Stream: git-wasmtime

Topic: wasmtime / issue #12912 wasi:fs mutate-directory ignored

view this post on Zulip Wasmtime GitHub notifications bot (Mar 31 2026 at 17:58):

MendyBerger opened issue #12912:

Overview

As far as I can tell, wasmtime never checks descriptor-flags.mutate-directory.

Also, wasmtime seems to be passing down mutate-directory in open-at even when the caller/guest doesn't ask for it.

See line 1054 where the parent's permissions are just passed down:
https://github.com/bytecodealliance/wasmtime/blob/33e8b3d955697587b23cf39d87fbcbdb4d26b0c9/crates/wasi/src/filesystem.rs#L1052-L1058

Expected Results

mutate-directory should be required when editing directories, and should not be passed down from the parent automatically.

Actual Results

mutate-directory is ignored, and is passed down from the parent automatically.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 31 2026 at 17:58):

MendyBerger added the bug label to Issue #12912.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 31 2026 at 19:03):

alexcrichton removed the bug label from Issue #12912.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 31 2026 at 19:03):

alexcrichton added the wasi:impl label to Issue #12912.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 31 2026 at 19:04):

alexcrichton commented on issue #12912:

I mentioned a bit of this on Zulip as well, but I suspect this is a mixture of being historically ambitious about what would be done coupled with this hasn't really aged well coupled with a lack of tests. I think it's reasonable to tweak behavior here as necessary and avoid taking Wasmtime as the source of truth. Would you be up for sending a PR to adjust the aspects you feel need changing?

view this post on Zulip Wasmtime GitHub notifications bot (Mar 31 2026 at 20:10):

MendyBerger commented on issue #12912:

Sure, will take a stab at it

view this post on Zulip Wasmtime GitHub notifications bot (Apr 16 2026 at 19:32):

MendyBerger commented on issue #12912:

Note to self as I'm looking into this:

Descriptor's flags should match what was passed to open-at
https://github.com/WebAssembly/WASI/blob/5b0aa5140c4021071a4acdc35ec2b56a2fb45854/proposals/filesystem/wit/types.wit#L550

Wasmtime sets OpenMode::READ based only on DescriptorFlags::READ
https://github.com/bytecodealliance/wasmtime/blob/d5f1b973e48b0016a2cd1190985c9fa509bf0cee/crates/wasi/src/filesystem.rs#L970-L972

wasmtime asumes OpenMode::READ also included DescriptorFlags::MUTATE_DIRECTORY
https://github.com/bytecodealliance/wasmtime/blob/d5f1b973e48b0016a2cd1190985c9fa509bf0cee/crates/wasi/src/filesystem.rs#L545-L546

Last updated: May 03 2026 at 21:15 UTC