adam (Dec 23 2024 at 18:50): adam (Dec 23 2024 at 18:50):I get PermissionDenied when trying to wasmtime run a component built with Rust. It doesn't have any dependencies.
use std::io::Write;
use std::net::TcpStream;
fn main() {
let _ = TcpStream::connect("127.0.0.1:8080").unwrap().write("what up".as_bytes());
}
Not clear whether it's a sandbox security privilege issue and I'm missing a config to let the component use network features when hosted by wasmtime or if the component being built is bad. The Rust equivalent connects to a local TCP socket just fine.
Stack trace starts with wit-component:adapter:wasi_snapshot_preview1!wasi:cli/run@0.2.0#run
cargo build --target wasm32-wasip2
I thought this was the simplest recreation of a wasi p2 feature I could attempt so I must be missing a step. Components without the TcpStream run just fine.
Victor Adossi (Dec 24 2024 at 04:25):Hey @adam what does the command (or code?) that you're using to run the component look like?
Victor Adossi (Dec 24 2024 at 04:26):If you're using wasmtime run, are you enabling the right WASI options?
wasmtime run -S help
Available wasi options:
-S cli[=y|n] -- Enable support for WASI CLI APIs, including filesystems, sockets, clocks, and random.
-S cli-exit-with-code[=y|n] -- Enable WASI APIs marked as: @unstable(feature = cli-exit-with-code)
-S common[=y|n] -- Deprecated alias for `cli`
-S nn[=y|n] -- Enable support for WASI neural network API (experimental)
-S threads[=y|n] -- Enable support for WASI threading API (experimental)
-S http[=y|n] -- Enable support for WASI HTTP API (experimental)
-S config[=y|n] -- Enable support for WASI config API (experimental)
-S keyvalue[=y|n] -- Enable support for WASI key-value API (experimental)
-S listenfd[=y|n] -- Inherit environment variables and file descriptors following the systemd listen fd specification (UNIX only)
-S tcplisten=val -- Grant access to the given TCP listen socket
-S preview2[=y|n] -- Implement WASI CLI APIs with preview2 primitives (experimental).
-S nn-graph=<format>::<dir> -- Pre-load machine learning graphs (i.e., models) for use by wasi-nn.
-S inherit-network[=y|n] -- Flag for WASI preview2 to inherit the host's network within the guest so it has full access to all addresses/ports/etc.
-S allow-ip-name-lookup[=y|n] -- Indicates whether `wasi:sockets/ip-name-lookup` is enabled or not.
-S tcp[=y|n] -- Indicates whether `wasi:sockets` TCP support is enabled or not.
-S udp[=y|n] -- Indicates whether `wasi:sockets` UDP support is enabled or not.
-S network-error-code[=y|n] -- Enable WASI APIs marked as: @unstable(feature = network-error-code)
-S preview0[=y|n] -- Allows imports from the `wasi_unstable` core wasm module.
-S inherit-env[=y|n] -- Inherit all environment variables from the parent process.
-S config-var=<name>=<val> -- Pass a wasi config variable to the program.
-S keyvalue-in-memory-data=<name>=<val> -- Preset data for the In-Memory provider of WASI key-value API.
pass `-S help-long` to see longer-form explanations
(and if you're doing this with code, then you'll need to customize the runtime similarly)
Victor Adossi (Dec 24 2024 at 04:42):Here's an example repo with your example working:
https://github.com/vados-cosmonic/wasmtime-rust-wasi-run-tcp-example
(note that I use .cargo/config.toml to configure the runner so that cargo run works -- when running from CLI obviously you'd have to do that yourself)
Last updated: Jan 24 2025 at 00:11 UTC