Wrapfs is the template from which we wrote the example security file systems discussed in Section 4. Our first implementation concentrated on the Solaris 2.5.1 operating system for several reasons. Solaris is a popular commercial operating system, and it includes a standard vnode interface. In addition, we had access to kernel sources. The next two implementations we worked on were for Linux 2.0 and FreeBSD 3.0. We chose them because they are sufficiently different from Solaris and each other, they represent another large section of the Unix market , and they also come with sources.
By implementing Wrapfs and further examples using it for these three operating systems we hope to prove that practical non-trivial stackable file systems are portable to sufficiently different Unix operating systems, and that the effort involved in porting them is small (see Section 5.4). Appendix A provides more details of the first implementation, Solaris. In Appendix B we discuss the differences in implementation for the Linux and FreeBSD ports.
Wrapfs was initially similar to the Solaris loopback file system (lofs)[26]. Lofs passes all Vnode and VFS operations to the lower layer, but it only stacks on directory vnodes. Wrapfs stacks on every vnode, and makes identical copies of data blocks, pages, and file names in its own layer, so they can be changed independently of the lower level file system. Wrapfs does not explicitly manipulate objects in other layers. It appears to the upper VFS as a lower-level file system. Concurrently, Wrapfs treats lower-level file systems as an upper-layer. This allows us to stack multiple instances of Wrapfs or file systems derived thereof on top of each other.
The key point that enables stacking is that the major data structures used in the file system (struct vnode and struct vfs) contain a field into which file system specific data can be stored. Wrapfs uses that private field to store several pieces of information, most notably a pointer to the corresponding lower level file system's vnode and VFS. When a vnode operation in Wrapfs is called, it finds the lower level's vnode from the current vnode, and repeats the same operation on the lower level vnode.