Brussels / 4 & 5 February 2023


Quick starting secure container storage using squashfs, overlay and dm-verity

Squashfs images provides a read-only compressed filesystem. OCI content delivered in squashfs format provide several benefits when compared to tar. Images do not need to be extracted before being used. Images can be verified by their content-addressed names against signed OCI metadata before use, and dmverity will ensure the integrity of the contents themselves. This makes for very fast yet verified storage bringup. Overlay provides the ability to give writable access and take advantage of OCI’s layered images. I’ll show how users can build (stacker), host (zot) and run squashfs images (LXC) with available opensource software.


Photo of Scott Moser Scott Moser