Léo Gaspard (May 07 2020 at 20:28): Léo Gaspard (May 07 2020 at 20:28):Hello,
Just wanted to check, as I'm not sure I understand the whole implementation of the wasmtime-wasi crate, and the documentation is sparse: if I never call preopen_dir nor preopened_virt, then the guest will have access to none of the filesystem, and if I call preopen_dir then it will have access only to what is inside dir and nothing outside (eg. by passing paths such as .. relative to dir).
Am I correctly understanding these security properties?
Also, thank you for wasmtime! I'm still in the exploratory phase so haven't actually started using it yet, but it looks great!
Yury Delendik (May 07 2020 at 20:32):Looking at https://github.com/bytecodealliance/wasmtime/blob/master/docs/WASI-tutorial.md#executing-in-wasmtime-runtime , you have to provide --dir=. so looks like there is no default preopens
Yury Delendik (May 07 2020 at 20:36):so that's a correct description of the properties
Léo Gaspard (May 07 2020 at 20:47):Great, thank you!
Last updated: Nov 22 2024 at 17:03 UTC