wasmtime-py icon indicating copy to clipboard operation
wasmtime-py copied to clipboard

Published 20 hours ago verified publisher icon bytecodealliance

Add `dir_perms` and `file_perms` to `WasiConfig.preopen_dir`

Open ajalt opened this issue 1 year ago • 1 comments

The rust preopened_dir method has parameters for setting permissions to allow mapping the directory or its files as read-only. The python preopen_dir doesn't currently expose these parameters, so we can only map directories as read-write.

Is it possible to add the ability to set permissions on mapped directories?

ajalt avatar Sep 19 '24 17:09 ajalt

Thanks for the report! While this functionality is present in Rust it's not currently reflected in the C API which this package is built on. That doesn't mean it's not possible, just means that the sequence of steps to fix this would be to (a) update the C APi to enable plumbing these permissions bits and (b) update wasmtime-py to use the new bindings. If you're able to help that'd be much appreciated! If not however that's also ok too.

alexcrichton avatar Sep 20 '24 00:09 alexcrichton

I'm also interested in this functionality. Looks like the next step is to update the version of wasmtime this package depends on, then update the preopen_dir python wrapper? @alexcrichton or @ajalt, are either of you already working on this first part, or would it be helpful for me to take it on this week?

jder avatar Nov 09 '24 21:11 jder

I'm not working on this myself, and if @ajalt isn't already taking a crack at it please feel free to!

The line to update is this one and set that to "dev" to download the latest build which will have the changes necessary.

alexcrichton avatar Nov 11 '24 03:11 alexcrichton

Thanks! I started working on the wasmtime 26 update as a first step, and ran into something I'm not sure how to handle.

In particular for the bindings generation code the wasmparser::Validator type used to be exposed (because environ exposed wasmtime_types::*, which included wasmparser), but it no longer is. Should environ re-export wasmparser (perhaps under a feature like wasmtime itself does now)?

jder avatar Nov 11 '24 22:11 jder

Ah the wasmtime-types crate was folded into wasmtime-environ, and for now you can probably add an explicit dependency on wasmparser but otherwise yeah adding it as an export from wasmtime-environ I think would make sense.

alexcrichton avatar Nov 12 '24 04:11 alexcrichton

For posterity, I am working on this, WIP here which we can land once wasmtime 27 is released.

jder avatar Nov 12 '24 20:11 jder

I just came looking for this feature myself. I want to be able to run the equivalent of this (but in Python):

wget https://github.com/brettcannon/cpython-wasi-build/releases/download/v3.13.0/python-3.13.0-wasi_sdk-24.zip
unzip python-3.13.0-wasi_sdk-24.zip
wasmtime run --dir .::/ python.wasm -c 'print("hello world")'

But I want the directory to be read-only, so that things like this don't break everything:

wasmtime run --dir .::/ python.wasm -c 'open("python.wasm", "wb").write(b"blah")'

simonw avatar Nov 13 '24 02:11 simonw

@jder thanks for this! If you'd like feel free to go ahead and open a PR and update ci/download-wasmtime.py to using the dev tag. We can land that and then switch to the 27.0.0 release artifacts once they're available.

@simonw I believe that this issue will solve your need for that, and if you're interested in seeing such a readonly flag for Wasmtime mind opening an issue over there for that? I don't think we currently have an issue tracking that.

alexcrichton avatar Nov 14 '24 21:11 alexcrichton

Thanks! Posted that feature request here:

  • https://github.com/bytecodealliance/wasmtime/issues/9608

simonw avatar Nov 14 '24 21:11 simonw