search

WebAssembly / wasi-libc

WASI libc implementation for WebAssembly
https://wasi.dev
Other
862 stars 203 forks source link

O_RESOLVE_BENEATH is forced #475

Open yamt opened 9 months ago

yamt commented 9 months ago

in posix, openat(dirfd, "../b", ...) should work. however, in wasi, O_RESOLVE_BENEATH behavior is unconditionally applied. (at least in popular implementations. i don't know if it was well documented for preview1. but for later versions, see https://github.com/WebAssembly/wasi-filesystem/blob/main/path-resolution.md.) wasi-ilbc doesn't seem to emulate the posix behavior either.

sbc100 commented 9 months ago

I don't see any reference to O_RESOLVE_BENEATH in musl, or indeed anywhere on my linux system. Are you sure its part of POSIX? It doesn't seem to be part of either glibc or musl. Can you point to some documentation related to it? I couldn't find anything aside from stuff in freebsd.

sunfishcode commented 9 months ago

@yamt Yes, this is behavior we inherited from CloudABI. Directory handles act as O_RESOLVE_BENEATH sandboxes.

I now believe we can migrate toward having a rooted filesystem, as I posted about here, which I expect will address your concerns, as many use cases that want "POSIX" can just use the filesystem namespace and things like ".." would work within it.

That said, there are use cases for handles with O_RESOLVE_BENEATH behavior, so we might keep that functionality around even as we also add a namespace.

yamt commented 9 months ago

I don't see any reference to O_RESOLVE_BENEATH in musl, or indeed anywhere on my linux system. Are you sure its part of POSIX? It doesn't seem to be part of either glibc or musl. Can you point to some documentation related to it? I couldn't find anything aside from stuff in freebsd.

O_RESOLVE_BENEATH is non-standard. it isn't a part of posix. even its name varies among systems. on linux, it's called RESOLVE_BENEATH.

yamt commented 9 months ago

@yamt Yes, this is behavior we inherited from CloudABI. Directory handles act as O_RESOLVE_BENEATH sandboxes.

ok.

I now believe we can migrate toward having a rooted filesystem, as I posted about here, which I expect will address your concerns, as many use cases that want "POSIX" can just use the filesystem namespace and things like ".." would work within it.

ok. commented there.

That said, there are use cases for handles with O_RESOLVE_BENEATH behavior, so we might keep that functionality around even as we also add a namespace.

even in case we keep the functionality, it should be optional i suppose.