Stream: git-wasmtime

Topic: wasmtime / issue #9849 WASI network access example


view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 11:28):

JMLX42 edited issue #9849:

Hello,

I am trying to use container2wasm to run a Linux VM inside wasmtime. Here is my code:

#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
    // Create a new Wasmtime engine and store with unit data.
    // Construct the wasm engine with async support enabled.
    let mut config = Config::new();
    config.async_support(true);
    let engine = Engine::new(&config)?;

    // Embed the WebAssembly module into the binary.
    let wasm_bytes = include_bytes!("../images/ubuntu:22.04.wasm");

    // Create a linker to link the WASI module.
    let mut linker: Linker<WasiP1Ctx> = Linker::new(&engine);
    preview1::add_to_linker_async(&mut linker, |t| t)?;

    // Create a WASI context and put it in a Store; all instances in the store
    // share this context. `WasiCtxBuilder` provides a number of ways to
    // configure what the target program will have access to.
    let wasi_ctx = WasiCtxBuilder::new()
        .inherit_stdio()
        .inherit_network()
        .socket_addr_check(|_, _| Box::pin(ready(true)))
        .allow_ip_name_lookup(true)
        .allow_tcp(true)
        .allow_udp(true)
        .build_p1();
    let mut store = Store::new(&engine, wasi_ctx);

    // Load the WebAssembly module from the embedded bytes.
    let module = Module::new(&engine, wasm_bytes)?;
    let func = linker
        .module_async(&mut store, "", &module)
        .await?
        .get_default(&mut store, "")?
        .typed::<(), ()>(&store)?;

    // Create an instance of the module with a mutable store.
    func.call_async(&mut store, ()).await?;

    Ok(())
}

It works great and I have access to a shell/prompt. But for some reason, network requests fail:

$ cargo run --release
    Finished `release` profile [optimized] target(s) in 0.07s
     Running `target/release/prositronic`
root@localhost:/# apt-get update
apt-get update
Ign:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Ign:2 http://archive.ubuntu.com/ubuntu jammy InRelease
Ign:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Ign:2 http://archive.ubuntu.com/ubuntu jammy InRelease
Ign:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:2 http://archive.ubuntu.com/ubuntu jammy InRelease
Ign:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Ign:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Err:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
  Temporary failure resolving 'security.ubuntu.com'
Err:2 http://archive.ubuntu.com/ubuntu jammy InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@localhost:/#

What am I missing?

view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 15:01):

bjorn3 commented on issue #9849:

container2wasm only supports networking through the use of a helper program c2w-net running on the host as native program: https://github.com/ktock/container2wasm/tree/main/examples/networking/wasi It looks like container2wasm targets wasip1 which only supports exposing a server over the network listening at a wasm runtime defined port (which c2w-net seems to take advantage of). You need wasip2 to be able to actually connect to arbitrary servers without a proxy like c2w-net.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 15:04):

JMLX42 commented on issue #9849:

@bjorn3 thank you for your quick response!

You need wasip2 to be able to actually connect to arbitrary servers

How do I do that? I thought my code was already already targeting preview2

view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 15:08):

bjorn3 commented on issue #9849:

Container2wasm doesn't use wasip2. You did have to ask the maintainer of container2wasm to add wasip2 support.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 15:14):

JMLX42 commented on issue #9849:

You did have to ask the maintainer of container2wasm to add wasip2 support.

@bjorn3 so you mean my code is fine and supports preview 2, but the loaded WASM module produced by converter2wasm does not support preview2 ?

view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 15:15):

JMLX42 edited a comment on issue #9849:

You did have to ask the maintainer of container2wasm to add wasip2 support.

@bjorn3 so you mean my code is fine and supports preview 2, but the loaded WASM module produced by container2wasm does not support preview2 ?

view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 15:21):

bjorn3 commented on issue #9849:

but the loaded WASM module produced by container2wasm does not support preview2 ?

Indeed. container2wasm produces wasip1 rather than wasip2 wasm modules.

so you mean my code is fine and supports preview 2

You need different code to load wasip1 and wasip2 modules. Your current code is correct for wasip1, but once container2wasm supports producing wasip2 modules, you will need some changes to load the wasip2 module.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 15:23):

JMLX42 commented on issue #9849:

you will need some changes to load the wasip2 module.

@bjorn3 are there any examples for wasip2?

view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 15:26):

dicej commented on issue #9849:

This PR updates the WASI example in this repo to wasip2.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 18:54):

alexcrichton closed issue #9849:

Hello,

I am trying to use container2wasm to run a Linux VM inside wasmtime. Here is my code:

#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
    // Create a new Wasmtime engine and store with unit data.
    // Construct the wasm engine with async support enabled.
    let mut config = Config::new();
    config.async_support(true);
    let engine = Engine::new(&config)?;

    // Embed the WebAssembly module into the binary.
    let wasm_bytes = include_bytes!("../images/ubuntu:22.04.wasm");

    // Create a linker to link the WASI module.
    let mut linker: Linker<WasiP1Ctx> = Linker::new(&engine);
    preview1::add_to_linker_async(&mut linker, |t| t)?;

    // Create a WASI context and put it in a Store; all instances in the store
    // share this context. `WasiCtxBuilder` provides a number of ways to
    // configure what the target program will have access to.
    let wasi_ctx = WasiCtxBuilder::new()
        .inherit_stdio()
        .inherit_network()
        .socket_addr_check(|_, _| Box::pin(ready(true)))
        .allow_ip_name_lookup(true)
        .allow_tcp(true)
        .allow_udp(true)
        .build_p1();
    let mut store = Store::new(&engine, wasi_ctx);

    // Load the WebAssembly module from the embedded bytes.
    let module = Module::new(&engine, wasm_bytes)?;
    let func = linker
        .module_async(&mut store, "", &module)
        .await?
        .get_default(&mut store, "")?
        .typed::<(), ()>(&store)?;

    // Create an instance of the module with a mutable store.
    func.call_async(&mut store, ()).await?;

    Ok(())
}

It works great and I have access to a shell/prompt. But for some reason, network requests fail:

$ cargo run --release
    Finished `release` profile [optimized] target(s) in 0.07s
     Running `target/release/prositronic`
root@localhost:/# apt-get update
apt-get update
Ign:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Ign:2 http://archive.ubuntu.com/ubuntu jammy InRelease
Ign:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Ign:2 http://archive.ubuntu.com/ubuntu jammy InRelease
Ign:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:2 http://archive.ubuntu.com/ubuntu jammy InRelease
Ign:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Ign:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Err:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
  Temporary failure resolving 'security.ubuntu.com'
Err:2 http://archive.ubuntu.com/ubuntu jammy InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@localhost:/#

What am I missing?

view this post on Zulip Wasmtime GitHub notifications bot (Dec 18 2024 at 18:54):

alexcrichton commented on issue #9849:

It looks like Wasmtime is performing as-expected here and while there's perhaps follow-up items with tools like container2wasm I'm going to close this as I don't think there's anything to track on the Wasmtime side of things. If I'm wrong though let me know!


Last updated: Dec 23 2024 at 12:05 UTC