deislabs / containerd-wasm-shims

containerd shims for running WebAssembly workloads in Kubernetes
Apache License 2.0
312 stars 48 forks source link

update spin deps to v0.7.1 #61

Closed devigned closed 1 year ago

devigned commented 1 year ago
devigned commented 1 year ago

@Mossaka and @cpuguy83 I'm wondering what your thoughts are about using the oci spec env vars for some early configuration of the Spin runtime.

cpuguy83 commented 1 year ago

@devigned I think it would be better to have a standard location. Other than that we would have to be very careful (even with the standard location, I suppose) and treat stuff inside the container as hostile. So we need to make sure paths (either in the env or symlinks) only resolve inside the container rootfs.

devigned commented 1 year ago

@devigned I think it would be better to have a standard location. Other than that we would have to be very careful (even with the standard location, I suppose) and treat stuff inside the container as hostile. So we need to make sure paths (either in the env or symlinks) only resolve inside the container rootfs.

You hit on the concern I was harboring. I definitely feel better about having a standard location, which I'll do in this PR.

The thing that concerns me is that there are multiple other knobs that we may want to expose: https://github.com/fermyon/spin/blob/eb3de4f072f4dfe964d4e2eb564e02b8e1faa012/crates/trigger/src/cli.rs#L32-L91.