wasi:fs mutate-directory ignored

[MendyBerger]

Overview

As far as I can tell, wasmtime never checks descriptor-flags.mutate-directory.

Also, wasmtime seems to be passing down mutate-directory in open-at even when the caller/guest doesn't ask for it.

See line 1054 where the parent's permissions are just passed down:

wasmtime/crates/wasi/src/filesystem.rs

Lines 1052 to 1058 in 33e8b3d

	OpenResult::Dir(dir) => Ok(Descriptor::Dir(Dir::new(
	dir,
	self.perms,
	self.file_perms,
	open_mode,
	allow_blocking_current_thread,
	))),

Expected Results

mutate-directory should be required when editing directories, and should not be passed down from the parent automatically.

Actual Results

mutate-directory is ignored, and is passed down from the parent automatically.

[alexcrichton]

I mentioned a bit of this on Zulip as well, but I suspect this is a mixture of being historically ambitious about what would be done coupled with this hasn't really aged well coupled with a lack of tests. I think it's reasonable to tweak behavior here as necessary and avoid taking Wasmtime as the source of truth. Would you be up for sending a PR to adjust the aspects you feel need changing?

[MendyBerger]

Sure, will take a stab at it

[MendyBerger]

Note to self as I'm looking into this:

Descriptor's flags should match what was passed to open-at
https://github.com/WebAssembly/WASI/blob/5b0aa5140c4021071a4acdc35ec2b56a2fb45854/proposals/filesystem/wit/types.wit#L550

Wasmtime sets OpenMode::READ based only on DescriptorFlags::READ

wasmtime/crates/wasi/src/filesystem.rs

Lines 970 to 972 in d5f1b97

	if flags.contains(DescriptorFlags::READ) {
	opts.read(true);
	open_mode |= OpenMode::READ;

wasmtime asumes OpenMode::READ also included DescriptorFlags::MUTATE_DIRECTORY

wasmtime/crates/wasi/src/filesystem.rs

Lines 545 to 546 in d5f1b97

	if d.open_mode.contains(OpenMode::WRITE) {
	flags |= DescriptorFlags::MUTATE_DIRECTORY;