The sandboxing is pretty important to keeping things isolated, but I've also wondered about the right way to ensure my writes to files are "atomic" in 9p, and never really understood the guarantees or lack thereof.

In POSIX-land, I can write to a temp file, sync it and the parent directory, and rename it over the original and be pretty well guaranteed anyone accessing the file by name will never see a partially written to file.

How the heck does this work in 9p servers? For a "synthetic" file server one could decide to update the state depending on receiving full payloads I presume, and discard anything that's nonsense or incomplete. (like changing the baud on a serial port through the control file - you need to know the format of the commands and send the correct payload)

But what does one do about regular files? Write to temporary files and rename over them? Do the Plan 9 file systems have any atomic guarantees (HJFS, Fossil, KenFS etc?) and do I need to understand each of them?