1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
use crate::error;
use crate::utils;
use zwasm_sys as sys;
/* ================================================================
* WASI configuration
* ================================================================ */
/// WASI (WebAssembly System Interface) configuration for zwasm modules.
///
/// Supports WASI Preview 1 and 2, full syscalls, stdio overrides, preopened directories,
/// and environment/argv configuration. Used to provide system interface capabilities to
/// Wasm modules running in the zwasm runtime.
pub struct WasiConfig {
pub(crate) ptr: *mut sys::zwasm_wasi_config_t,
argv: Vec<std::ffi::CString>,
argv_ptrs: Vec<*const std::os::raw::c_char>,
env_keys: Vec<std::ffi::CString>,
env_key_lens: Vec<usize>,
env_key_ptrs: Vec<*const std::os::raw::c_char>,
env_vals: Vec<std::ffi::CString>,
env_val_lens: Vec<usize>,
env_val_ptrs: Vec<*const std::os::raw::c_char>,
preopens: Vec<(std::ffi::CString, std::ffi::CString)>,
preopen_fd_guest_paths: Vec<std::ffi::CString>,
_not_send_sync: std::marker::PhantomData<std::rc::Rc<()>>,
}
impl WasiConfig {
/// Creates a new WASI configuration for zwasm modules.
///
/// Supports both WASI Preview 1 and 2. Use this to provide system interface capabilities to Wasm code.
pub fn new() -> Result<Self, error::ZwasmError> {
let ptr = unsafe { sys::zwasm_wasi_config_new() };
if ptr.is_null() {
Err(error::last_error()
.unwrap_or_else(|| error::ZwasmError("Unknown error".to_string())))
} else {
Ok(WasiConfig {
ptr,
argv: Vec::new(),
argv_ptrs: Vec::new(),
env_keys: Vec::new(),
env_key_lens: Vec::new(),
env_key_ptrs: Vec::new(),
env_vals: Vec::new(),
env_val_lens: Vec::new(),
env_val_ptrs: Vec::new(),
preopens: Vec::new(),
preopen_fd_guest_paths: Vec::new(),
_not_send_sync: std::marker::PhantomData,
})
}
}
/// Sets the argv (command-line arguments) for the guest process.
///
/// These will be visible to the Wasm module via WASI syscalls.
pub fn set_argv(&mut self, argv: &[&str]) -> Result<(), error::ZwasmError> {
self.argv = argv
.iter()
.map(|s| {
std::ffi::CString::new(*s)
.map_err(|_| error::ZwasmError("argument contains NUL byte".into()))
})
.collect::<Result<Vec<_>, _>>()?;
self.argv_ptrs = self.argv.iter().map(|s| s.as_ptr()).collect::<Vec<_>>();
let argc = utils::to_u32_len(self.argv_ptrs.len())?;
unsafe {
sys::zwasm_wasi_config_set_argv(
self.ptr,
argc,
if self.argv_ptrs.is_empty() {
std::ptr::null()
} else {
self.argv_ptrs.as_ptr()
},
)
};
Ok(())
}
/// Sets environment variables for the guest process.
///
/// These will be visible to the Wasm module via WASI syscalls.
pub fn set_env(&mut self, env: &[(&str, &str)]) -> Result<(), error::ZwasmError> {
let c_keys = env
.iter()
.map(|(key, _)| {
std::ffi::CString::new(*key).map_err(|_| {
error::ZwasmError("environment variable key contains NUL byte".into())
})
})
.collect::<Result<Vec<_>, _>>()?;
let c_key_lens = c_keys
.iter()
.map(|s| s.as_bytes().len())
.collect::<Vec<_>>();
let c_key_ptrs = c_keys.iter().map(|s| s.as_ptr()).collect::<Vec<_>>();
let c_vals = env
.iter()
.map(|(_, val)| {
std::ffi::CString::new(*val).map_err(|_| {
error::ZwasmError("environment variable value contains NUL byte".into())
})
})
.collect::<Result<Vec<_>, _>>()?;
let c_val_lens = c_vals
.iter()
.map(|s| s.as_bytes().len())
.collect::<Vec<_>>();
let c_val_ptrs = c_vals.iter().map(|s| s.as_ptr()).collect::<Vec<_>>();
let count = utils::to_u32_len(c_key_ptrs.len())?;
self.env_keys = c_keys;
self.env_key_lens = c_key_lens;
self.env_key_ptrs = c_key_ptrs;
self.env_vals = c_vals;
self.env_val_lens = c_val_lens;
self.env_val_ptrs = c_val_ptrs;
unsafe {
sys::zwasm_wasi_config_set_env(
self.ptr,
count,
if self.env_key_ptrs.is_empty() {
std::ptr::null()
} else {
self.env_key_ptrs.as_ptr()
},
if self.env_key_lens.is_empty() {
std::ptr::null()
} else {
self.env_key_lens.as_ptr()
},
if self.env_val_ptrs.is_empty() {
std::ptr::null()
} else {
self.env_val_ptrs.as_ptr()
},
if self.env_val_lens.is_empty() {
std::ptr::null()
} else {
self.env_val_lens.as_ptr()
},
)
};
Ok(())
}
/// Preopens a host directory at a guest-visible path for the Wasm module.
///
/// Grants the guest access to the specified host directory under the given guest path.
///
/// # Safety
/// This method grants the guest access to host filesystem resources. Callers must ensure
/// the mapped host path is intended to be exposed to untrusted Wasm code.
pub fn preopen_dir(
&mut self,
host_path: &str,
guest_path: &str,
) -> Result<(), error::ZwasmError> {
let c_host_path = std::ffi::CString::new(host_path)
.map_err(|_| error::ZwasmError("host path contains NUL byte".into()))?;
let c_guest_path = std::ffi::CString::new(guest_path)
.map_err(|_| error::ZwasmError("guest path contains NUL byte".into()))?;
self.preopens.push((c_host_path, c_guest_path));
let (c_host_path, c_guest_path) = &self.preopens[self.preopens.len() - 1];
let c_host_path_len = c_host_path.as_bytes().len();
let c_guest_path_len = c_guest_path.as_bytes().len();
unsafe {
sys::zwasm_wasi_config_preopen_dir(
self.ptr,
c_host_path.as_ptr(),
c_host_path_len,
c_guest_path.as_ptr(),
c_guest_path_len,
)
};
Ok(())
}
/// Preopens an existing host file descriptor at a guest-visible path for the Wasm module.
///
/// Useful for passing already-opened files or sockets into the guest.
///
/// # Safety
/// This method transfers or borrows host FD capabilities into the guest, depending on
/// `ownership`. Callers must ensure FD lifetime/ownership policy matches the supplied flag
/// and that exposing the FD to guest code is acceptable.
pub fn preopen_fd(
&mut self,
host_fd: isize,
guest_path: &str,
kind: u8,
ownership: u8,
) -> Result<(), error::ZwasmError> {
let c_guest_path = std::ffi::CString::new(guest_path)
.map_err(|_| error::ZwasmError("guest path contains NUL byte".into()))?;
// Keep the guest path alive for the lifetime of the WASI config.
self.preopen_fd_guest_paths.push(c_guest_path);
let c_guest_path = self.preopen_fd_guest_paths.last().ok_or_else(|| {
error::ZwasmError("internal error: failed to retain preopen fd guest path".into())
})?;
let c_guest_path_len = c_guest_path.as_bytes().len();
unsafe {
sys::zwasm_wasi_config_preopen_fd(
self.ptr,
host_fd,
c_guest_path.as_ptr(),
c_guest_path_len,
kind,
ownership,
)
};
Ok(())
}
/// Overrides WASI stdio file descriptor mapping (stdin, stdout, stderr).
///
/// Allows redirecting guest stdio to custom host file descriptors.
///
/// # Safety
/// The runtime may close or retain the supplied `host_fd` based on `ownership`. Callers
/// must ensure ownership mode is correct to avoid double-close or leaked descriptors.
pub fn set_stdio_fd(
&mut self,
wasi_fd: u32,
host_fd: isize,
ownership: u8,
) -> Result<(), error::ZwasmError> {
unsafe {
sys::zwasm_wasi_config_set_stdio_fd(self.ptr, wasi_fd, host_fd, ownership);
}
Ok(())
}
}
impl Drop for WasiConfig {
fn drop(&mut self) {
unsafe {
sys::zwasm_wasi_config_delete(self.ptr);
}
}
}
#[cfg(test)]
mod tests {
use std::os::fd::AsRawFd;
use super::*;
#[test]
fn test_wasi_fd_api() {
let mut wc = WasiConfig::new().expect("Failed to create WasiConfig");
/* Set stdio overrides (use pipe fds) */
let (stdout_read, stdout_write) =
nix::unistd::pipe().expect("Failed to create pipe for stdout");
/* Override stdout (fd 1) with write end of pipe, borrow mode */
wc.set_stdio_fd(1, stdout_write.as_raw_fd() as isize, 0 /* borrow */)
.expect("Failed to set stdio fd for stdout");
/* Override stderr (fd 2) with write end as well, borrow mode */
wc.set_stdio_fd(2, stdout_write.as_raw_fd() as isize, 0 /* borrow */)
.expect("Failed to set stdio fd for stderr");
/* Invalid fd index (>=3) should be silently ignored */
wc.set_stdio_fd(5, stdout_read.as_raw_fd() as isize, 0)
.expect("Failed to set stdio fd for invalid index");
/* Add an FD-based preopen (borrow mode) */
let dir_fd = nix::fcntl::open(
".",
nix::fcntl::OFlag::O_RDONLY,
nix::sys::stat::Mode::empty(),
)
.expect("Failed to open current directory for preopen fd");
wc.preopen_fd(
dir_fd.as_raw_fd() as isize,
"/sandbox",
1, /* dir */
0, /* borrow */
)
.expect("Failed to add preopen fd");
drop(wc);
let written = nix::unistd::write(&stdout_write, b"ok")
.expect("Failed to write to borrowed stdout pipe");
assert_eq!(written, 2, "borrowed stdout pipe still writable");
let _stat = nix::sys::stat::fstat(&dir_fd)
.expect("borrowed dir fd still valid after WasiConfig drop");
}
}