Crate containerd_shim_wasm

containerd-shim-wasm

A library to help build containerd shims for Wasm workloads.

Usage

To implement a shim, simply implement the Shim and Sandbox trait:

use containerd_shim_wasm::{
    shim::{Shim, Config, Cli, Version, version},
    sandbox::Sandbox,
    sandbox::context::RuntimeContext,
};
use anyhow::Result;

struct MyShim;

#[derive(Default)]
struct MySandbox;

impl Shim for MyShim {
    type Sandbox = MySandbox;

    fn name() -> &'static str {
        "my-shim"
    }

    fn version() -> Version {
        version!()
    }
}

impl Sandbox for MySandbox {
    async fn run_wasi(&self, ctx: &impl RuntimeContext) -> Result<i32> {
        // Implement your Wasm runtime logic here
        Ok(0)
    }
}

MyShim::run(None);

The Engine trait provides optional methods you can override:

• can_handle() - Validates that the runtime can run the container (checks Wasm file headers by default)
• supported_layers_types() - Returns supported OCI layer types
• precompile() - Allows precompilation of Wasm modules
• can_precompile() - Indicates if the runtime supports precompilation

The resulting shim uses Youki’s libcontainer crate to manage the container lifecycle, such as creating the container, starting it, and deleting it, and youki handles container sandbox for you.

Running the shim

containerd expects the shim binary to be installed into $PATH (as seen by the containerd process) with a binary name like containerd-shim-myshim-v1 which maps to the io.containerd.myshim.v1 runtime. It can be configured in containerd.

This crate is not tied to any specific wasm engine.

Check out these projects that build on top of runwasi:

• spinframework/containerd-shim-spin

Modules

sandbox

shim

This module contains an API for building WebAssembly shims running on top of containers. Unlike the sandbox module, this module delegates many of the actions to the container runtime.