Direct Interception

This article dives into the configuration and use of Direct Interception Mode in Object Mount for Linux.

Overview

When running in Direct Interception Mode, Object Mount will insert itself between your applications and the operating system. It will dynamically redirect relevant file system calls made by shell commands and applications to the appropriate APIs of your object storage provider. This dynamic “mapping” between file system concepts and object storage interfaces gives your tools instant access to objects as files.

This direct interception means any applications that can access file storage can now work with object storage. Object Mount intercepts I/O calls from any user binaries, including those written in C/C++, Rust, Go, Java, Python, etc.

It’s built to work everywhere: It works with dynamic binaries and static binaries. It works inside unprivileged containerized environments.

Support for Any Application

This includes applications you’ve written yourself — just treat the paths to object storage as local file system paths. Object Mount handles the rest.

Direct interception Mode uses the LD_PRELOAD environment variable so that Object Mount can capture and redirect storage access library and system calls to object storage APIs.

  • If a static binary is intercepted, a JIT ELF binary translator will redirect relevant calls when the binary is loaded into memory.

Highlights

  • Direct Interception offers the highest performance access to object storage that Object Mount provides.
  • Direct Interception Mode is the default mode and the most common mode for Object Mount to be deployed in.
  • Unless otherwise noted, all documentation pages and installation instructions are written assuming you are using “Direct Interception Mode”.

Example Use Cases

  • Direct Interception Mode is best suited for situations in which installed app compatibility is not an issue.
  • For example: When setting up a fixed workflow with Object Mount that can be tested and verified before putting it into production.

Direct Interception vs. Object Mount on Fuse

Direct Interception Mode does not currently support SUID binaries, or certain packaged apps like 🌐 Snap, 🌐 AppImage, or 🌐 Flatpak applications.

See Object Mount on FUSE and/or Object Mount FlexMount to support these tools.

Advantages and Disadvantages

AdvantagesDisadvantages
Speed: Dynamic interception offers the best performance.Compatibility: Direct interception does not currently support SUID binaries, Snaps, AppArmor, or Flatpak applications.
Set up time: This is the default mode — just launch an Object Mount shell with the cuno CLI command.Activation: In some cases, it is difficult to enable direct interception or keep it enabled (because of environment variable clobbering or lack of privileges to set/use LD_PRELOAD).
Linux native: For users who are skilled with Linux, using the cuno CLI is quick, easy, and non-intrusive.Non-technical users: If Object Mount is being used by team members with only minimal Linux skills, teaching them how to use the Object Mount shell and diagnose if it’s working correctly may be less desirable than setting up a Object Mount on FUSE on their behalf.

How to Enable

Direct Interception Mode can be enabled per-session or per-command.

Direct Interception: Per-Session

Enable Object Mount for a single shell session by calling cuno from a terminal command line:

$
cuno
$
cuno

This will launch a new interactive “wrapped shell” with Object Mount acting in Direct Interception Mode.

The wrapped shell itself has Object Mount monitoring all its I/O calls — so every command entered or application launched from within the wrapped shell will be monitored and intercepted by Object Mount

Object Mount CLI cuno as a Wrapper

When cuno is used to launch a new shell, the shell is launched with LD_PRELOAD set to point at cuno.so.

  • There is no Object Mount shell binary.
  • cuno only “wraps” existing shells (bash, zsh, etc.) with Object Mount pre-loaded.

Direct Interception: Per-Command

To enable direct interception for a single command, use:

cuno run bash -c "<your command and arguments>"
cuno run bash -c "<your command and arguments>"

Best Practice for Running Single Commands

It is recommended to execute one-time commands in this fashion to maintain support for Wildcard expansion (*) of filesystem and remote paths.

Path Usage

Inside a cuno-wrapped shell session, object storage buckets can be accessed using either path or URI formats.

The commands below provide examples of both path and URI usage within a cuno-launched shell:

$
cuno
(cuno)$ ls s3://<bucket>/<path>
(cuno)$ ls /cuno/s3/<bucket>/<path>
$
cuno
(cuno)$ ls s3://<bucket>/<path>
(cuno)$ ls /cuno/s3/<bucket>/<path>

Cloud Paths

For additional information on specifying cloud paths using the Object Mount CLI, see the Linux User Guide article: Cloud Path Details.

Shell Interaction

bash and zsh are fully supported when using the Object Mount CLI.

This includes support for:

  • Tab auto-completion of remote paths
  • Wildcard expansion (*) of filesystem and remote paths

In either of these fully-supported shells, the prompt will be prefixed with (cuno) to indicate that Direct Interception is enabled and that you are using an Object Mount CLI-wrapped shell::

(cuno) user@host:~$
(cuno) user@host:~$

Detecting Shells

To select between the two shells, Object Mount determines if either is present using the following methods (in order):

  1. The shell used to launch Object Mount
  2. The user’s preferred login shell
  3. All installed shells

If neither bash nor zsh are found, then the first shell in this list is used. If no shell is set, then /bin/sh is used.

Processor Snapshot (ps) usage

The behavior described here relies on ps.

Depending on your method of installation, you may need to install ps manually. (For RedHat/RHEL derivatives, install package procps).

Specifying Shells

To launch a specific shell with Object Mount enabled, use cuno run:

cuno run <shell>
cuno run <shell>
Previous
Deployment Mode Details
Next
Object Mount on FUSE