From 52b334acd1a5678ee111d6db73dc02675c21a277 Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Wed, 9 Aug 2023 17:09:30 +0100 Subject: Wasm: Register a new WebAssembly language module type. This is the first patch in adding WebAssembly language module support. This just adds a new NXT_APP_WASM type, required by subsequent commits. Reviewed-by: Alejandro Colomar Signed-off-by: Andrew Clayton --- src/nxt_application.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src/nxt_application.h') diff --git a/src/nxt_application.h b/src/nxt_application.h index 2675e6a0..4efe3750 100644 --- a/src/nxt_application.h +++ b/src/nxt_application.h @@ -21,6 +21,7 @@ typedef enum { NXT_APP_PERL, NXT_APP_RUBY, NXT_APP_JAVA, + NXT_APP_WASM, NXT_APP_UNKNOWN, } nxt_app_type_t; -- cgit From 0c444397366aa07e23573a03e733a0552187eac4 Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Tue, 8 Aug 2023 23:41:52 +0100 Subject: Wasm: Add core configuration data structure. This is required to actually _build_ the Wasm language module. The nxt_wasm_app_conf_t structure consists of the modules name, e.g wasm, then the three required function handlers followed by the five optional function handlers. See the next commit for details of these function handlers. We also need to include the u.wasm union entry that provides access to the above structure. The bulk of the configuration infrastructure will be added in a subsequent commit. Reviewed-by: Alejandro Colomar Signed-off-by: Andrew Clayton --- src/nxt_application.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'src/nxt_application.h') diff --git a/src/nxt_application.h b/src/nxt_application.h index 4efe3750..ff3ec562 100644 --- a/src/nxt_application.h +++ b/src/nxt_application.h @@ -87,6 +87,21 @@ typedef struct { } nxt_java_app_conf_t; +typedef struct { + const char *module; + + const char *request_handler; + const char *malloc_handler; + const char *free_handler; + + const char *module_init_handler; + const char *module_end_handler; + const char *request_init_handler; + const char *request_end_handler; + const char *response_end_handler; +} nxt_wasm_app_conf_t; + + struct nxt_common_app_conf_s { nxt_str_t name; nxt_str_t type; @@ -115,6 +130,7 @@ struct nxt_common_app_conf_s { nxt_perl_app_conf_t perl; nxt_ruby_app_conf_t ruby; nxt_java_app_conf_t java; + nxt_wasm_app_conf_t wasm; } u; nxt_conf_value_t *self; -- cgit From 47ff51009fa05d83bb67cd5db16829ab4c0081d7 Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Wed, 9 Aug 2023 18:22:46 +0100 Subject: Wasm: Add support for directory access. Due to the sandboxed nature of WebAssembly, by default WASM modules don't have any access to the underlying filesystem. There is however a capabilities based mechanism[0] for allowing such access. This adds a config option to the 'wasm' application type; 'access.filesystem' which takes an array of directory paths that are then made available to the WASM module. This access works recursively, i.e everything under a specific path is allowed access to. Example config might look like "access" { "filesystem": [ "/tmp", "/var/tmp" ] } The actual mechanism used allows directories to be mapped differently in the guest. But at the moment we don't support that and just map say /tmp to /tmp. This can be revisited if it's something users clamour for. Network sockets are another resource that may be controlled in this manner, for example there is a wasi_config_preopen_socket() function, however this requires the runtime to open the network socket then effectively pass this through to the guest. This is something that can be revisited in the future if users desire it. [0]: Reviewed-by: Alejandro Colomar Signed-off-by: Andrew Clayton --- src/nxt_application.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/nxt_application.h') diff --git a/src/nxt_application.h b/src/nxt_application.h index ff3ec562..64866db6 100644 --- a/src/nxt_application.h +++ b/src/nxt_application.h @@ -99,6 +99,8 @@ typedef struct { const char *request_init_handler; const char *request_end_handler; const char *response_end_handler; + + nxt_conf_value_t *access; } nxt_wasm_app_conf_t; -- cgit