Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dir_perms and file_perms to WasiConfig.preopen_dir #251

Closed
ajalt opened this issue Sep 19, 2024 · 9 comments · Fixed by #257
Closed

Add dir_perms and file_perms to WasiConfig.preopen_dir #251

ajalt opened this issue Sep 19, 2024 · 9 comments · Fixed by #257

Comments

@ajalt
Copy link

ajalt commented Sep 19, 2024

The rust preopened_dir method has parameters for setting permissions to allow mapping the directory or its files as read-only. The python preopen_dir doesn't currently expose these parameters, so we can only map directories as read-write.

Is it possible to add the ability to set permissions on mapped directories?
@alexcrichton
Copy link
Member

Thanks for the report! While this functionality is present in Rust it's not currently reflected in the C API which this package is built on. That doesn't mean it's not possible, just means that the sequence of steps to fix this would be to (a) update the C APi to enable plumbing these permissions bits and (b) update wasmtime-py to use the new bindings. If you're able to help that'd be much appreciated! If not however that's also ok too.

ajalt added a commit to ajalt/wasmtime that referenced this issue Oct 16, 2024
@ajalt
Add permissions to wasi_config_preopen_dir C API
933dc18 
The current `wasi_config_preopen_dir` function does not expose the `dir_perms` and `file_perms` parameters that were added to `preopened_dir`. This commit adds them and update the docs for those functions to reflect the current signature.

This is a prerequisite for bytecodealliance/wasmtime-py#251
@ajalt ajalt mentioned this issue Oct 16, 2024
Merged
github-merge-queue bot pushed a commit to bytecodealliance/wasmtime that referenced this issue Oct 22, 2024
@ajalt
Add permissions to wasi_config_preopen_dir C API (#9477)
d6ce1dd 
* Add permissions to `wasi_config_preopen_dir` C API

The current `wasi_config_preopen_dir` function does not expose the `dir_perms` and `file_perms` parameters that were added to `preopened_dir`. This commit adds them and update the docs for those functions to reflect the current signature.

This is a prerequisite for bytecodealliance/wasmtime-py#251

* Address review comments

* Use early return for parameters
@jder
Copy link
Contributor

jder commented Nov 9, 2024

I'm also interested in this functionality. Looks like the next step is to update the version of wasmtime this package depends on, then update the preopen_dir python wrapper? @alexcrichton or @ajalt, are either of you already working on this first part, or would it be helpful for me to take it on this week?

@alexcrichton
Copy link
Member

I'm not working on this myself, and if @ajalt isn't already taking a crack at it please feel free to!

The line to update is this one and set that to "dev" to download the latest build which will have the changes necessary.

@jder
Copy link
Contributor

jder commented Nov 11, 2024

Thanks! I started working on the wasmtime 26 update as a first step, and ran into something I'm not sure how to handle.

In particular for the bindings generation code the wasmparser::Validator type used to be exposed (because environ exposed wasmtime_types::*, which included wasmparser), but it no longer is. Should environ re-export wasmparser (perhaps under a feature like wasmtime itself does now)?

@alexcrichton
Copy link
Member

Ah the wasmtime-types crate was folded into wasmtime-environ, and for now you can probably add an explicit dependency on wasmparser but otherwise yeah adding it as an export from wasmtime-environ I think would make sense.

This was referenced Nov 12, 2024
Merged
Merged
@jder
Copy link
Contributor

jder commented Nov 12, 2024

For posterity, I am working on this, WIP here which we can land once wasmtime 27 is released.

@simonw
Copy link

simonw commented Nov 13, 2024

I just came looking for this feature myself. I want to be able to run the equivalent of this (but in Python):

wget https://github.com/brettcannon/cpython-wasi-build/releases/download/v3.13.0/python-3.13.0-wasi_sdk-24.zip
unzip python-3.13.0-wasi_sdk-24.zip
wasmtime run --dir .::/ python.wasm -c 'print("hello world")'

But I want the directory to be read-only, so that things like this don't break everything:

wasmtime run --dir .::/ python.wasm -c 'open("python.wasm", "wb").write(b"blah")'

@atilag atilag mentioned this issue Nov 14, 2024
Draft
2 tasks
@alexcrichton
Copy link
Member

@jder thanks for this! If you'd like feel free to go ahead and open a PR and update ci/download-wasmtime.py to using the dev tag. We can land that and then switch to the 27.0.0 release artifacts once they're available.

@simonw I believe that this issue will solve your need for that, and if you're interested in seeing such a readonly flag for Wasmtime mind opening an issue over there for that? I don't think we currently have an issue tracking that.

@simonw
Copy link

simonw commented Nov 14, 2024

Thanks! Posted that feature request here:

@jder jder mentioned this issue Nov 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update to latest wasmtime dev jder/wasmtime-py
4 participants
@simonw @jder @alexcrichton @ajalt