Hello,
Just wanted to check, as I'm not sure I understand the whole implementation of the wasmtime-wasi crate, and the documentation is sparse: if I never call preopen_dir
nor preopened_virt
, then the guest will have access to none of the filesystem, and if I call preopen_dir
then it will have access only to what is inside dir
and nothing outside (eg. by passing paths such as ..
relative to dir
).
Am I correctly understanding these security properties?
Also, thank you for wasmtime! I'm still in the exploratory phase so haven't actually started using it yet, but it looks great!
Looking at https://github.com/bytecodealliance/wasmtime/blob/master/docs/WASI-tutorial.md#executing-in-wasmtime-runtime , you have to provide --dir=.
so looks like there is no default preopens
so that's a correct description of the properties
Great, thank you!
Last updated: Dec 23 2024 at 13:07 UTC