High severityNVD Advisory· Published Dec 22, 2023· Updated Apr 17, 2025
Filesystem sandbox not enforced in wasmer-cli
CVE-2023-51661
Description
Untrusted Wasm programs in Wasmer before 4.2.4 could escape the sandbox and access the host filesystem without explicit directory mappings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Untrusted Wasm programs in Wasmer before 4.2.4 could escape the sandbox and access the host filesystem without explicit directory mappings.
Vulnerability
Analysis
CVE-2023-51661 is a sandbox escape vulnerability in the Wasmer WebAssembly runtime, affecting versions prior to 4.2.4. The root cause is that Wasm programs could access the host filesystem outside of the intended sandbox, even when no directory mappings (e.g., --dir or --mapdir) were explicitly provided. This occurs because the runtime's default configuration did not properly restrict filesystem access, allowing untrusted Wasm modules to read or write arbitrary files on the host system [1].
The attack surface is limited to environments where a service provider runs untrusted Wasm code using Wasmer. An attacker who can supply a malicious Wasm module to such a service can exploit this default lax filesystem policy. No user interaction beyond loading the Wasm module is required, and authentication to the Wasmer CLI or SDK is not needed by the attacker—only the service provider's trust in executing the untrusted code [1].
The impact is severe: an attacker can read sensitive host files (e.g., credentials, configuration, application data) or write new files, potentially leading to container breakout or host compromise. Since Wasmer is designed for secure container execution, this vulnerability undermines the sandbox guarantees [1][3].
Mitigation
The vulnerability has been patched in Wasmer version 4.2.4, released on 2023-11-30. The fix involves refactoring the filesystem setup logic to ensure that no host filesystem is exposed unless explicitly mapped via --dir or --mapdir flags [2]. Users running untrusted Wasm code should upgrade immediately. No workarounds are documented; the only mitigation is applying the patch [1][4].
References
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wasmer-clicrates.io | >= 3.0.0, < 4.2.4 | 4.2.4 |
Affected products
2Patches
234 files changed · +211 −177
Cargo.lock+47 −47 modified@@ -2525,7 +2525,7 @@ dependencies = [ [[package]] name = "macro-wasmer-universal-test" -version = "4.2.3" +version = "4.2.4" dependencies = [ "proc-macro2", "proc-quote", @@ -5139,7 +5139,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "virtual-fs" -version = "0.9.0" +version = "0.10.0" dependencies = [ "anyhow", "async-trait", @@ -5326,7 +5326,7 @@ dependencies = [ [[package]] name = "wai-bindgen-wasmer" -version = "0.16.0" +version = "0.17.0" dependencies = [ "anyhow", "async-trait", @@ -5405,7 +5405,7 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasi-test-generator" -version = "4.2.3" +version = "4.2.4" dependencies = [ "glob", "gumdrop", @@ -5596,7 +5596,7 @@ dependencies = [ [[package]] name = "wasmer" -version = "4.2.3" +version = "4.2.4" dependencies = [ "anyhow", "bytes", @@ -5671,7 +5671,7 @@ dependencies = [ [[package]] name = "wasmer-c-api" -version = "4.2.3" +version = "4.2.4" dependencies = [ "cbindgen", "cfg-if", @@ -5700,7 +5700,7 @@ dependencies = [ [[package]] name = "wasmer-c-api-test-runner" -version = "4.2.3" +version = "4.2.4" dependencies = [ "cc", "regex", @@ -5710,7 +5710,7 @@ dependencies = [ [[package]] name = "wasmer-cache" -version = "4.2.3" +version = "4.2.4" dependencies = [ "blake3", "criterion", @@ -5724,7 +5724,7 @@ dependencies = [ [[package]] name = "wasmer-capi-examples-runner" -version = "4.2.3" +version = "4.2.4" dependencies = [ "cc", "regex", @@ -5734,7 +5734,7 @@ dependencies = [ [[package]] name = "wasmer-cli" -version = "4.2.3" +version = "4.2.4" dependencies = [ "anyhow", "assert_cmd 2.0.12", @@ -5798,7 +5798,7 @@ dependencies = [ "wasmer-edge-cli", "wasmer-emscripten", "wasmer-object", - "wasmer-registry 5.9.0", + "wasmer-registry 5.10.0", "wasmer-toml 0.9.2", "wasmer-types", "wasmer-vm", @@ -5810,7 +5810,7 @@ dependencies = [ [[package]] name = "wasmer-compiler" -version = "4.2.3" +version = "4.2.4" dependencies = [ "backtrace", "bytes", @@ -5839,7 +5839,7 @@ dependencies = [ [[package]] name = "wasmer-compiler-cli" -version = "4.2.3" +version = "4.2.4" dependencies = [ "anyhow", "bytesize", @@ -5860,7 +5860,7 @@ dependencies = [ [[package]] name = "wasmer-compiler-cranelift" -version = "4.2.3" +version = "4.2.4" dependencies = [ "cranelift-codegen", "cranelift-entity", @@ -5879,7 +5879,7 @@ dependencies = [ [[package]] name = "wasmer-compiler-llvm" -version = "4.2.3" +version = "4.2.4" dependencies = [ "byteorder", "cc", @@ -5901,7 +5901,7 @@ dependencies = [ [[package]] name = "wasmer-compiler-singlepass" -version = "4.2.3" +version = "4.2.4" dependencies = [ "byteorder", "dynasm", @@ -5920,7 +5920,7 @@ dependencies = [ [[package]] name = "wasmer-derive" -version = "4.2.3" +version = "4.2.4" dependencies = [ "compiletest_rs", "proc-macro-error", @@ -5965,14 +5965,14 @@ dependencies = [ "virtual-mio 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)", "virtual-net 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)", "wasmer-api", - "wasmer-registry 5.9.0 (registry+https://github.com/rust-lang/crates.io-index)", + "wasmer-registry 5.9.0", "wasmer-toml 0.9.2", "webc", ] [[package]] name = "wasmer-emscripten" -version = "4.2.3" +version = "4.2.4" dependencies = [ "byteorder", "getrandom", @@ -6014,7 +6014,7 @@ dependencies = [ [[package]] name = "wasmer-integration-tests-cli" -version = "4.2.3" +version = "4.2.4" dependencies = [ "anyhow", "assert_cmd 2.0.12", @@ -6038,16 +6038,16 @@ dependencies = [ "target-lexicon 0.12.12", "tempfile", "tokio", - "wasmer-registry 5.9.0", + "wasmer-registry 5.10.0", ] [[package]] name = "wasmer-integration-tests-ios" -version = "4.2.3" +version = "4.2.4" [[package]] name = "wasmer-middlewares" -version = "4.2.3" +version = "4.2.4" dependencies = [ "wasmer", "wasmer-types", @@ -6056,7 +6056,7 @@ dependencies = [ [[package]] name = "wasmer-object" -version = "4.2.3" +version = "4.2.4" dependencies = [ "object 0.28.4", "thiserror", @@ -6066,11 +6066,11 @@ dependencies = [ [[package]] name = "wasmer-registry" version = "5.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bb2ecfb16d793bfe1e2b98af07e6f344bd00ba0efea8e1b24737701d823a3ee" dependencies = [ "anyhow", - "clap", "console", - "dialoguer 0.11.0", "dirs", "filetime", "flate2", @@ -6083,7 +6083,6 @@ dependencies = [ "log", "lzma-rs", "minisign", - "pretty_assertions", "regex", "reqwest", "rpassword", @@ -6098,22 +6097,21 @@ dependencies = [ "tldextract", "tokio", "toml 0.5.11", - "tracing", "url", - "wasmer-toml 0.9.2", + "wasmer-toml 0.8.1", "wasmer-wasm-interface 4.2.3", "wasmparser 0.51.4", "whoami", ] [[package]] name = "wasmer-registry" -version = "5.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bb2ecfb16d793bfe1e2b98af07e6f344bd00ba0efea8e1b24737701d823a3ee" +version = "5.10.0" dependencies = [ "anyhow", + "clap", "console", + "dialoguer 0.11.0", "dirs", "filetime", "flate2", @@ -6126,6 +6124,7 @@ dependencies = [ "log", "lzma-rs", "minisign", + "pretty_assertions", "regex", "reqwest", "rpassword", @@ -6140,16 +6139,17 @@ dependencies = [ "tldextract", "tokio", "toml 0.5.11", + "tracing", "url", - "wasmer-toml 0.8.1", - "wasmer-wasm-interface 4.2.3 (registry+https://github.com/rust-lang/crates.io-index)", + "wasmer-toml 0.9.2", + "wasmer-wasm-interface 4.2.4", "wasmparser 0.51.4", "whoami", ] [[package]] name = "wasmer-sys-utils" -version = "0.16.0" +version = "0.17.0" dependencies = [ "libc", "region", @@ -6199,7 +6199,7 @@ dependencies = [ [[package]] name = "wasmer-types" -version = "4.2.3" +version = "4.2.4" dependencies = [ "bytecheck", "enum-iterator", @@ -6216,7 +6216,7 @@ dependencies = [ [[package]] name = "wasmer-vm" -version = "4.2.3" +version = "4.2.4" dependencies = [ "backtrace", "cc", @@ -6244,7 +6244,7 @@ dependencies = [ [[package]] name = "wasmer-wasix" -version = "0.16.0" +version = "0.17.0" dependencies = [ "anyhow", "async-trait", @@ -6314,7 +6314,7 @@ dependencies = [ [[package]] name = "wasmer-wasix-experimental-io-devices" -version = "0.16.0" +version = "0.17.0" dependencies = [ "minifb", "nix 0.25.1", @@ -6329,7 +6329,7 @@ dependencies = [ [[package]] name = "wasmer-wasix-types" -version = "0.16.0" +version = "0.17.0" dependencies = [ "anyhow", "bitflags 1.3.2", @@ -6353,30 +6353,30 @@ dependencies = [ [[package]] name = "wasmer-wasm-interface" version = "4.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70759b128088ce07ab6f31b97d83ceb8642285c650677fc84f554d68dc534ac4" dependencies = [ - "bincode", "either", "nom 5.1.3", "serde", "wasmparser 0.51.4", - "wat", ] [[package]] name = "wasmer-wasm-interface" -version = "4.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70759b128088ce07ab6f31b97d83ceb8642285c650677fc84f554d68dc534ac4" +version = "4.2.4" dependencies = [ + "bincode", "either", "nom 5.1.3", "serde", "wasmparser 0.51.4", + "wat", ] [[package]] name = "wasmer-wast" -version = "4.2.3" +version = "4.2.4" dependencies = [ "anyhow", "futures", @@ -6392,7 +6392,7 @@ dependencies = [ [[package]] name = "wasmer-workspace" -version = "4.2.3" +version = "4.2.4" dependencies = [ "anyhow", "build-deps",
Cargo.toml+14 −14 modified@@ -12,20 +12,20 @@ rust-version.workspace = true version.workspace = true [dependencies] -wasmer = { version = "=4.2.3", path = "lib/api", default-features = false } -wasmer-compiler = { version = "=4.2.3", path = "lib/compiler", features = [ +wasmer = { version = "=4.2.4", path = "lib/api", default-features = false } +wasmer-compiler = { version = "=4.2.4", path = "lib/compiler", features = [ "compiler", ], optional = true } -wasmer-compiler-cranelift = { version = "=4.2.3", path = "lib/compiler-cranelift", optional = true } -wasmer-compiler-singlepass = { version = "=4.2.3", path = "lib/compiler-singlepass", optional = true } -wasmer-compiler-llvm = { version = "=4.2.3", path = "lib/compiler-llvm", optional = true } -wasmer-emscripten = { version = "=4.2.3", path = "lib/emscripten", optional = true } -wasmer-wasix = { version = "0.16.0", path = "lib/wasix", optional = true } -wasmer-wast = { version = "=4.2.3", path = "tests/lib/wast", optional = true } -wasi-test-generator = { version = "=4.2.3", path = "tests/wasi-wast", optional = true } -wasmer-cache = { version = "=4.2.3", path = "lib/cache", optional = true } -wasmer-types = { version = "=4.2.3", path = "lib/types" } -wasmer-middlewares = { version = "=4.2.3", path = "lib/middlewares", optional = true } +wasmer-compiler-cranelift = { version = "=4.2.4", path = "lib/compiler-cranelift", optional = true } +wasmer-compiler-singlepass = { version = "=4.2.4", path = "lib/compiler-singlepass", optional = true } +wasmer-compiler-llvm = { version = "=4.2.4", path = "lib/compiler-llvm", optional = true } +wasmer-emscripten = { version = "=4.2.4", path = "lib/emscripten", optional = true } +wasmer-wasix = { version = "0.17.0", path = "lib/wasix", optional = true } +wasmer-wast = { version = "=4.2.4", path = "tests/lib/wast", optional = true } +wasi-test-generator = { version = "=4.2.4", path = "tests/wasi-wast", optional = true } +wasmer-cache = { version = "=4.2.4", path = "lib/cache", optional = true } +wasmer-types = { version = "=4.2.4", path = "lib/types" } +wasmer-middlewares = { version = "=4.2.4", path = "lib/middlewares", optional = true } cfg-if = "1.0" tokio = { version = "1", features = [ "rt", @@ -81,7 +81,7 @@ homepage = "https://wasmer.io/" license = "MIT" repository = "https://github.com/wasmerio/wasmer" rust-version = "1.70" -version = "4.2.3" +version = "4.2.4" [workspace.dependencies] enumset = "1.1.0" @@ -97,7 +97,7 @@ glob = "0.3" rustc_version = "0.4" [dev-dependencies] -wasmer = { version = "=4.2.3", path = "lib/api", features = [ +wasmer = { version = "=4.2.4", path = "lib/api", features = [ "compiler", "singlepass", "sys",
CHANGELOG.md+34 −0 modified@@ -9,6 +9,40 @@ Looking for changes that affect our C API? See the [C API Changelog](lib/c-api/C ## **Unreleased** +## 4.2.4 - 30/11/2023 + +This release allows publishing private packages and fixes the issue of the file system being accessible by WASI modules in the abscence of directory mapping. Also improves startup speed, and fixes multiple issues around the WASI filesystem, packages and apps. + +## Added + + - [#4334](https://github.com/wasmerio/wasmer/pull/4334) Add `application/wasm` to list of accepted content-types for webcs + - [#4328](https://github.com/wasmerio/wasmer/pull/4328) Add `--wait` and `--timeout` flags to `wamer publish` + - [#4315](https://github.com/wasmerio/wasmer/pull/4315) Add TTY aware output to the wasmer package and wasmer container commands + - [#4287](https://github.com/wasmerio/wasmer/pull/4287) feat(cli): Add package commands + - [#4247](https://github.com/wasmerio/wasmer/pull/4247) Add support for publishing private packages + - [#4291](https://github.com/wasmerio/wasmer/pull/4291) feat(cli): add pnpm support + +## Changed + + - [#4333](https://github.com/wasmerio/wasmer/pull/4333) deps: Bump edge-cli + - [#4332](https://github.com/wasmerio/wasmer/pull/4332) use rusty_pool instead of rayon + - [#4321](https://github.com/wasmerio/wasmer/pull/4321) deps(cli): Upgrade Edge CLI + - [#4326](https://github.com/wasmerio/wasmer/pull/4326) Always re-execute a registry query when cache lookups fail + - [#4317](https://github.com/wasmerio/wasmer/pull/4317) Bump min enumset version to 1.1.0 + - [#4300](https://github.com/wasmerio/wasmer/pull/4300) Use authentication when running a package + - [#4294](https://github.com/wasmerio/wasmer/pull/4294) Terminate after flushing file descriptors + - [#4273](https://github.com/wasmerio/wasmer/pull/4273) Update memoffset to 0.9.0 + +## Fixed + + - [#4307](https://github.com/wasmerio/wasmer/pull/4307) Fix for the non-flushing of file descriptors and a nasty deadlock + - [#4331](https://github.com/wasmerio/wasmer/pull/4331) Fix visibility validation to work when publishing a new package + - [#4314](https://github.com/wasmerio/wasmer/pull/4314) fix(cli): Prevent temporary file issues in "package download" + - [#4296](https://github.com/wasmerio/wasmer/pull/4296) fix: prevent potential UB by deriving repr C for union + - [#4192](https://github.com/wasmerio/wasmer/pull/4192) More fixes to support Wasmer JS + + + ## 4.2.3 - 26/10/2023 This new version fixes a bug in module bindings path.
lib/api/Cargo.toml+11 −11 modified@@ -39,15 +39,15 @@ shared-buffer = "0.1" # Dependencies and Development Dependencies for `sys`. [target.'cfg(not(target_arch = "wasm32"))'.dependencies] # - Mandatory dependencies for `sys`. -wasmer-vm = { path = "../vm", version = "=4.2.3" } -wasmer-compiler = { path = "../compiler", version = "=4.2.3" } -wasmer-derive = { path = "../derive", version = "=4.2.3" } -wasmer-types = { path = "../types", version = "=4.2.3" } +wasmer-vm = { path = "../vm", version = "=4.2.4" } +wasmer-compiler = { path = "../compiler", version = "=4.2.4" } +wasmer-derive = { path = "../derive", version = "=4.2.4" } +wasmer-types = { path = "../types", version = "=4.2.4" } target-lexicon = { version = "0.12.2", default-features = false } # - Optional dependencies for `sys`. -wasmer-compiler-singlepass = { path = "../compiler-singlepass", version = "=4.2.3", optional = true } -wasmer-compiler-cranelift = { path = "../compiler-cranelift", version = "=4.2.3", optional = true } -wasmer-compiler-llvm = { path = "../compiler-llvm", version = "=4.2.3", optional = true } +wasmer-compiler-singlepass = { path = "../compiler-singlepass", version = "=4.2.4", optional = true } +wasmer-compiler-cranelift = { path = "../compiler-cranelift", version = "=4.2.4", optional = true } +wasmer-compiler-llvm = { path = "../compiler-llvm", version = "=4.2.4", optional = true } wasm-bindgen = { version = "0.2.74", optional = true } js-sys = { version = "0.3.51", optional = true } @@ -62,15 +62,15 @@ winapi = "0.3" wat = "1.0" tempfile = "3.6.0" anyhow = "1.0" -macro-wasmer-universal-test = { version = "4.2.3", path = "./macro-wasmer-universal-test" } +macro-wasmer-universal-test = { version = "4.2.4", path = "./macro-wasmer-universal-test" } # Dependencies and Develoment Dependencies for `js`. [target.'cfg(target_arch = "wasm32")'.dependencies] # - Mandatory dependencies for `js`. -wasmer-types = { path = "../types", version = "=4.2.3", default-features = false, features = ["std"] } +wasmer-types = { path = "../types", version = "=4.2.4", default-features = false, features = ["std"] } wasm-bindgen = "0.2.74" js-sys = "0.3.51" -wasmer-derive = { path = "../derive", version = "=4.2.3" } +wasmer-derive = { path = "../derive", version = "=4.2.4" } # - Optional dependencies for `js`. wasmparser = { version = "0.95", default-features = false, optional = true } hashbrown = { version = "0.11", optional = true } @@ -82,7 +82,7 @@ serde = { version = "1.0", features = ["derive"] } wat = "1.0" anyhow = "1.0" wasm-bindgen-test = "0.3.0" -macro-wasmer-universal-test = { version = "4.2.3", path = "./macro-wasmer-universal-test" } +macro-wasmer-universal-test = { version = "4.2.4", path = "./macro-wasmer-universal-test" } # Specific to `js`. #
lib/api/macro-wasmer-universal-test/Cargo.toml+1 −1 modified@@ -1,6 +1,6 @@ [package] name = "macro-wasmer-universal-test" -version = "4.2.3" +version = "4.2.4" edition = "2021" license = "MIT" description = "Universal test macro for wasmer-test"
lib/cache/Cargo.toml+3 −3 modified@@ -13,7 +13,7 @@ rust-version.workspace = true version.workspace = true [dependencies] -wasmer = { path = "../api", version = "=4.2.3", default-features = false } +wasmer = { path = "../api", version = "=4.2.4", default-features = false } hex = "0.4" thiserror = "1" blake3 = "1.0" @@ -22,8 +22,8 @@ blake3 = "1.0" criterion = { version = "0.5", default-features = false } tempfile = "3.6.0" rand = "0.8.3" -wasmer = { path = "../api", version = "=4.2.3", default-features = false, features = ["sys", "cranelift"] } -wasmer-compiler-singlepass = { path = "../compiler-singlepass", version = "=4.2.3" } +wasmer = { path = "../api", version = "=4.2.4", default-features = false, features = ["sys", "cranelift"] } +wasmer-compiler-singlepass = { path = "../compiler-singlepass", version = "=4.2.4" } [features] default = ["filesystem"]
lib/c-api/Cargo.toml+10 −10 modified@@ -24,17 +24,17 @@ crate-type = ["staticlib", "cdylib"] #"cdylib", "rlib", "staticlib"] [dependencies] # We rename `wasmer` to `wasmer-api` to avoid the conflict with this # library name (see `[lib]`). -wasmer-api = { version = "=4.2.3", path = "../api", default-features = false, package = "wasmer" } -wasmer-compiler = { version = "=4.2.3", path = "../compiler", optional = true } -wasmer-compiler-cranelift = { version = "=4.2.3", path = "../compiler-cranelift", optional = true } -wasmer-compiler-llvm = { version = "=4.2.3", path = "../compiler-llvm", optional = true } -wasmer-compiler-singlepass = { version = "=4.2.3", path = "../compiler-singlepass", optional = true } -wasmer-emscripten = { version = "=4.2.3", path = "../emscripten", optional = true } -wasmer-middlewares = { version = "=4.2.3", path = "../middlewares", optional = true } -wasmer-types = { version = "=4.2.3", path = "../types" } -wasmer-wasix = { version = "0.16.0", path = "../wasix", features = ["host-fs", "host-vnet"], optional = true } +wasmer-api = { version = "=4.2.4", path = "../api", default-features = false, package = "wasmer" } +wasmer-compiler = { version = "=4.2.4", path = "../compiler", optional = true } +wasmer-compiler-cranelift = { version = "=4.2.4", path = "../compiler-cranelift", optional = true } +wasmer-compiler-llvm = { version = "=4.2.4", path = "../compiler-llvm", optional = true } +wasmer-compiler-singlepass = { version = "=4.2.4", path = "../compiler-singlepass", optional = true } +wasmer-emscripten = { version = "=4.2.4", path = "../emscripten", optional = true } +wasmer-middlewares = { version = "=4.2.4", path = "../middlewares", optional = true } +wasmer-types = { version = "=4.2.4", path = "../types" } +wasmer-wasix = { version = "0.17.0", path = "../wasix", features = ["host-fs", "host-vnet"], optional = true } webc = { version = "5.0", optional = true } -virtual-fs = { version = "0.9.0", path = "../virtual-fs", optional = true, default-features = false, features = ["static-fs"] } +virtual-fs = { version = "0.10.0", path = "../virtual-fs", optional = true, default-features = false, features = ["static-fs"] } enumset.workspace = true cfg-if = "1.0" lazy_static = "1.4"
lib/c-api/examples/wasmer-capi-examples-runner/Cargo.toml+1 −1 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-capi-examples-runner" -version = "4.2.3" +version = "4.2.4" edition = "2021" license = "MIT" description = "wasmer-capi-examples-runner"
lib/c-api/tests/wasmer-c-api-test-runner/Cargo.toml+1 −1 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-c-api-test-runner" -version = "4.2.3" +version = "4.2.4" edition = "2021" license = "MIT" description = "wasmer-c-api-test-runner"
lib/cli/Cargo.toml+15 −15 modified@@ -27,37 +27,37 @@ required-features = ["headless"] [dependencies] # Repo-local dependencies. -wasmer = { version = "=4.2.3", path = "../api", default-features = false } -wasmer-compiler = { version = "=4.2.3", path = "../compiler", features = [ +wasmer = { version = "=4.2.4", path = "../api", default-features = false } +wasmer-compiler = { version = "=4.2.4", path = "../compiler", features = [ "compiler", ], optional = true } -wasmer-compiler-cranelift = { version = "=4.2.3", path = "../compiler-cranelift", optional = true } -wasmer-compiler-singlepass = { version = "=4.2.3", path = "../compiler-singlepass", optional = true } -wasmer-compiler-llvm = { version = "=4.2.3", path = "../compiler-llvm", optional = true } -wasmer-emscripten = { version = "=4.2.3", path = "../emscripten" } -wasmer-vm = { version = "=4.2.3", path = "../vm", optional = true } -wasmer-wasix = { version = "0.16.0", path = "../wasix", features = [ +wasmer-compiler-cranelift = { version = "=4.2.4", path = "../compiler-cranelift", optional = true } +wasmer-compiler-singlepass = { version = "=4.2.4", path = "../compiler-singlepass", optional = true } +wasmer-compiler-llvm = { version = "=4.2.4", path = "../compiler-llvm", optional = true } +wasmer-emscripten = { version = "=4.2.4", path = "../emscripten" } +wasmer-vm = { version = "=4.2.4", path = "../vm", optional = true } +wasmer-wasix = { version = "0.17.0", path = "../wasix", features = [ "logging", "webc_runner_rt_wcgi", "webc_runner_rt_emscripten", "host-fs", ] } -wasmer-wasix-experimental-io-devices = { version = "0.16.0", path = "../wasi-experimental-io-devices", optional = true, features = [ +wasmer-wasix-experimental-io-devices = { version = "0.17.0", path = "../wasi-experimental-io-devices", optional = true, features = [ "link_external_libs", ] } -wasmer-wast = { version = "=4.2.3", path = "../../tests/lib/wast", optional = true } -wasmer-cache = { version = "=4.2.3", path = "../cache", features = [ +wasmer-wast = { version = "=4.2.4", path = "../../tests/lib/wast", optional = true } +wasmer-cache = { version = "=4.2.4", path = "../cache", features = [ "blake3-pure", ] } -wasmer-types = { version = "=4.2.3", path = "../types", features = [ +wasmer-types = { version = "=4.2.4", path = "../types", features = [ "enable-serde", ] } -wasmer-registry = { version = "5.9.0", path = "../registry", features = [ +wasmer-registry = { version = "5.10.0", path = "../registry", features = [ "build-package", "clap", ] } -wasmer-object = { version = "=4.2.3", path = "../object", optional = true } -virtual-fs = { version = "0.9.0", path = "../virtual-fs", default-features = false, features = [ +wasmer-object = { version = "=4.2.4", path = "../object", optional = true } +virtual-fs = { version = "0.10.0", path = "../virtual-fs", default-features = false, features = [ "host-fs", ] } virtual-net = { version = "0.6.1", path = "../virtual-net" }
lib/cli-compiler/Cargo.toml+6 −6 modified@@ -20,8 +20,8 @@ path = "src/bin/wasmer_compiler.rs" doc = false [dependencies] -wasmer-compiler = { version = "=4.2.3", path = "../compiler", features = ["compiler"] } -wasmer-types = { version = "=4.2.3", path = "../types" } +wasmer-compiler = { version = "=4.2.4", path = "../compiler", features = ["compiler"] } +wasmer-types = { version = "=4.2.4", path = "../types" } is-terminal = "0.4.7" colored = "2.0" anyhow = "1.0" @@ -36,13 +36,13 @@ log = { version = "0.4", optional = true } target-lexicon = { version = "0.12", features = ["std"] } [target.'cfg(not(target_arch = "wasm32"))'.dependencies] -wasmer-compiler-singlepass = { version = "=4.2.3", path = "../compiler-singlepass", optional = true } -wasmer-compiler-cranelift = { version = "=4.2.3", path = "../compiler-cranelift", optional = true } +wasmer-compiler-singlepass = { version = "=4.2.4", path = "../compiler-singlepass", optional = true } +wasmer-compiler-cranelift = { version = "=4.2.4", path = "../compiler-cranelift", optional = true } clap = { version = "4.2.7", features = ["derive", "env"] } [target.'cfg(target_arch = "wasm32")'.dependencies] -wasmer-compiler-singlepass = { version = "=4.2.3", path = "../compiler-singlepass", optional = true, default-features = false, features = ["wasm"] } -wasmer-compiler-cranelift = { version = "=4.2.3", path = "../compiler-cranelift", optional = true, default-features = false, features = ["wasm"] } +wasmer-compiler-singlepass = { version = "=4.2.4", path = "../compiler-singlepass", optional = true, default-features = false, features = ["wasm"] } +wasmer-compiler-cranelift = { version = "=4.2.4", path = "../compiler-cranelift", optional = true, default-features = false, features = ["wasm"] } # NOTE: Must use different features for clap because the "color" feature does not # work on wasi, due to the anstream dependency not compiling. clap = { version = "4.2.7", default-features = false, features = [
lib/compiler/Cargo.toml+3 −3 modified@@ -13,8 +13,8 @@ rust-version.workspace = true version.workspace = true [dependencies] -wasmer-types = { path = "../types", version = "=4.2.3", default-features = false } -wasmer-object = { path = "../object", version = "=4.2.3", optional = true } +wasmer-types = { path = "../types", version = "=4.2.4", default-features = false } +wasmer-object = { path = "../object", version = "=4.2.4", optional = true } wasmparser = { version = "0.95", optional = true, default-features = false } enumset.workspace = true hashbrown = { version = "0.11", optional = true } @@ -38,7 +38,7 @@ rkyv = { version = "0.7.40", features = ["indexmap", "validation", "strict"] } shared-buffer = "0.1" [target.'cfg(not(target_arch = "wasm32"))'.dependencies] -wasmer-vm = { path = "../vm", version = "=4.2.3" } +wasmer-vm = { path = "../vm", version = "=4.2.4" } region = { version = "3.0" } [target.'cfg(target_os = "windows")'.dependencies]
lib/compiler-cranelift/Cargo.toml+2 −2 modified@@ -14,8 +14,8 @@ rust-version.workspace = true version.workspace = true [dependencies] -wasmer-compiler = { path = "../compiler", version = "=4.2.3", features = ["translator", "compiler"], default-features = false } -wasmer-types = { path = "../types", version = "=4.2.3", default-features = false, features = ["std"] } +wasmer-compiler = { path = "../compiler", version = "=4.2.4", features = ["translator", "compiler"], default-features = false } +wasmer-types = { path = "../types", version = "=4.2.4", default-features = false, features = ["std"] } cranelift-entity = { version = "0.91.1", default-features = false } cranelift-codegen = { version = "0.91.1", default-features = false, features = ["x86", "arm64", "riscv64"] } cranelift-frontend = { version = "0.91.1", default-features = false }
lib/compiler-llvm/Cargo.toml+3 −3 modified@@ -14,11 +14,11 @@ rust-version.workspace = true version.workspace = true [dependencies] -wasmer-compiler = { path = "../compiler", version = "=4.2.3", features = [ +wasmer-compiler = { path = "../compiler", version = "=4.2.4", features = [ "translator", "compiler" ] } -wasmer-vm = { path = "../vm", version = "=4.2.3" } -wasmer-types = { path = "../types", version = "=4.2.3" } +wasmer-vm = { path = "../vm", version = "=4.2.4" } +wasmer-types = { path = "../types", version = "=4.2.4" } target-lexicon = { version = "0.12.2", default-features = false } smallvec = "1.6" object = { version = "0.28.3", default-features = false, features = ["read"] }
lib/compiler-singlepass/Cargo.toml+2 −2 modified@@ -14,8 +14,8 @@ rust-version.workspace = true version.workspace = true [dependencies] -wasmer-compiler = { path = "../compiler", version = "=4.2.3", features = ["translator", "compiler"], default-features = false } -wasmer-types = { path = "../types", version = "=4.2.3", default-features = false, features = ["std"] } +wasmer-compiler = { path = "../compiler", version = "=4.2.4", features = ["translator", "compiler"], default-features = false } +wasmer-types = { path = "../types", version = "=4.2.4", default-features = false, features = ["std"] } hashbrown = { version = "0.11", optional = true } gimli = { version = "0.26", optional = true } enumset.workspace = true
lib/emscripten/Cargo.toml+2 −2 modified@@ -18,8 +18,8 @@ lazy_static = "1.4" libc = "^0.2" log = "0.4" time = { version = "0.3", features = ["std", "formatting"] } -wasmer = { path = "../api", version = "=4.2.3", default-features = false } -wasmer-types = { path = "../types", version = "=4.2.3" } +wasmer = { path = "../api", version = "=4.2.4", default-features = false } +wasmer-types = { path = "../types", version = "=4.2.4" } [target.'cfg(windows)'.dependencies] getrandom = "0.2"
lib/middlewares/Cargo.toml+4 −4 modified@@ -13,12 +13,12 @@ rust-version.workspace = true version.workspace = true [dependencies] -wasmer = { path = "../api", version = "=4.2.3", default-features = false, features = ["compiler"] } -wasmer-types = { path = "../types", version = "=4.2.3" } -wasmer-vm = { path = "../vm", version = "=4.2.3" } +wasmer = { path = "../api", version = "=4.2.4", default-features = false, features = ["compiler"] } +wasmer-types = { path = "../types", version = "=4.2.4" } +wasmer-vm = { path = "../vm", version = "=4.2.4" } [dev-dependencies] -wasmer = { path = "../api", version = "=4.2.3", features = ["compiler"] } +wasmer = { path = "../api", version = "=4.2.4", features = ["compiler"] } [badges] maintenance = { status = "actively-developed" }
lib/object/Cargo.toml+1 −1 modified@@ -13,7 +13,7 @@ rust-version.workspace = true version.workspace = true [dependencies] -wasmer-types = { path = "../types", version = "=4.2.3" } +wasmer-types = { path = "../types", version = "=4.2.4" } object = { version = "0.28.3", default-features = false, features = ["write"] } thiserror = "1.0"
lib/registry/Cargo.toml+2 −2 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-registry" -version = "5.9.0" +version = "5.10.0" description = "Crate to interact with the wasmer registry, download packages, etc." authors.workspace = true edition.workspace = true @@ -46,7 +46,7 @@ toml = "0.5.9" tracing = "0.1.40" url = "2.3.1" wasmer-toml = { workspace = true } -wasmer-wasm-interface = { version = "4.2.3", path = "../wasm-interface", optional = true } +wasmer-wasm-interface = { version = "4.2.4", path = "../wasm-interface", optional = true } wasmparser = { version = "0.51.4", optional = true } whoami = "1.2.3"
lib/sys-utils/Cargo.toml+6 −6 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-sys-utils" -version = "0.16.0" +version = "0.17.0" description = "Wasmer utilities for a sys environment." categories = ["wasm"] keywords = ["wasm", "webassembly"] @@ -12,18 +12,18 @@ repository.workspace = true rust-version.workspace = true [dependencies] -wasmer = { path = "../api", version = "=4.2.3", default-features = false, features = ["sys", "compiler"] } -wasmer-vm = { path = "../vm", version = "=4.2.3" } -wasmer-types = { path = "../types", version = "=4.2.3" } +wasmer = { path = "../api", version = "=4.2.4", default-features = false, features = ["sys", "compiler"] } +wasmer-vm = { path = "../vm", version = "=4.2.4" } +wasmer-types = { path = "../types", version = "=4.2.4" } region = { version = "3.0" } tracing = "0.1.37" [target.'cfg(unix)'.dependencies] libc = { version = "^0.2", default-features = false } [dev-dependencies] -wasmer-wasix = { path = "../wasix", version = "0.16.0" } -wasmer = { path = "../api", version = "=4.2.3", default-features = false, features = ["sys", "compiler", "cranelift"] } +wasmer-wasix = { path = "../wasix", version = "0.17.0" } +wasmer = { path = "../api", version = "=4.2.4", default-features = false, features = ["sys", "compiler", "cranelift"] } tracing-subscriber = { version = "0.3.16", features = ["fmt"] } tracing = "0.1.37"
lib/virtual-fs/Cargo.toml+1 −1 modified@@ -1,6 +1,6 @@ [package] name = "virtual-fs" -version = "0.9.0" +version = "0.10.0" description = "Wasmer Virtual FileSystem" authors.workspace = true edition.workspace = true
lib/vm/Cargo.toml+1 −1 modified@@ -14,7 +14,7 @@ version.workspace = true [dependencies] memoffset.workspace = true -wasmer-types = { path = "../types", version = "=4.2.3" } +wasmer-types = { path = "../types", version = "=4.2.4" } libc = { version = "^0.2", default-features = false } indexmap = { version = "1.6" } thiserror = "1.0"
lib/wai-bindgen-wasmer/Cargo.toml+2 −2 modified@@ -1,7 +1,7 @@ [package] name = "wai-bindgen-wasmer" description = "Generate WAI glue for a Rust Wasmer host" -version = "0.16.0" +version = "0.17.0" categories = ["wasm", "os"] keywords = ["wasm", "webassembly", "wasi", "sandbox", "ABI"] readme = "README.md" @@ -20,7 +20,7 @@ once_cell = "1.13" thiserror = "1.0" tracing-lib = { version = "0.1.26", optional = true, package = "tracing" } wai-bindgen-wasmer-impl = { version = "0.2.2" } -wasmer = { version = "=4.2.3", path = "../api", default-features = false } +wasmer = { version = "=4.2.4", path = "../api", default-features = false } [features] # Enables generated code to emit events via the `tracing` crate whenever wasm is
lib/wasi-experimental-io-devices/Cargo.toml+4 −4 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-wasix-experimental-io-devices" -version = "0.16.0" +version = "0.17.0" description = "An experimental non-standard WASI/WASIX extension for graphics" categories = ["wasm"] keywords = ["wasm", "webassembly", "types"] @@ -16,9 +16,9 @@ rust-version.workspace = true maintenance = { status = "experimental" } [dependencies] -wasmer = { version = "4.2.3", path = "../api", default-features=false } -wasmer-wasix = { version = "0.16.0", path = "../wasix", default-features=false } -wasmer-wasix-types = { path = "../wasi-types", version = "0.16.0" } +wasmer = { version = "4.2.4", path = "../api", default-features=false } +wasmer-wasix = { version = "0.17.0", path = "../wasix", default-features=false } +wasmer-wasix-types = { path = "../wasi-types", version = "0.17.0" } tracing = "0.1" minifb = { version = "0.24.0", optional = true } nix = "0.25.0"
lib/wasi-types/Cargo.toml+4 −4 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-wasix-types" -version = "0.16.0" +version = "0.17.0" description = "WASI and WASIX types for Wasmer WebAssembly runtime" categories = ["wasm", "os"] keywords = ["wasm", "webassembly", "wasi", "sandbox", "ABI"] @@ -15,9 +15,9 @@ rust-version.workspace = true # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -wasmer = { default-features = false, path = "../api", version = "=4.2.3" } -wasmer-types = { path = "../types", version = "=4.2.3" } -wasmer-derive = { path = "../derive", version = "=4.2.3" } +wasmer = { default-features = false, path = "../api", version = "=4.2.4" } +wasmer-types = { path = "../types", version = "=4.2.4" } +wasmer-derive = { path = "../derive", version = "=4.2.4" } wai-bindgen-gen-rust = "0.2.1" wai-bindgen-rust = { version = "0.2.1", default-features = false, features = ["macros"] } wai-bindgen-gen-rust-wasm = "0.2.1"
lib/wasi-web/Cargo.lock+10 −10 modified@@ -2158,7 +2158,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "virtual-fs" -version = "0.9.0" +version = "0.10.0" dependencies = [ "anyhow", "async-trait", @@ -2278,7 +2278,7 @@ dependencies = [ [[package]] name = "wai-bindgen-wasmer" -version = "0.16.0" +version = "0.17.0" dependencies = [ "anyhow", "bitflags 1.3.2", @@ -2440,7 +2440,7 @@ dependencies = [ [[package]] name = "wasmer" -version = "4.2.3" +version = "4.2.4" dependencies = [ "bytes", "cfg-if", @@ -2467,7 +2467,7 @@ dependencies = [ [[package]] name = "wasmer-compiler" -version = "4.2.3" +version = "4.2.4" dependencies = [ "backtrace", "bytes", @@ -2491,7 +2491,7 @@ dependencies = [ [[package]] name = "wasmer-derive" -version = "4.2.3" +version = "4.2.4" dependencies = [ "proc-macro-error", "proc-macro2", @@ -2519,7 +2519,7 @@ dependencies = [ [[package]] name = "wasmer-types" -version = "4.2.3" +version = "4.2.4" dependencies = [ "bytecheck", "enum-iterator", @@ -2534,7 +2534,7 @@ dependencies = [ [[package]] name = "wasmer-vm" -version = "4.2.3" +version = "4.2.4" dependencies = [ "backtrace", "cc", @@ -2560,7 +2560,7 @@ dependencies = [ [[package]] name = "wasmer-wasix" -version = "0.16.0" +version = "0.17.0" dependencies = [ "anyhow", "async-trait", @@ -2617,7 +2617,7 @@ dependencies = [ [[package]] name = "wasmer-wasix-types" -version = "0.16.0" +version = "0.17.0" dependencies = [ "anyhow", "bitflags 1.3.2", @@ -2639,7 +2639,7 @@ dependencies = [ [[package]] name = "wasmer-web" -version = "0.16.0" +version = "0.17.0" dependencies = [ "anyhow", "async-trait",
lib/wasi-web/Cargo.toml+2 −2 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-web" -version = "0.16.0" +version = "0.17.0" authors = ["Wasmer Engineering <mailto:engineering@wasmer.io>"] edition = "2021" publish = false @@ -17,7 +17,7 @@ rust-version = "1.70" [dependencies] wasmer = { path = "../api", default_features = false, features = [ "js-default" ] } -wasmer-wasix = { path = "../wasix", version = "0.16.0", default-features = false, features = [ "js-default" ] } +wasmer-wasix = { path = "../wasix", version = "0.17.0", default-features = false, features = [ "js-default" ] } virtual-net = { path = "../virtual-net", version = "0.6.1", default-features = false, features = [ "remote" ] } #wasm-bindgen = { version = "0.2", features = [ "nightly", "serde-serialize" ] } wasm-bindgen = { version = "0.2", features = [ "serde-serialize" ] }
lib/wasix/Cargo.toml+9 −9 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-wasix" -version = "0.16.0" +version = "0.17.0" description = "WASI and WASIX implementation library for Wasmer WebAssembly runtime" categories = ["wasm", "os"] keywords = ["wasm", "webassembly", "wasi", "sandbox", "ABI"] @@ -18,13 +18,13 @@ cfg-if = "1.0" thiserror = "1" tracing = { version = "0.1.37" } getrandom = "0.2" -wasmer-wasix-types = { path = "../wasi-types", version = "0.16.0", features = [ "enable-serde" ] } -wasmer-types = { path = "../types", version = "=4.2.3", default-features = false } -wasmer = { path = "../api", version = "=4.2.3", default-features = false, features = ["wat", "js-serializable-module"] } +wasmer-wasix-types = { path = "../wasi-types", version = "0.17.0", features = [ "enable-serde" ] } +wasmer-types = { path = "../types", version = "=4.2.4", default-features = false } +wasmer = { path = "../api", version = "=4.2.4", default-features = false, features = ["wat", "js-serializable-module"] } virtual-mio = { path = "../virtual-io", version = "0.3.0", default-features = false } -virtual-fs = { path = "../virtual-fs", version = "0.9.0", default-features = false, features = ["webc-fs"] } +virtual-fs = { path = "../virtual-fs", version = "0.10.0", default-features = false, features = ["webc-fs"] } virtual-net = { path = "../virtual-net", version = "0.6.1", default-features = false } -wasmer-emscripten = { path = "../emscripten", version = "=4.2.3", optional = true } +wasmer-emscripten = { path = "../emscripten", version = "=4.2.4", optional = true } typetag = { version = "0.1", optional = true } serde = { version = "1.0", default-features = false, features = ["derive"] } bincode = { version = "1.3" } @@ -52,7 +52,7 @@ hex = { version = "^0.4" } term_size = { version = "0.3" } linked_hash_set = { version = "0.1" } http = "0.2.8" -wai-bindgen-wasmer = { path = "../wai-bindgen-wasmer", version = "0.16.0", features = ["tracing"] } +wai-bindgen-wasmer = { path = "../wai-bindgen-wasmer", version = "0.17.0", features = ["tracing"] } heapless = "0.7.16" once_cell = "1.17.0" pin-project = "1.0.12" @@ -94,7 +94,7 @@ termios = { version = "0.3" } winapi = "0.3" [dev-dependencies] -wasmer = { path = "../api", version = "=4.2.3", default-features = false, features = ["wat", "js-serializable-module"] } +wasmer = { path = "../api", version = "=4.2.4", default-features = false, features = ["wat", "js-serializable-module"] } tokio = { version = "1", features = [ "sync", "macros", "rt" ], default_features = false } pretty_assertions = "1.3.0" wasm-bindgen-test = "0.3.0" @@ -105,7 +105,7 @@ tracing-wasm = "0.2" [target.'cfg(not(target_arch = "wasm32"))'.dev-dependencies] tracing-subscriber = { version = "^0.3" } -wasmer = { path = "../api", version = "=4.2.3", default-features = false, features = ["wat", "js-serializable-module", "cranelift"] } +wasmer = { path = "../api", version = "=4.2.4", default-features = false, features = ["wat", "js-serializable-module", "cranelift"] } [features] default = ["sys-default"]
scripts/update-version.py+2 −2 modified@@ -1,7 +1,7 @@ #!/usr/bin/python -PREVIOUS_VERSION='4.2.2' -NEXT_VERSION='4.2.3' +PREVIOUS_VERSION='4.2.3' +NEXT_VERSION='4.2.4' import os import re
scripts/windows-installer/wasmer.iss+1 −1 modified@@ -1,6 +1,6 @@ [Setup] AppName=Wasmer -AppVersion=4.2.3 +AppVersion=4.2.4 DefaultDirName={pf}\Wasmer DefaultGroupName=Wasmer Compression=lzma2
tests/integration/cli/Cargo.toml+1 −1 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-integration-tests-cli" -version = "4.2.3" +version = "4.2.4" authors = ["Wasmer Engineering Team <engineering@wasmer.io>"] description = "CLI integration tests" repository = "https://github.com/wasmerio/wasmer"
tests/integration/ios/Cargo.toml+1 −1 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-integration-tests-ios" -version = "4.2.3" +version = "4.2.4" authors = ["Wasmer Engineering Team <engineering@wasmer.io>"] description = "iOS integration tests" repository = "https://github.com/wasmerio/wasmer"
tests/lib/wast/Cargo.toml+4 −4 modified@@ -1,6 +1,6 @@ [package] name = "wasmer-wast" -version = "4.2.3" +version = "4.2.4" authors = ["Wasmer Engineering Team <engineering@wasmer.io>"] description = "wast testing support for wasmer" license = "MIT OR Apache-2.0 WITH LLVM-exception" @@ -12,9 +12,9 @@ edition = "2018" [dependencies] anyhow = "1.0" -wasmer = { path = "../../../lib/api", version = "=4.2.3", default-features = false } -wasmer-wasix = { path = "../../../lib/wasix", version = "0.16.0" } -virtual-fs = { path = "../../../lib/virtual-fs", version = "0.9.0" } +wasmer = { path = "../../../lib/api", version = "=4.2.4", default-features = false } +wasmer-wasix = { path = "../../../lib/wasix", version = "0.17.0" } +virtual-fs = { path = "../../../lib/virtual-fs", version = "0.10.0" } wast = "38.0" serde = "1" tempfile = "3.6.0"
tests/wasi-wast/Cargo.toml+1 −1 modified@@ -1,6 +1,6 @@ [package] name = "wasi-test-generator" -version = "4.2.3" +version = "4.2.4" description = "Tests for our WASI implementation" license = "MIT" authors = ["Wasmer Engineering Team <engineering@wasmer.io>"]
e3923612c231Merge pull request #4301 from wasmerio/cli-wasi-fs-setup-cleanup
9 files changed · +485 −126
lib/cli/src/commands/mod.rs+0 −0 renamedlib/cli/src/commands/run/mod.rs+28 −20 renamed@@ -30,7 +30,7 @@ use wasmer_compiler::ArtifactBuild; use wasmer_registry::{wasmer_env::WasmerEnv, Package}; use wasmer_wasix::{ bin_factory::BinaryPackage, - runners::{MappedDirectory, Runner}, + runners::{MappedCommand, MappedDirectory, Runner}, runtime::{ module_cache::{CacheError, ModuleHash}, package_loader::PackageLoader, @@ -215,17 +215,7 @@ impl Run { uses: Vec<BinaryPackage>, runtime: Arc<dyn Runtime + Send + Sync>, ) -> Result<(), Error> { - let mut runner = wasmer_wasix::runners::wasi::WasiRunner::new() - .with_args(self.args.clone()) - .with_envs(self.wasi.env_vars.clone()) - .with_mapped_directories(self.wasi.mapped_dirs.clone()) - .with_injected_packages(uses); - if self.wasi.forward_host_env { - runner.set_forward_host_env(); - } - - *runner.capabilities() = self.wasi.capabilities(); - + let mut runner = self.build_wasi_runner(&runtime)?; runner.run_command(command_name, pkg, runtime) } @@ -298,23 +288,41 @@ impl Run { Ok(()) } + fn build_wasi_runner( + &self, + runtime: &Arc<dyn Runtime + Send + Sync>, + ) -> Result<WasiRunner, anyhow::Error> { + let packages = self.load_injected_packages(runtime)?; + + let runner = WasiRunner::new() + .with_args(&self.args) + .with_injected_packages(packages) + .with_envs(self.wasi.env_vars.clone()) + .with_mapped_host_commands(self.wasi.build_mapped_commands()?) + .with_mapped_directories(self.wasi.build_mapped_directories()?) + .with_forward_host_env(self.wasi.forward_host_env) + .with_capabilities(self.wasi.capabilities()); + + Ok(runner) + } + #[tracing::instrument(skip_all)] fn execute_wasi_module( &self, wasm_path: &Path, module: &Module, runtime: Arc<dyn Runtime + Send + Sync>, - store: Store, + mut store: Store, ) -> Result<(), Error> { let program_name = wasm_path.display().to_string(); - let builder = self - .wasi - .prepare(module, program_name, self.args.clone(), runtime)?; - - builder.run_with_store_async(module.clone(), store)?; - - Ok(()) + let runner = self.build_wasi_runner(&runtime)?; + runner.run_wasm( + runtime, + &program_name, + module, + self.wasi.enable_async_threads, + ) } #[tracing::instrument(skip_all)]
lib/cli/src/commands/run/wasi.rs+209 −17 modified@@ -20,7 +20,7 @@ use wasmer_wasix::{ http::HttpClient, os::{tty_sys::SysTty, TtyBridge}, rewind_ext, - runners::MappedDirectory, + runners::{MappedCommand, MappedDirectory}, runtime::{ module_cache::{FileSystemCache, ModuleCache}, package_loader::{BuiltinPackageLoader, PackageLoader}, @@ -77,11 +77,11 @@ pub struct Wasi { /// List of webc packages that are explicitly included for execution /// Note: these packages will be used instead of those in the registry #[clap(long = "include-webc", name = "WEBC")] - include_webcs: Vec<PathBuf>, + pub(super) include_webcs: Vec<PathBuf>, /// List of injected atoms #[clap(long = "map-command", name = "MAPCMD")] - map_commands: Vec<String>, + pub(super) map_commands: Vec<String>, /// Enable experimental IO devices #[cfg(feature = "experimental-io-devices")] @@ -125,6 +125,8 @@ pub struct RunProperties { #[allow(dead_code)] impl Wasi { + const MAPPED_CURRENT_DIR_DEFAULT_PATH: &'static str = "/mnt/host"; + pub fn map_dir(&mut self, alias: &str, target_on_disk: PathBuf) { self.mapped_dirs.push(MappedDirectory { guest: alias.to_string(), @@ -190,12 +192,93 @@ impl Wasi { .uses(uses) .map_commands(map_commands); - let mut builder = if wasmer_wasix::is_wasix_module(module) { + let mut builder = { // If we preopen anything from the host then shallow copy it over let root_fs = RootFileSystemBuilder::new() .with_tty(Box::new(DeviceFile::new(__WASI_STDIN_FILENO))) .build(); - if !self.mapped_dirs.is_empty() { + + let mut mapped_dirs = Vec::new(); + + // Process the --dirs flag and merge it with --mapdir. + let mut have_current_dir = false; + for dir in &self.pre_opened_directories { + let mapping = if dir == Path::new(".") { + if have_current_dir { + bail!("Cannot pre-open the current directory twice: --dir=. must only be specified once"); + } + have_current_dir = true; + + let current_dir = + std::env::current_dir().context("could not determine current directory")?; + + MappedDirectory { + host: current_dir, + guest: Self::MAPPED_CURRENT_DIR_DEFAULT_PATH.to_string(), + } + } else { + let resolved = dir.canonicalize().with_context(|| { + format!( + "could not canonicalize path for argument '--dir {}'", + dir.display() + ) + })?; + + if &resolved != dir { + bail!( + "Invalid argument '--dir {}': path must either be absolute, or '.'", + dir.display(), + ); + } + + let guest = resolved + .to_str() + .with_context(|| { + format!( + "invalid argument '--dir {}': path must be valid utf-8", + dir.display(), + ) + })? + .to_string(); + + MappedDirectory { + host: resolved, + guest, + } + }; + + mapped_dirs.push(mapping); + } + + for MappedDirectory { host, guest } in &self.mapped_dirs { + let resolved_host = host.canonicalize().with_context(|| { + format!( + "could not canonicalize path for argument '--mapdir {}:{}'", + host.display(), + guest, + ) + })?; + + let mapping = if guest == "." { + if have_current_dir { + bail!("Cannot pre-open the current directory twice: '--mapdir=?:.' / '--dir=.' must only be specified once"); + } + have_current_dir = true; + + MappedDirectory { + host: resolved_host, + guest: Self::MAPPED_CURRENT_DIR_DEFAULT_PATH.to_string(), + } + } else { + MappedDirectory { + host: resolved_host, + guest: guest.clone(), + } + }; + mapped_dirs.push(mapping); + } + + if !mapped_dirs.is_empty() { let fs_backing: Arc<dyn FileSystem + Send + Sync> = Arc::new(PassthruFileSystem::new(default_fs_backing())); for MappedDirectory { host, guest } in self.mapped_dirs.clone() { @@ -209,20 +292,16 @@ impl Wasi { } // Open the root of the new filesystem - builder + let b = builder .sandbox_fs(root_fs) .preopen_dir(Path::new("/")) - .unwrap() - .map_dir(".", "/")? - } else { - builder - .fs(default_fs_backing()) - .preopen_dirs(self.pre_opened_directories.clone())? - .map_dirs( - self.mapped_dirs - .iter() - .map(|d| (d.guest.clone(), d.host.clone())), - )? + .unwrap(); + + if have_current_dir { + b.map_dir(".", Self::MAPPED_CURRENT_DIR_DEFAULT_PATH)? + } else { + b.map_dir(".", "/")? + } }; *builder.capabilities_mut() = self.capabilities(); @@ -238,6 +317,119 @@ impl Wasi { Ok(builder) } + pub fn build_mapped_directories(&self) -> Result<Vec<MappedDirectory>, anyhow::Error> { + let mut mapped_dirs = Vec::new(); + + // Process the --dirs flag and merge it with --mapdir. + let mut have_current_dir = false; + for dir in &self.pre_opened_directories { + let mapping = if dir == Path::new(".") { + if have_current_dir { + bail!("Cannot pre-open the current directory twice: --dir=. must only be specified once"); + } + have_current_dir = true; + + let current_dir = + std::env::current_dir().context("could not determine current directory")?; + + MappedDirectory { + host: current_dir, + guest: Self::MAPPED_CURRENT_DIR_DEFAULT_PATH.to_string(), + } + } else { + let resolved = dir.canonicalize().with_context(|| { + format!( + "could not canonicalize path for argument '--dir {}'", + dir.display() + ) + })?; + + if &resolved != dir { + bail!( + "Invalid argument '--dir {}': path must either be absolute, or '.'", + dir.display(), + ); + } + + let guest = resolved + .to_str() + .with_context(|| { + format!( + "invalid argument '--dir {}': path must be valid utf-8", + dir.display(), + ) + })? + .to_string(); + + MappedDirectory { + host: resolved, + guest, + } + }; + + mapped_dirs.push(mapping); + } + + for MappedDirectory { host, guest } in &self.mapped_dirs { + let resolved_host = host.canonicalize().with_context(|| { + format!( + "could not canonicalize path for argument '--mapdir {}:{}'", + host.display(), + guest, + ) + })?; + + let mapping = if guest == "." { + if have_current_dir { + bail!("Cannot pre-open the current directory twice: '--mapdir=?:.' / '--dir=.' must only be specified once"); + } + have_current_dir = true; + + MappedDirectory { + host: resolved_host, + guest: Self::MAPPED_CURRENT_DIR_DEFAULT_PATH.to_string(), + } + } else { + MappedDirectory { + host: resolved_host, + guest: guest.clone(), + } + }; + mapped_dirs.push(mapping); + } + + Ok(mapped_dirs) + } + + pub fn build_mapped_commands(&self) -> Result<Vec<MappedCommand>, anyhow::Error> { + self.map_commands + .iter() + .map(|item| { + let (a, b) = item.split_once('=').with_context(|| { + format!( + "Invalid --map-command flag: expected <ALIAS>=<HOST_PATH>, got '{item}'" + ) + })?; + + let a = a.trim(); + let b = b.trim(); + + if a.is_empty() { + bail!("Invalid --map-command flag - alias cannot be empty: '{item}'"); + } + // TODO(theduke): check if host command exists, and canonicalize PathBuf. + if b.is_empty() { + bail!("Invalid --map-command flag - host path cannot be empty: '{item}'"); + } + + Ok(MappedCommand { + alias: a.to_string(), + target: b.to_string(), + }) + }) + .collect::<Result<Vec<_>, anyhow::Error>>() + } + pub fn capabilities(&self) -> Capabilities { let mut caps = Capabilities::default();
lib/wasix/src/os/console/mod.rs+7 −1 modified@@ -225,7 +225,13 @@ impl Console { .with_stdin(Box::new(self.stdin.clone())) .with_stdout(Box::new(self.stdout.clone())) .with_stderr(Box::new(self.stderr.clone())) - .prepare_webc_env(prog, &wasi_opts, &pkg, self.runtime.clone(), Some(root_fs)) + .prepare_webc_env( + prog, + &wasi_opts, + Some(&pkg), + self.runtime.clone(), + Some(root_fs), + ) // TODO: better error conversion .map_err(|err| SpawnError::Other(err.into()))?;
lib/wasix/src/runners/mod.rs+1 −1 modified@@ -7,7 +7,7 @@ mod wasi_common; #[cfg(feature = "webc_runner_rt_wcgi")] pub mod wcgi; -pub use self::runner::Runner; +pub use self::{runner::Runner, wasi_common::MappedCommand}; /// A directory that should be mapped from the host filesystem into a WASI /// instance (the "guest").
lib/wasix/src/runners/wasi_common.rs+94 −62 modified@@ -14,21 +14,31 @@ use crate::{ WasiEnvBuilder, }; +#[derive(Debug, Clone)] +pub struct MappedCommand { + /// The new alias. + pub alias: String, + /// The original command. + pub target: String, +} + #[derive(Debug, Default, Clone)] pub(crate) struct CommonWasiOptions { pub(crate) args: Vec<String>, pub(crate) env: HashMap<String, String>, pub(crate) forward_host_env: bool, pub(crate) mapped_dirs: Vec<MappedDirectory>, + pub(crate) mapped_host_commands: Vec<MappedCommand>, pub(crate) injected_packages: Vec<BinaryPackage>, pub(crate) capabilities: Capabilities, + pub(crate) current_dir: Option<PathBuf>, } impl CommonWasiOptions { pub(crate) fn prepare_webc_env( &self, builder: &mut WasiEnvBuilder, - container_fs: Arc<dyn FileSystem + Send + Sync>, + container_fs: Option<Arc<dyn FileSystem + Send + Sync>>, wasi: &WasiAnnotation, root_fs: Option<TmpFileSystem>, ) -> Result<(), anyhow::Error> { @@ -48,6 +58,12 @@ impl CommonWasiOptions { builder.add_webc(pkg.clone()); } + let mapped_cmds = self + .mapped_host_commands + .iter() + .map(|c| (c.alias.as_str(), c.target.as_str())); + builder.add_mapped_commands(mapped_cmds); + self.populate_env(wasi, builder); self.populate_args(wasi, builder); @@ -87,77 +103,85 @@ impl CommonWasiOptions { } } -type ContainerFs = - OverlayFileSystem<TmpFileSystem, [RelativeOrAbsolutePathHack<Arc<dyn FileSystem>>; 1]>; +// type ContainerFs = +// OverlayFileSystem<TmpFileSystem, [RelativeOrAbsolutePathHack<Arc<dyn FileSystem>>; 1]>; -fn prepare_filesystem( - root_fs: TmpFileSystem, - mapped_dirs: &[MappedDirectory], - container_fs: Arc<dyn FileSystem>, +fn build_directory_mappings( builder: &mut WasiEnvBuilder, -) -> Result<ContainerFs, Error> { - if !mapped_dirs.is_empty() { - let host_fs: Arc<dyn FileSystem + Send + Sync> = Arc::new(crate::default_fs_backing()); + root_fs: &mut TmpFileSystem, + host_fs: &Arc<dyn FileSystem + Send + Sync>, + mapped_dirs: &[MappedDirectory], +) -> Result<(), anyhow::Error> { + for dir in mapped_dirs { + let MappedDirectory { + host: host_path, + guest: guest_path, + } = dir; + let mut guest_path = PathBuf::from(guest_path); + tracing::debug!( + guest=%guest_path.display(), + host=%host_path.display(), + "Mounting host folder", + ); - for dir in mapped_dirs { - let MappedDirectory { - host: host_path, - guest: guest_path, - } = dir; - let mut guest_path = PathBuf::from(guest_path); - tracing::debug!( - guest=%guest_path.display(), - host=%host_path.display(), - "Mounting host folder", - ); - - if guest_path.is_relative() { - guest_path = apply_relative_path_mounting_hack(&guest_path); - } + if guest_path.is_relative() { + guest_path = apply_relative_path_mounting_hack(&guest_path); + } - let host_path = std::fs::canonicalize(host_path).with_context(|| { - format!("Unable to canonicalize host path '{}'", host_path.display()) + let host_path = std::fs::canonicalize(host_path).with_context(|| { + format!("Unable to canonicalize host path '{}'", host_path.display()) + })?; + + let guest_path = root_fs + .canonicalize_unchecked(&guest_path) + .with_context(|| { + format!( + "Unable to canonicalize guest path '{}'", + guest_path.display() + ) })?; - let guest_path = root_fs - .canonicalize_unchecked(&guest_path) + if guest_path == Path::new("/") { + root_fs + .mount_directory_entries(&guest_path, host_fs, &host_path) + .with_context(|| format!("Unable to mount \"{}\" to root", host_path.display(),))?; + } else { + if let Some(parent) = guest_path.parent() { + create_dir_all(root_fs, parent).with_context(|| { + format!("Unable to create the \"{}\" directory", parent.display()) + })?; + } + + root_fs + .mount(guest_path.clone(), host_fs, host_path.clone()) .with_context(|| { format!( - "Unable to canonicalize guest path '{}'", + "Unable to mount \"{}\" to \"{}\"", + host_path.display(), guest_path.display() ) })?; - if guest_path == Path::new("/") { - root_fs - .mount_directory_entries(&guest_path, &host_fs, &host_path) - .with_context(|| { - format!("Unable to mount \"{}\" to root", host_path.display(),) - })?; - } else { - if let Some(parent) = guest_path.parent() { - create_dir_all(&root_fs, parent).with_context(|| { - format!("Unable to create the \"{}\" directory", parent.display()) - })?; - } - - root_fs - .mount(guest_path.clone(), &host_fs, host_path.clone()) - .with_context(|| { - format!( - "Unable to mount \"{}\" to \"{}\"", - host_path.display(), - guest_path.display() - ) - })?; - - builder - .add_preopen_dir(&guest_path) - .with_context(|| format!("Unable to preopen \"{}\"", guest_path.display()))?; - } + builder + .add_preopen_dir(&guest_path) + .with_context(|| format!("Unable to preopen \"{}\"", guest_path.display()))?; } } + Ok(()) +} + +fn prepare_filesystem( + mut root_fs: TmpFileSystem, + mapped_dirs: &[MappedDirectory], + container_fs: Option<Arc<dyn FileSystem + Send + Sync>>, + builder: &mut WasiEnvBuilder, +) -> Result<Box<dyn FileSystem + Send + Sync>, Error> { + if !mapped_dirs.is_empty() { + let host_fs: Arc<dyn FileSystem + Send + Sync> = Arc::new(crate::default_fs_backing()); + build_directory_mappings(builder, &mut root_fs, &host_fs, mapped_dirs)?; + } + // HACK(Michael-F-Bryan): The WebcVolumeFileSystem only accepts relative // paths, but our Python executable will try to access its standard library // with relative paths assuming that it is being run from the root @@ -166,8 +190,15 @@ fn prepare_filesystem( // Until the FileSystem trait figures out whether relative paths should be // supported or not, we'll add an adapter that automatically retries // operations using an absolute path if it failed using a relative path. - let container_fs = RelativeOrAbsolutePathHack(container_fs); - let fs = OverlayFileSystem::new(root_fs, [container_fs]); + + let fs = if let Some(container) = container_fs { + let container = RelativeOrAbsolutePathHack(container); + let fs = OverlayFileSystem::new(root_fs, [container]); + Box::new(fs) as Box<dyn FileSystem + Send + Sync> + } else { + let fs = RelativeOrAbsolutePathHack(root_fs); + Box::new(fs) as Box<dyn FileSystem + Send + Sync> + }; Ok(fs) } @@ -309,7 +340,7 @@ mod tests { "args".to_string(), ]); - args.prepare_webc_env(&mut builder, fs, &annotations, None) + args.prepare_webc_env(&mut builder, Some(fs), &annotations, None) .unwrap(); assert_eq!( @@ -341,7 +372,7 @@ mod tests { let mut annotations = WasiAnnotation::new("python"); annotations.env = Some(vec!["HARD_CODED=env-vars".to_string()]); - args.prepare_webc_env(&mut builder, fs, &annotations, None) + args.prepare_webc_env(&mut builder, Some(fs), &annotations, None) .unwrap(); assert_eq!( @@ -368,7 +399,8 @@ mod tests { let mut builder = WasiEnvBuilder::new(""); let root_fs = RootFileSystemBuilder::default().build(); - let fs = prepare_filesystem(root_fs, &mapping, Arc::new(webc_fs), &mut builder).unwrap(); + let fs = + prepare_filesystem(root_fs, &mapping, Some(Arc::new(webc_fs)), &mut builder).unwrap(); assert!(fs.metadata("/home/file.txt".as_ref()).unwrap().is_file()); assert!(fs.metadata("lib".as_ref()).unwrap().is_dir());
lib/wasix/src/runners/wasi.rs+79 −15 modified@@ -1,10 +1,11 @@ //! WebC container support for running WASI modules -use std::sync::Arc; +use std::{path::PathBuf, sync::Arc}; use anyhow::{Context, Error}; use tracing::Instrument; use virtual_fs::{ArcBoxFile, TmpFileSystem, VirtualFile}; +use wasmer::Module; use webc::metadata::{annotations::Wasi, Command}; use crate::{ @@ -15,6 +16,8 @@ use crate::{ Runtime, WasiEnvBuilder, WasiRuntimeError, }; +use super::wasi_common::MappedCommand; + #[derive(Debug, Default, Clone)] pub struct WasiRunner { wasi: CommonWasiOptions, @@ -85,13 +88,13 @@ impl WasiRunner { } } - pub fn with_forward_host_env(mut self) -> Self { - self.set_forward_host_env(); + pub fn with_forward_host_env(mut self, forward: bool) -> Self { + self.set_forward_host_env(forward); self } - pub fn set_forward_host_env(&mut self) { - self.wasi.forward_host_env = true; + pub fn set_forward_host_env(&mut self, forward: bool) { + self.wasi.forward_host_env = forward; } pub fn with_mapped_directories<I, D>(mut self, dirs: I) -> Self @@ -105,6 +108,15 @@ impl WasiRunner { self } + pub fn set_current_dir(&mut self, dir: impl Into<PathBuf>) { + self.wasi.current_dir = Some(dir.into()); + } + + pub fn with_current_dir(mut self, dir: impl Into<PathBuf>) -> Self { + self.set_current_dir(dir); + self + } + /// Add a package that should be available to the instance at runtime. pub fn add_injected_package(&mut self, pkg: BinaryPackage) -> &mut Self { self.wasi.injected_packages.push(pkg); @@ -135,7 +147,35 @@ impl WasiRunner { self } - pub fn capabilities(&mut self) -> &mut Capabilities { + pub fn add_mapped_host_command(&mut self, alias: impl Into<String>, target: impl Into<String>) { + self.wasi.mapped_host_commands.push(MappedCommand { + alias: alias.into(), + target: target.into(), + }); + } + + pub fn with_mapped_host_command( + mut self, + alias: impl Into<String>, + target: impl Into<String>, + ) -> Self { + self.add_mapped_host_command(alias, target); + self + } + + pub fn add_mapped_host_commands(&mut self, commands: impl IntoIterator<Item = MappedCommand>) { + self.wasi.mapped_host_commands.extend(commands); + } + + pub fn with_mapped_host_commands( + mut self, + commands: impl IntoIterator<Item = MappedCommand>, + ) -> Self { + self.add_mapped_host_commands(commands); + self + } + + pub fn capabilities_mut(&mut self) -> &mut Capabilities { &mut self.wasi.capabilities } @@ -183,12 +223,19 @@ impl WasiRunner { &self, program_name: &str, wasi: &Wasi, - pkg: &BinaryPackage, + pkg: Option<&BinaryPackage>, runtime: Arc<dyn Runtime + Send + Sync>, root_fs: Option<TmpFileSystem>, ) -> Result<WasiEnvBuilder, anyhow::Error> { - let mut builder = WasiEnvBuilder::new(program_name); - let container_fs = Arc::clone(&pkg.webc_fs); + let mut builder = WasiEnvBuilder::new(program_name).runtime(runtime); + + let container_fs = if let Some(pkg) = pkg { + builder.add_webc(pkg.clone()); + Some(Arc::clone(&pkg.webc_fs)) + } else { + None + }; + self.wasi .prepare_webc_env(&mut builder, container_fs, wasi, root_fs)?; @@ -202,11 +249,28 @@ impl WasiRunner { builder.set_stderr(Box::new(stderr.clone())); } - builder.add_webc(pkg.clone()); - builder.set_runtime(runtime); - Ok(builder) } + + pub fn run_wasm( + &self, + runtime: Arc<dyn Runtime + Send + Sync>, + program_name: &str, + module: &Module, + asyncify: bool, + ) -> Result<(), Error> { + let wasi = webc::metadata::annotations::Wasi::new(program_name); + let mut store = runtime.new_store(); + let env = self.prepare_webc_env(program_name, &wasi, None, runtime, None)?; + + if asyncify { + env.run_with_store_async(module.clone(), store)?; + } else { + env.run_with_store(module.clone(), &mut store)?; + } + + Ok(()) + } } impl crate::runners::Runner for WasiRunner { @@ -231,13 +295,13 @@ impl crate::runners::Runner for WasiRunner { .annotation("wasi")? .unwrap_or_else(|| Wasi::new(command_name)); - let store = runtime.new_store(); - let env = self - .prepare_webc_env(command_name, &wasi, pkg, Arc::clone(&runtime), None) + .prepare_webc_env(command_name, &wasi, Some(pkg), Arc::clone(&runtime), None) .context("Unable to prepare the WASI environment")? .build()?; + let store = runtime.new_store(); + let command_name = command_name.to_string(); let tasks = runtime.task_manager().clone(); let pkg = pkg.clone();
lib/wasix/src/runners/wcgi/runner.rs+1 −1 modified@@ -67,7 +67,7 @@ impl WcgiRunner { let wasi_common = self.config.wasi.clone(); let rt = Arc::clone(&runtime); let setup_builder = move |builder: &mut WasiEnvBuilder| { - wasi_common.prepare_webc_env(builder, Arc::clone(&container_fs), &wasi, None)?; + wasi_common.prepare_webc_env(builder, Some(Arc::clone(&container_fs)), &wasi, None)?; builder.set_runtime(Arc::clone(&rt)); Ok(())
lib/wasix/src/state/builder.rs+66 −9 modified@@ -9,7 +9,7 @@ use std::{ use bytes::Bytes; use rand::Rng; use thiserror::Error; -use virtual_fs::{ArcFile, FsError, TmpFileSystem, VirtualFile}; +use virtual_fs::{ArcFile, FileSystem, FsError, TmpFileSystem, VirtualFile}; use wasmer::{AsStoreMut, Instance, Module, RuntimeError, Store}; use wasmer_wasix_types::wasi::{Errno, ExitCode}; @@ -62,6 +62,7 @@ pub struct WasiEnvBuilder { pub(super) stdin: Option<Box<dyn VirtualFile + Send + Sync + 'static>>, pub(super) fs: Option<WasiFsRoot>, pub(super) runtime: Option<Arc<dyn crate::Runtime + Send + Sync + 'static>>, + pub(super) current_dir: Option<PathBuf>, /// List of webc dependencies to be injected. pub(super) uses: Vec<BinaryPackage>, @@ -304,34 +305,49 @@ impl WasiEnvBuilder { } /// Map an atom to a local binary - #[cfg(feature = "sys")] pub fn map_command<Name, Target>(mut self, name: Name, target: Target) -> Self + where + Name: AsRef<str>, + Target: AsRef<str>, + { + self.add_mapped_command(name, target); + self + } + + /// Map an atom to a local binary + pub fn add_mapped_command<Name, Target>(&mut self, name: Name, target: Target) where Name: AsRef<str>, Target: AsRef<str>, { let path_buf = PathBuf::from(target.as_ref().to_string()); self.map_commands .insert(name.as_ref().to_string(), path_buf); - self } /// Maps a series of atoms to the local binaries - #[cfg(feature = "sys")] pub fn map_commands<I, Name, Target>(mut self, map_commands: I) -> Self where I: IntoIterator<Item = (Name, Target)>, Name: AsRef<str>, Target: AsRef<str>, { - map_commands.into_iter().for_each(|(name, target)| { - let path_buf = PathBuf::from(target.as_ref().to_string()); - self.map_commands - .insert(name.as_ref().to_string(), path_buf); - }); + self.add_mapped_commands(map_commands); self } + /// Maps a series of atoms to local binaries. + pub fn add_mapped_commands<I, Name, Target>(&mut self, map_commands: I) + where + I: IntoIterator<Item = (Name, Target)>, + Name: AsRef<str>, + Target: AsRef<str>, + { + for (alias, target) in map_commands { + self.add_mapped_command(alias, target); + } + } + /// Preopen a directory /// /// This opens the given directory at the virtual root, `/`, and allows @@ -480,6 +496,15 @@ impl WasiEnvBuilder { Ok(self) } + pub fn set_current_dir(&mut self, dir: impl Into<PathBuf>) { + self.current_dir = Some(dir.into()); + } + + pub fn current_dir(mut self, dir: impl Into<PathBuf>) -> Self { + self.set_current_dir(dir); + self + } + /// Overwrite the default WASI `stdout`, if you want to hold on to the /// original `stdout` use [`WasiFs::swap_file`] after building. pub fn stdout(mut self, new_file: Box<dyn VirtualFile + Send + Sync + 'static>) -> Self { @@ -651,6 +676,28 @@ impl WasiEnvBuilder { .take() .unwrap_or_else(|| WasiFsRoot::Sandbox(Arc::new(TmpFileSystem::new()))); + if let Some(dir) = &self.current_dir { + match fs_backing.read_dir(dir) { + Ok(_) => { + // All good + } + Err(FsError::EntryNotFound) => { + fs_backing.create_dir(dir).map_err(|err| { + WasiStateCreationError::WasiFsSetupError(format!( + "Could not create specified current directory at '{}': {err}", + dir.display() + )) + })?; + } + Err(err) => { + return Err(WasiStateCreationError::WasiFsSetupError(format!( + "Could check specified current directory at '{}': {err}", + dir.display() + ))); + } + } + } + // self.preopens are checked in [`PreopenDirBuilder::build`] let inodes = crate::state::WasiInodes::new(); let wasi_fs = { @@ -682,6 +729,16 @@ impl WasiEnvBuilder { wasi_fs }; + if let Some(dir) = &self.current_dir { + let s = dir.to_str().ok_or_else(|| { + WasiStateCreationError::WasiFsSetupError(format!( + "Specified current directory is not valid UTF-8: '{}'", + dir.display() + )) + })?; + wasi_fs.set_current_dir(s); + } + let envs = self .envs .into_iter()
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-4mq4-7rw3-vm5jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-51661ghsaADVISORY
- github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3cghsax_refsource_MISCWEB
- github.com/wasmerio/wasmer/commit/e3923612c23123025c26f982d390e34df7df030fghsaWEB
- github.com/wasmerio/wasmer/issues/4267ghsax_refsource_MISCWEB
- github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5jghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.