Disallow mounting folders on the guest's root for WASIX modules

[Arshia001]

No description provided.

[promptless]

📝 Documentation updates detected! A separate PR for documentation updates has been made here: wasmerio/docs.wasmer.io#122

[charmitro]

Also,

Tested-by: Charalampos Mitrodimas charalampos@wasmer.io

[syrusakbary]

This PR might have some implications, that we don't want. I remember other programs using mapdir=.:/ to make Python work for example. We may want to use that directory instead (and not mount any other dir) if / is provided. Lets follow up in a sync

[Arshia001]

@syrusakbary in fact, that's exactly what this PR is trying to prevent. Mounting things on / messes up a lot of assumptions in WASIX, including:

• We put commands from packages in /bin and /usr/bin. If / is mounted, those will get overwritten and be inaccessible.
• Packages mount volumes, which contain necessary files without which they won't run. Python is in fact a great example of this. If I were to just mount something on /, I'd lose all the data files that came with the python package, ending up with a broken application.
  • Same with PHP, if I mount a website's root on /, I lose all the openssl data files and HTTPS will be broken for example.
  • I do believe python was the motivation behind the custom behavior of mounting . on /home with --dir .. I think that's what you're thinking of as well.

[marxin]

@Arshia001 The PR seems to be pretty close to be merged, can you rebase it?

[Copilot]

Pull request overview

This PR adds validation to prevent mounting folders on the guest's root directory ("/") for WASIX modules, addressing a security and filesystem organization concern. The restriction is enforced at multiple levels of the stack to ensure comprehensive coverage.

• Added is_wasix parameter throughout the call chain to differentiate WASIX from regular WASI modules
• Implemented validation checks in package loading, filesystem mounting, and CLI argument processing
• Created a new error type MountOnRoot for clear error reporting

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
lib/wasix/src/runtime/package_loader/load_package_tree.rs	Added validation in filesystem_v3 and filesystem_v2 to reject mounts at "/"; removed unused sorting code
lib/package/src/package/package.rs	Added MountOnRoot error variant and validation check in Package construction for wasmer.toml files
lib/cli/src/commands/run/wasi.rs	Added is_wasix parameter to build_mapped_directories with validation for --dir=/ and --mapdir /:<HOST_PATH> flags; adjusted default guest paths based on module type
lib/cli/src/commands/run/mod.rs	Added is_wasix parameter to build_wasi_runner and updated all call sites to pass appropriate value (hardcoded true for webcs, dynamically determined for modules)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[syrusakbary]

Need tests (and convert this into a warning)

[Arshia001]

@syrusakbary since we turned the errors into warnings, there's not much we can actually test.

[zebreus]

The only thing that really changed is

if is_wasix {
                        MAPPED_CURRENT_DIR_DEFAULT_PATH.to_string()
                    } else {
                        "/".to_string()
                    },

[zebreus]

This is the only thing that really changed. I don't understand why this change is made and if it is an improvement.

[zebreus]

@Arshia001 If you are 100% certain this is a good idea, then go ahead and merge

[Arshia001]

@zebreus this is kind of the main issue! With WASI modules, nothing is mounted in the module's FS by default, so it's OK to mount wherever. With WASIX, we mount a lot of stuff in by default, so you don't want a mount on the root.

Now, with WASI, since there is no host-side CWD and you're at / by default, you just have to mount directly in / to make the files available to the module with relative paths. With WASIX, we mount into /home and cd into it.

[zebreus]

What I don't understand is that when MAPPED_CURRENT_DIR_DEFAULT_PATH is already defined to /home and that seems to work just fine.

If I understand you correctly the reason for the change is to make sure that the mountpoint is always the CWD, which it can't be for WASI. But we also can't always mount to / because that won't work for WASIX...

[zebreus]

So in the past, the dir was just mounted to /home for WASI and now it isn't anymore. While this could be breaking, it's probably an improvement. However I don't like that it's one more inconsistency.