Stream: wasmtime

Topic: Capabilities listing (n00b)

view this post on Zulip Mike Bursell (Jun 03 2020 at 08:58):

I'm just getting into wasmtime (I'm part of the Enarx project - https://enarx.io), and I'm starting to try out some bits and pieces. One of the things I'm playing with is Directory and VirtualDirectory creation. This works as expected (once I worked out what "expected" should be!), but it raised a set of questions in my mind, which I hope aren't too stupid. If there's documentation I've missed, or if this question is best asked in another stream, then please let me know.

In order to allow a workload to access a Directory, it needs to be granted the capability to do so. This is a Good Thing[tm], obviously. What I'm specifically interested in is whether there's a way to see, for a particular WasiCtx, what capabilities have been granted. This seems like an obvious thing to be able to check - one might even want to revoke capabilities at runtime on occasion. My understanding of the Directory capability granting in https://github.com/bytecodealliance/wasmtime/blob/master/crates/wasi-common/src/ctx.rs is that a Directory is just added: there's no accounting going on. Am I missing something at a different level? Is this something which has come up elsewhere? Is it something to propose?

Sorry if this is appallingly n00b: I promise to read anything I'm sent to look, at but I couldn't track down an answer with ease.

Many thanks,

-Mike.

bytecodealliance/wasmtime
Standalone JIT-style runtime for WebAssembly, using Cranelift - bytecodealliance/wasmtime

view this post on Zulip Till Schneidereit (Jun 03 2020 at 12:06):

CC @Dan Gohman @Luke Wagner @Alex Crichton

view this post on Zulip Dan Gohman (Jun 03 2020 at 13:43):

@Mike Bursell WasiCtx's entries member holds all the capabilities for a WasiCtx, but we don't yet have APIs for users to query that information or revoke capabilities

view this post on Zulip Dan Gohman (Jun 03 2020 at 13:45):

I think it would pretty straightforward to add such APIs.

view this post on Zulip Dan Gohman (Jun 03 2020 at 13:47):

For revocation, one thing to think about is whether we should track which capabilities a given capability is derived from, eg. which directory a file was opened from, so that if the user revokes a capability, we could revoke everything derived from it

view this post on Zulip Mike Bursell (Jun 03 2020 at 14:00):

Thanks for the pointers. I'll have a look and a think before replying in any further detail.

Last updated: Nov 22 2024 at 17:03 UTC