mleku/wazero
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

gojs: removes user/group behavior (#1566)

Browse Source 
Signed-off-by: Adrian Cole <adrian@tetrate.io>
This commit is contained in:
Crypt Keeper
2023-07-07 10:27:41 +08:00
committed by GitHub
parent 6a9088b46b
commit 276257102f
11 changed files with 8 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/wazero/wazero.go
View File

@@ -347,7 +347,7 @@ func doRun(args []string, stdOut io.Writer, stdErr logging.Writer) int {
gojs.MustInstantiate(ctx, rt, guest)
config := gojs.NewConfig(conf).WithOSUser()
config := gojs.NewConfig(conf)
// Strip the volume of the path, for example C:\
rootDir := rootPath[len(filepath.VolumeName(rootPath)):]

18
experimental/gojs/gojs.go
View File

@@ -135,17 +135,6 @@ type Config interface {
// as the value of os.Getwd. For example, it would be an error to mount `C:\`
// as the guest path "", while the current directory is inside `D:\`.
WithOSWorkdir() Config
// WithOSUser allows the guest to see the current user's uid, gid, euid and
// groups, instead of zero for each value.
//
// Here's an example that uses the real user's IDs:
//
// err = gojs.Run(ctx, r, compiled, gojs.NewConfig(moduleConfig).
// WithOSUser())
//
// Note: This has no effect on windows.
WithOSUser() Config
}
// NewConfig returns a Config that can be used for configuring module instantiation.
@@ -169,13 +158,6 @@ func (c *cfg) WithOSWorkdir() Config {
return ret
}
// WithOSUser implements Config.WithOSUser
func (c *cfg) WithOSUser() Config {
ret := c.clone()
ret.internal.OsUser = true
return ret
}
// Run instantiates a new module and calls "run" with the given config.
//
// # Parameters

8
internal/fsapi/stat.go
View File

@@ -17,14 +17,6 @@ type Stat_t struct {
// more details including impact returning a zero value.
Ino Ino
// Uid is the user ID that owns the file, or zero if unsupported.
// For example, this is unsupported on some virtual filesystems or windows.
Uid uint32
// Gid is the group ID that owns the file, or zero if unsupported.
// For example, this is unsupported on some virtual filesystems or windows.
Gid uint32
// Mode is the same as Mode on fs.FileInfo containing bits to identify the
// type of the file (fs.ModeType) and its permissions (fs.ModePerm).
Mode fs.FileMode

4
internal/gojs/builtin.go
View File

@@ -8,8 +8,6 @@ import (
// newJsGlobal = js.Global() // js.go init
func newJsGlobal(config *config.Config) *jsVal {
var fetchProperty interface{} = goos.Undefined
uid, gid, euid := config.Uid, config.Gid, config.Euid
groups := config.Groups
proc := &processState{
cwd: config.Workdir,
umask: config.Umask,
@@ -22,7 +20,7 @@ func newJsGlobal(config *config.Config) *jsVal {
"crypto": jsCrypto,
"Uint8Array": uint8ArrayConstructor,
"fetch": fetchProperty,
"process": newJsProcess(uid, gid, euid, groups, proc),
"process": newJsProcess(proc),
"fs": newJsFs(proc),
"Date": jsDateConstructor,
})

23
internal/gojs/config/config.go
View File

@@ -3,21 +3,14 @@
package config
import (
"fmt"
"os"
"path/filepath"
"runtime"
"syscall"
"github.com/tetratelabs/wazero/internal/platform"
)
type Config struct {
OsWorkdir bool
OsUser bool
Uid, Gid, Euid int
Groups []int
// Workdir is the actual working directory value.
Workdir string
@@ -27,11 +20,6 @@ type Config struct {
func NewConfig() *Config {
return &Config{
OsWorkdir: false,
OsUser: false,
Uid: 0,
Gid: 0,
Euid: 0,
Groups: []int{0},
Workdir: "/",
Umask: uint32(0o0022),
}
@@ -53,16 +41,5 @@ func (c *Config) Init() error {
// Strip the volume of the path, for example C:\
c.Workdir = workdir[len(filepath.VolumeName(workdir)):]
}
// Windows does not support any of these properties
if c.OsUser && runtime.GOOS != "windows" {
c.Uid = syscall.Getuid()
c.Gid = syscall.Getgid()
c.Euid = syscall.Geteuid()
var err error
if c.Groups, err = syscall.Getgroups(); err != nil {
return fmt.Errorf("couldn't read groups: %w", err)
}
}
return nil
}

26
internal/gojs/config/config_test.go
View File

@@ -1,9 +1,7 @@
package config
import (
"runtime"
"strings"
"syscall"
"testing"
"github.com/tetratelabs/wazero/internal/testing/require"
@@ -12,30 +10,6 @@ import (
func TestConfig_Init(t *testing.T) {
t.Parallel()
t.Run("User", func(t *testing.T) {
c := NewConfig()
// values should be 0 which is root
require.Equal(t, 0, c.Uid)
require.Equal(t, 0, c.Gid)
require.Equal(t, 0, c.Euid)
require.Equal(t, []int{0}, c.Groups)
require.False(t, c.OsUser)
if runtime.GOOS != "windows" {
c.OsUser = true
require.NoError(t, c.Init())
require.Equal(t, syscall.Getuid(), c.Uid)
require.Equal(t, syscall.Getgid(), c.Gid)
require.Equal(t, syscall.Geteuid(), c.Euid)
groups, err := syscall.Getgroups()
require.NoError(t, err)
require.Equal(t, groups, c.Groups)
}
})
t.Run("Workdir", func(t *testing.T) {
c := NewConfig()
require.Equal(t, "/", c.Workdir)

2
internal/gojs/fs.go
View File

@@ -189,8 +189,6 @@ func newJsSt(st fsapi.Stat_t) *jsSt {
ret.isDir = st.Mode.IsDir()
ret.dev = st.Dev
ret.ino = st.Ino
ret.uid = st.Uid
ret.gid = st.Gid
ret.mode = custom.ToJsMode(st.Mode)
ret.nlink = uint32(st.Nlink)
ret.size = st.Size

14
internal/gojs/process.go
View File

@@ -17,14 +17,12 @@ type processState struct {
umask uint32
}
func newJsProcess(uid, gid, euid int, groups []int, proc *processState) *jsVal {
uidRef := toFloatRef(float64(uid))
gidRef := toFloatRef(float64(gid))
euidRef := toFloatRef(float64(euid))
groupSlice := make([]interface{}, 0, len(groups))
for _, group := range groups {
groupSlice = append(groupSlice, toFloatRef(float64(group)))
}
func newJsProcess(proc *processState) *jsVal {
// Fill fake values for user/group info as we don't support it.
uidRef := goos.RefValueZero
gidRef := goos.RefValueZero
euidRef := goos.RefValueZero
groupSlice := []interface{}{goos.RefValueZero}
// jsProcess = js.Global().Get("process") // fs_js.go init
return newJsVal(goos.RefJsProcess, custom.NameProcess).

2
internal/sysfs/stat_bsd.go
View File

@@ -43,8 +43,6 @@ func statFromFileInfo(t fs.FileInfo) fsapi.Stat_t {
st := fsapi.Stat_t{}
st.Dev = uint64(d.Dev)
st.Ino = d.Ino
st.Uid = d.Uid
st.Gid = d.Gid
st.Mode = t.Mode()
st.Nlink = uint64(d.Nlink)
st.Size = d.Size

2
internal/sysfs/stat_linux.go
View File

@@ -46,8 +46,6 @@ func statFromFileInfo(t fs.FileInfo) fsapi.Stat_t {
st := fsapi.Stat_t{}
st.Dev = uint64(d.Dev)
st.Ino = uint64(d.Ino)
st.Uid = d.Uid
st.Gid = d.Gid
st.Mode = t.Mode()
st.Nlink = uint64(d.Nlink)
st.Size = d.Size

57
internal/sysfs/stat_test.go
View File

@@ -290,60 +290,3 @@ func requireDevIno(t *testing.T, f fsapi.File, st fsapi.Stat_t) {
require.EqualErrno(t, 0, errno)
require.Equal(t, st.Ino, ino)
}
// TestStat_uid_gid is similar to os.TestChown
func TestStat_uid_gid(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("windows")
}
// We don't attempt changing the uid of a file, as only root can do that.
// Also, this isn't a test of chown. The main goal here is to read-back
// the uid, gid, both of which are zero if run as root.
uid := uint32(os.Getuid())
gid := uint32(os.Getgid())
t.Run("Stat", func(t *testing.T) {
tmpDir := t.TempDir()
dir := path.Join(tmpDir, "dir")
require.NoError(t, os.Mkdir(dir, 0o0777))
require.NoError(t, chgid(dir, gid))
st, errno := stat(dir)
require.EqualErrno(t, 0, errno)
require.Equal(t, uid, st.Uid)
require.Equal(t, gid, st.Gid)
})
t.Run("LStat", func(t *testing.T) {
tmpDir := t.TempDir()
link := path.Join(tmpDir, "link")
require.NoError(t, os.Symlink(tmpDir, link))
require.NoError(t, chgid(link, gid))
st, errno := lstat(link)
require.EqualErrno(t, 0, errno)
require.Equal(t, uid, st.Uid)
require.Equal(t, gid, st.Gid)
})
t.Run("statFile", func(t *testing.T) {
tmpDir := t.TempDir()
file := path.Join(tmpDir, "file")
require.NoError(t, os.WriteFile(file, nil, 0o0666))
require.NoError(t, chgid(file, gid))
st, errno := lstat(file)
require.EqualErrno(t, 0, errno)
require.Equal(t, uid, st.Uid)
require.Equal(t, gid, st.Gid)
})
}
func chgid(path string, gid uint32) error {
// Note: In Chown, -1 is means leave the uid alone
return os.Chown(path, -1, int(gid))
}