, you first have to understand the basic architecture of gVisor, which is built on the principle of isolation.

The Problem: The "Sentry" is Untrusted

In gVisor, the core component is the Sentry. The Sentry acts as a user-space kernel; it intercepts system calls from the application and handles them.

However, for security reasons, the Sentry is not allowed to access the host file system directly. If the Sentry were compromised by a malicious application and had direct host access, the attacker could read or delete any file on the host machine.

The Solution: The Gofer

The Gofer is a separate, standalone process that runs alongside the Sentry. Its sole job is to provide file system access to the Sentry via a secure protocol.

The Workflow:

1. Application requests to open a file (e.g., open("/etc/passwd")).
2. Sentry intercepts this system call.
3. Sentry sends a request to the Gofer (via a Unix domain socket).
4. Gofer performs the actual open() call on the host OS.
5. Gofer passes the file descriptor back to the Sentry.

Key Characteristics of Gofer

Security (Defense in Depth)

The Gofer is heavily sandboxed using seccomp or namespaces. While the Sentry handles complex logic (networking, memory management, signals), the Gofer does only one thing: file I/O. By splitting these duties, gVisor ensures that even if the Sentry is hacked, the attacker still doesn't have the "keys" to the host filesystem—they have to go through the Gofer, which has its own strict security policies.

The Communication Protocol

Historically, gVisor used a modified version of the 9P protocol (originally from the Plan 9 operating system) for the Sentry to talk to the Gofer.

In recent versions, gVisor has transitioned to a more efficient internal protocol called LISAFS (Linux Shared File System) to reduce the performance overhead of 9P.

Separation of Privileges

Typically, each container in a gVisor sandbox has its own Gofer process. This ensures that one container's file access is completely isolated from another container's file access.

Summary

The Gofer is the "middleman" for files. It allows gVisor to maintain a "shared-nothing" security model where the core kernel emulator (Sentry) has no direct access to the host's files, significantly reducing the attack surface of the container.