Apple Intelligence now features Image Playground, Genmoji, Writing Tools enhancements, seamless support for ChatGPT, and visual intelligence.

Apple Intelligence has also begun language expansion with localized English support for Australia, Canada, Ireland, New Zealand, South Africa, and the U.K. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Understand disk partition, container and volume

I am confused by the notions of partitions, containers and volume.


Looking at a recent mac with default setup, inside disk utility, I see 1 disk, 1 partition, 1 container and 2 volumes.



However, the right side of disk utility says "Shared by 5 volumes" so I am guessing there are 3 hidden volumes? What are these 3 hidden volumes?


Then I try to understand how this structure is reflected on the file system. The disk is called disk0 in diskutility, but if I do an `ls disk0*` I see :


disk0#    disk0s1#  disk0s2#  disk0s3#


what are these 4 directories?


Inside diskutility, the container is called disk3, but I see 8 directories:

/dev/disk3	/dev/disk3s1	/dev/disk3s1s1	/dev/disk3s2	/dev/disk3s3	/dev/disk3s4	/dev/disk3s5	/dev/disk3s6


Why are there 8 directories and not 5 (1 per volume).


Thanks for any hint to help my understanding !


Posted on Jan 21, 2023 3:49 AM

Reply
Question marked as Top-ranking reply
14 replies
Question marked as Top-ranking reply

Jan 21, 2023 6:32 AM in response to Barney-15E

Thanks a lot for your detailed answer!

That all makes sense.


I want to install 2 macOS version, so that I can dual boot. I want the 2 OS to be completely isolated, and one to not have access to the other at all. I am trying to decide if I should install the new macOS on a new volume, in the same container, or whether I should create a new container.


In the article from 2019 of Eclectic light, they say the other OS has to be installed inside a new container : https://eclecticlight.co/2019/03/15/should-you-add-a-new-apfs-container-or-volume/


But Apple doc says you can install on a new volume, in the same container.

So it seems things have evolved since 2019. I am trying to figure out if I can install the new OS on a new volume, on the same container, without lowering the isolation between the 2 os. Specifically, I am trying to figure out if installing the 2 os in the same container lowers the filevault security, from one os to the other.


Do you have any thoughts on that?

Thanks!

Jan 21, 2023 6:45 AM in response to sebastien244

Volumes (and containers) are encrypted independently of one-another.

FileVault isn't really the encryption. It is the glue that allows you to decrypt and login with the same credentials, instead of having to use one to decrypt, and another to log into the account.


Either way you install, you can mount or not mount the other container or volumes from each. I think everything about APFS is voodoo at the moment. Apple hasn't thoroughly documented it (and probably never will). It certainly could have been true in those early stages of APFS that you could not have two boot volumes, but you can now. I don't know why one method would be superior to the other except the choice of fixing the storage space for both with a container.



Jan 21, 2023 4:37 AM in response to sebastien244

I’m not sure where you see a partition and a container, except that they are essentially the same. The important distinction is a container hosts multiple “virtual” subdivisions called Volumes.

Volumes share the storage space of the container, but can be restricted when created.

However, the right side of disk utility says "Shared by 5 volumes" so I am guessing there are 3 hidden volumes? What are these 3 hidden volumes?

Preboot, VM, Recovery, Update, and I think there is at least one other that I can’t remember the name.

Then I try to understand how this structure is reflected on the file system.

Apple Silicon Macs have one (or more) small partitions at the beginning of the disk for boot up. Those don’t appear except in some of the diskutil functions.


In general, disk# is either a physical or synthesized disk. The s# are subdivisions if that disk. You see more than five because there are more than five as I noted above. I don’t know why it said shared with five except that they all may not be mounted and not reported.

There is a blog on The Electic Light Company website that diagrams and discusses the macOS disk layout in much more detail (and many other esoteric Mac things).

Jan 21, 2023 4:15 PM in response to sebastien244

sebastien244 wrote:

I want to install 2 macOS version, so that I can dual boot.

Why?

I want the 2 OS to be completely isolated

First of all, that's not possible. There is always going to be some degree of impact on the other system. Depending on how you implement it, that degree of impact could be minor, or it could corrupt all of your data.


Jan 22, 2023 12:03 PM in response to sebastien244

sebastien244 wrote:

"There is always going to be some degree of impact on the other system."

Hmm, I am surprised by that. If I install the 2 oses on 2 distinct encrypted volumes, I don't see how what one process does on one OS impacts what happens on the other OS?

That's what I mean by "some degree of impact". If you are really careful and make sure, via various methods, to ensure that neither volume can ever see the contents of the other, then you can minimize that impact. But you'll never get it to zero. There is always the question of things like Recovery, boot partitions, NVRAM, and iCloud. With any kind of sync system, your computer has to be uniquely identified. How does that work? Serial number? MAC address? Those are the same on both volumes.


That's why I ask why. Just because a given feature exists, even if Apple documented it, doesn't mean you should ever use it. This particular "feature" is one of those red light, danger areas. It has never been well tested by Apple. Depending on what you are trying to do, and how, you can minimize the potential problems. But without knowing specifics, I wouldn't recommend attempting it.

Jan 23, 2023 2:38 AM in response to etresoft

Very good points. I have to run some software that I do not fully trust, and I am trying to think of a way to do it as safely as possible. That's why I thought of running it through another OS, with the idea that if it turns out to be malware, it won't affect my main OS.


Your point about Recovery and boot volumes is what I am thinking about the most : if I put the 2 OSes inside 2 different containers, rather than on 2 different volumes of the same container, then they will not share recovery and boot volumes? How important do you think it might be?

Jan 24, 2023 2:50 PM in response to emde-ash

Thanks a lot for all the links!


If I have understood correctly what I've read, Adding a new volume group to the same container to create the same OS will actually mean the 2 oses share the same preboot, recovery and VM volumes...


Now, I am trying to figure out how much of a security risk that is. If a malware is running on OS_B installed in volume_groupB, in the same container as volume_groupA (on which OS_A is running), then do you have a sense of whether it is possible for the malware to attack OS_A or the data volume in volume_groupA?


I guess what I am asking is how much having access to preboot, recovery and vm increases the attack surface.



Jan 24, 2023 8:07 PM in response to sebastien244

sebastien244 wrote:

Very good points. I have to run some software that I do not fully trust, and I am trying to think of a way to do it as safely as possible. That's why I thought of running it through another OS, with the idea that if it turns out to be malware, it won't affect my main OS.

Your point about Recovery and boot volumes is what I am thinking about the most : if I put the 2 OSes inside 2 different containers, rather than on 2 different volumes of the same container, then they will not share recovery and boot volumes? How important do you think it might be?

Based on what Etresoft explained, you would be going through some acrobatics and possibly compromising your Mac, even if the likelihood is remote, to set something up so you can "run some software you don't fully trust"? I guess I would never run software I have any doubts about in terms of "trust." What do you do if the software executes some code that erases all the mounted drives, volumes, etc. with any data on them? I would never risk it.


If you are trying to set up a testbed for testing malware antidotes (?), or some such thing, requiring to run software you don't trust, I would absolutely ever put that on any computer with anything of value; I would set up a cheap separate computer and after such testing, would then erase/format/wipe the computer and install a fresh system, ready for the next "test." Of course there is also the problem that this "test" computer is sharing your home or work network with your "good" computers, but presumably you can protect them.

Understand disk partition, container and volume

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.