wasi-libc icon indicating copy to clipboard operation
wasi-libc copied to clipboard

Published 20 hours ago verified publisher icon WebAssembly

O_RESOLVE_BENEATH is forced

Open yamt opened this issue 1 year ago • 4 comments

in posix, openat(dirfd, "../b", ...) should work. however, in wasi, O_RESOLVE_BENEATH behavior is unconditionally applied. (at least in popular implementations. i don't know if it was well documented for preview1. but for later versions, see https://github.com/WebAssembly/wasi-filesystem/blob/main/path-resolution.md.) wasi-ilbc doesn't seem to emulate the posix behavior either.

yamt avatar Feb 22 '24 07:02 yamt

I don't see any reference to O_RESOLVE_BENEATH in musl, or indeed anywhere on my linux system. Are you sure its part of POSIX? It doesn't seem to be part of either glibc or musl. Can you point to some documentation related to it? I couldn't find anything aside from stuff in freebsd.

sbc100 avatar Feb 22 '24 17:02 sbc100

@yamt Yes, this is behavior we inherited from CloudABI. Directory handles act as O_RESOLVE_BENEATH sandboxes.

I now believe we can migrate toward having a rooted filesystem, as I posted about here, which I expect will address your concerns, as many use cases that want "POSIX" can just use the filesystem namespace and things like ".." would work within it.

That said, there are use cases for handles with O_RESOLVE_BENEATH behavior, so we might keep that functionality around even as we also add a namespace.

sunfishcode avatar Feb 22 '24 22:02 sunfishcode

I don't see any reference to O_RESOLVE_BENEATH in musl, or indeed anywhere on my linux system. Are you sure its part of POSIX? It doesn't seem to be part of either glibc or musl. Can you point to some documentation related to it? I couldn't find anything aside from stuff in freebsd.

O_RESOLVE_BENEATH is non-standard. it isn't a part of posix. even its name varies among systems. on linux, it's called RESOLVE_BENEATH.

yamt avatar Feb 28 '24 03:02 yamt

@yamt Yes, this is behavior we inherited from CloudABI. Directory handles act as O_RESOLVE_BENEATH sandboxes.

ok.

I now believe we can migrate toward having a rooted filesystem, as I posted about here, which I expect will address your concerns, as many use cases that want "POSIX" can just use the filesystem namespace and things like ".." would work within it.

ok. commented there.

That said, there are use cases for handles with O_RESOLVE_BENEATH behavior, so we might keep that functionality around even as we also add a namespace.

even in case we keep the functionality, it should be optional i suppose.

yamt avatar Feb 28 '24 04:02 yamt