Allow Darwin NFS mounts to be exposed on TCP ports

[tomgr]

The main reason for wanting this was to allow running bb_runner inside VMs whilst bb_worker is on the main host.

[aspect-workflows]

Test

All tests were cache hits

19 tests (100.0%) were fully cached saving 3s.

[EdSchouten]

I don't know. I have my reservations towards a change like this. Doesn't this cripple performance because of the constant switching into/out of the VM? Also from a security perspective it isn't great. The UNIX socket ensures that only the user that's used to launch bb_worker can interact with the NFS server.

Also, were you planning on using it in combination with not-macOS? This was never really tested.

[tomgr]

I don't know. I have my reservations towards a change like this. Doesn't this cripple performance because of the constant switching into/out of the VM?

I've not tried it under high load. My use case is for running MacOS gui tests - on a single mac mini I can run several normal bb_runners on the main host and then isolated gui tests inside tart vms. The GUI tests are not really that FS intensive but do need isolation.

Also from a security perspective it isn't great. The UNIX socket ensures that only the user that's used to launch bb_worker can interact with the NFS server.

Agreed this is problematic and does require careful firewall configuration. I don't know how to mitigate this.

Also, were you planning on using it in combination with not-macOS? This was never really tested.

No - just macos on macos.

[EdSchouten]

My use case is for running MacOS gui tests - on a single mac mini I can run several normal bb_runners on the main host and then isolated gui tests inside tart vms.

Have you considered using virtiofs? https://tart.run/quick-start/#accessing-mounted-directories-in-linux-guests