New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WASI-based filesystem access #133
Comments
@zkat - thank you for the feedback, and I appreciate you taking the time to read the blog post especially at the level to notice the call for input! These are super interesting use cases, and I absolutely see the need for filesystem access. There is a lot of consideration on this subject, and we want to make sure that however we add support for this, that its done in a way that leads users to safe defaults and no surprises. Some questions I have for you:
Any additional detail about those points above will help us a lot! |
|
This is very helpful, thank you! Agree, the Yarn examples are great inspiration. I think we could support a much wider set of use-cases with file access. @zshipko put together this API, which by default still disallows file access, but enables a user to incrementally build up host/guest filepath access. Since we think of this as a feature that requires more control over the runtime, we've added the API to the What do you think? PR #137 |
If I understand it ok, then this is pretty much exactly what I'd want: for extism to disallow all filesystem access by default, even if wasi happens to be enabled, and for explicit paths to be passed in through the config/manifest at the host level that plugins will be given access to. That seems like the most secure but also reasonable way to do it! |
That's great! Ok, I think we will move forward with this and get it merged. Thanks for your feedback 🙏 |
This has now been merged, including the fix for Windows 🎉Thanks for your help! |
All the use-cases I might want to use extism for (a shell, a package manager) involve fairly heavy filesystem access, and I think it would make a lot of sense to provide filesystem access to plugins (with configurable scope limitations). I saw on the site how you were looking for feedback on this front so you can consider this an official feature request for the functionality. Extism looks awesome and I'd love to make use of it!
The text was updated successfully, but these errors were encountered: