Skip to content

Disallow mounting folders on the guest's root for WASIX modules #5475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Arshia001 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Disallow mounting folders on the guest's root for WASIX modules #5475

Arshia001 wants to merge 1 commit into from
+54 −15

Conversation

@Arshia001
Copy link
Member

@Arshia001 Arshia001 commented Mar 12, 2025

No description provided.

@Arshia001 Arshia001 requested a review from syrusakbary as a code owner March 12, 2025 11:34
@Arshia001 Arshia001 requested review from charmitro and theduke March 12, 2025 11:34
@promptless
Copy link

promptless bot commented Mar 12, 2025

📝 Documentation updates detected! A separate PR for documentation updates has been made here: wasmerio/docs.wasmer.io#122

@promptless promptless bot mentioned this pull request Mar 12, 2025
Open
charmitro
charmitro reviewed Mar 12, 2025
View reviewed changes
@charmitro
Copy link
Contributor

charmitro commented Mar 12, 2025

Also,

Tested-by: Charalampos Mitrodimas [email protected]

@syrusakbary
Copy link
Member

syrusakbary commented Mar 12, 2025

This PR might have some implications, that we don't want. I remember other programs using mapdir=.:/ to make Python work for example. We may want to use that directory instead (and not mount any other dir) if / is provided. Lets follow up in a sync

@Arshia001
Copy link
Member Author

Arshia001 commented Mar 12, 2025
edited
Loading

@syrusakbary in fact, that's exactly what this PR is trying to prevent. Mounting things on / messes up a lot of assumptions in WASIX, including:

  • We put commands from packages in /bin and /usr/bin. If / is mounted, those will get overwritten and be inaccessible.
  • Packages mount volumes, which contain necessary files without which they won't run. Python is in fact a great example of this. If I were to just mount something on /, I'd lose all the data files that came with the python package, ending up with a broken application.
    • Same with PHP, if I mount a website's root on /, I lose all the openssl data files and HTTPS will be broken for example.
    • I do believe python was the motivation behind the custom behavior of mounting . on /home with --dir .. I think that's what you're thinking of as well.

@marxin marxin added this to the v7.0 milestone Dec 16, 2025
@marxin
Copy link
Contributor

marxin commented Dec 18, 2025

@Arshia001 The PR seems to be pretty close to be merged, can you rebase it?

Copilot AI review requested due to automatic review settings January 5, 2026 14:58
@Arshia001 Arshia001 force-pushed the feat/disallow-mount-on-root branch from 3d9591b to e83e944 Compare January 5, 2026 14:58
@Arshia001 Arshia001 requested review from zebreus and removed request for syrusakbary and theduke January 5, 2026 14:59
@Arshia001 Arshia001 force-pushed the feat/disallow-mount-on-root branch from e83e944 to db04d04 Compare January 5, 2026 15:01
Copilot AI reviewed Jan 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds validation to prevent mounting folders on the guest's root directory ("/") for WASIX modules, addressing a security and filesystem organization concern. The restriction is enforced at multiple levels of the stack to ensure comprehensive coverage.

  • Added is_wasix parameter throughout the call chain to differentiate WASIX from regular WASI modules
  • Implemented validation checks in package loading, filesystem mounting, and CLI argument processing
  • Created a new error type MountOnRoot for clear error reporting

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
lib/wasix/src/runtime/package_loader/load_package_tree.rs Added validation in filesystem_v3 and filesystem_v2 to reject mounts at "/"; removed unused sorting code
lib/package/src/package/package.rs Added MountOnRoot error variant and validation check in Package construction for wasmer.toml files
lib/cli/src/commands/run/wasi.rs Added is_wasix parameter to build_mapped_directories with validation for --dir=/ and --mapdir /:<HOST_PATH> flags; adjusted default guest paths based on module type
lib/cli/src/commands/run/mod.rs Added is_wasix parameter to build_wasi_runner and updated all call sites to pass appropriate value (hardcoded true for webcs, dynamically determined for modules)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@zebreus zebreus Awaiting requested review from zebreus

+1 more reviewer

@charmitro charmitro charmitro left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v7.0

Development

Successfully merging this pull request may close these issues.

5 participants

@Arshia001 @charmitro @syrusakbary @marxin