Remove the rights system #31
Comments
|
[bookkeeping] Added to the Phase 3: wasi-filesystem project board. |
Closed
|
I've now created #32 to implement this. |
sunfishcode
added a commit
to sunfishcode/wasi-filesystem
that referenced
this issue
Nov 22, 2021
This makes a number of changes, to make use of interface-types features such as `expected`, variant types, and resources. The change to use resources in particular means that filesystem functions are now methods of the `descriptor` resource. Since this means renaming everything, take this opportunity to introduce a new naming conventions, with `_at` being used for functions that take dirfd+path arguments. This also eliminates the `rights` concept what was present in earlier versions of WASI, has has discussed in WebAssembly#31. This required adding new flags to `open_at`, so while here, this also adds basic `chmod`-like support, as discussed in WebAssembly#33. And, this removes support for readdir seeking (seekdir/telldir), as discussed in WebAssembly#7. And it adds a fifo file type and a more general socket type, as discussed in
sunfishcode
added a commit
to sunfishcode/wasi-filesystem
that referenced
this issue
Nov 22, 2021
This makes a number of changes, to make use of interface-types features such as `expected`, variant types, and resources. The change to use resources in particular means that filesystem functions are now methods of the `descriptor` resource. Since this means renaming everything, take this opportunity to introduce a new naming conventions, with `_at` being used for functions that take dirfd+path arguments. This also eliminates the `rights` concept what was present in earlier versions of WASI, has has discussed in WebAssembly#31. This required adding new flags to `open_at`, so while here, this also adds basic `chmod`-like support, as discussed in WebAssembly#33. And, this removes support for readdir seeking (seekdir/telldir), as discussed in WebAssembly#7. And it adds a fifo file type and a more general socket type, as discussed in
sunfishcode
added a commit
to sunfishcode/wasi-filesystem
that referenced
this issue
Nov 22, 2021
This makes a number of changes, to make use of interface-types features such as `expected`, variant types, and resources. The change to use resources in particular means that filesystem functions are now methods of the `descriptor` resource. Since this means renaming everything, take this opportunity to introduce a new naming conventions, with `_at` being used for functions that take dirfd+path arguments. This also eliminates the `rights` concept what was present in earlier versions of WASI, has has discussed in WebAssembly#31. This required adding new flags to `open_at`, so while here, this also adds basic `chmod`-like support, as discussed in WebAssembly#33. And, this removes support for readdir seeking (seekdir/telldir), as discussed in WebAssembly#7. And it adds a fifo file type and a more general socket type, as discussed in
sunfishcode
added a commit
to sunfishcode/wasi-filesystem
that referenced
this issue
Nov 22, 2021
This makes a number of changes, to make use of interface-types features such as expected, variant types, and resources. The change to use resources in particular means that filesystem functions are now methods of the descriptor resource. Since this means renaming everything, take this opportunity to introduce a new naming conventions, with _at being used for functions that take dirfd+path arguments. This also eliminates the rights concept what was present in earlier versions of WASI, has has discussed in WebAssembly#31. This required adding new flags to open_at, so while here, this also adds basic chmod-like support, as discussed in WebAssembly#33. And, this removes support for readdir seeking (seekdir/telldir), as discussed in WebAssembly#7. And it adds a fifo file type and a more general socket type, as discussed in WebAssembly#4.
sunfishcode
added a commit
that referenced
this issue
Dec 15, 2021
This makes a number of changes, to make use of interface-types features such as expected, variant types, and resources. The change to use resources in particular means that filesystem functions are now methods of the descriptor resource. Since this means renaming everything, take this opportunity to introduce a new naming conventions, with _at being used for functions that take dirfd+path arguments. This also eliminates the rights concept what was present in earlier versions of WASI, has has discussed in #31. This required adding new flags to open_at, so while here, this also adds basic chmod-like support, as discussed in #33. And, this removes support for readdir seeking (seekdir/telldir), as discussed in #7. And it adds a fifo file type and a more general socket type, as discussed in #4.
This was referenced Dec 15, 2021
|
The rights system is now removed from wasi-filesystem.wit.md. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
As has been observed in #28 (comment), #23, #8, and conversations elsewhere, wasi-filesystems rights system is complex to implement, complex to use, and not very valuable in practice. It doesn't reflect anything in POSIX, so it doesn't give us any extra POSIX compatibility. It requires extra code in libc, both in
path_opento translate POSIX open flags into rights flags, and to translate fromENOTCAPABLEinto POSIX errno values, and we care about code size!fdstat_tandpath_openwill need a new value to specifying the file mode, which can be either read, write, or read+write.fd_fdstat_set_rightswill no longer be needed. Note that POSIX doesn't have a way to change the read or write flags on an open file descriptor after it's opened, so this won't remove any POSIX functionality.Note that, as in POSIX, this would mean that directories must be opened with read (and not write) permissions, and the resulting handle can mutate the filesystem (assuming the filesystem ACLs permit it). As in POSIX, this would mean there's no built in concept of a readonly view of an otherwise writeable filesystem. Such a thing would seem useful, however it's not in POSIX, and it is something that will eventually be implementable with API virtualization, so I'm proposing we just let this be unsupported for now.
The text was updated successfully, but these errors were encountered: