containerd_shim_wasm/sandbox/
mod.rs

1use std::fs::File;
2use std::io::Read;
3
4use anyhow::{Context, Result};
5use context::{RuntimeContext, Source};
6use path::PathResolve as _;
7
8pub mod context;
9pub(crate) mod path;
10
11#[trait_variant::make(Send)]
12pub trait Sandbox: Default + 'static {
13    /// Run a WebAssembly container
14    async fn run_wasi(&self, ctx: &impl RuntimeContext) -> Result<i32>;
15
16    /// Check that the runtime can run the container.
17    /// This checks runs after the container creation and before the container starts.
18    /// By default it checks that the wasi_entrypoint is either:
19    /// * a OCI image with wasm layers
20    /// * a file with the `wasm` filetype header
21    /// * a parsable `wat` file.
22    async fn can_handle(&self, ctx: &impl RuntimeContext) -> Result<()> {
23        // this async block is required to make the rewrite of trait_variant happy
24        async move {
25            let source = ctx.entrypoint().source;
26
27            let path = match source {
28                Source::File(path) => path,
29                Source::Oci(_) => return Ok(()),
30            };
31
32            path.resolve_in_path_or_cwd()
33                .next()
34                .context("module not found")?;
35
36            let mut buffer = [0; 4];
37            File::open(&path)?.read_exact(&mut buffer)?;
38
39            if buffer.as_slice() != b"\0asm" {
40                // Check if this is a `.wat` file
41                wat::parse_file(&path)?;
42            }
43
44            Ok(())
45        }
46    }
47}
containerd_shim_wasm/sandbox/mod.rs

containerd_shim_wasm/sandbox/
mod.rs
