You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+21-4Lines changed: 21 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,6 +30,15 @@ The plugins like `ls` or `cat` can interact with the filesystem using the primit
30
30
- on the CLI, a folder from the disk is mounted via the `--dir` flag
31
31
- on the browser, a virtual filesystem is mounted, the I/O operations are forwarded via the `@bytecodealliance/preview2-shim/filesystem` shim, which shims the `wasi:filesystem` filesystem interface
32
32
33
+
The CLI host `pluginlab` supports the same kinds of permissions deno introduced:
34
+
35
+
-`--allow-net`: allows network access to the plugins, you can specify a list of domains comma separated (by default, no network access is allowed)
36
+
-`--allow-read`: allows read access to the filesystem
37
+
-`--allow-write`: allows write access to the filesystem
38
+
-`--allow-all`: allows all permissions (same as all the flags above), short: `-A`
39
+
40
+
This is what it means by plugins being "sandboxed by default" - you can take any plugin from anywhere, if you don't allow any access, it won't be able to make any network request or read/write to your filesystem and it will be constrained to its own part of the memory.
Check the online demo at<br/><ahref="https://topheman.github.io/webassembly-component-model-experiments/">topheman.github.io/webassembly-component-model-experiments</a>
Copy file name to clipboardExpand all lines: crates/pluginlab/README.md
+17-2Lines changed: 17 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,6 +25,15 @@ The plugins like `ls` or `cat` can interact with the filesystem using the primit
25
25
- on the CLI, a folder from the disk is mounted via the `--dir` flag
26
26
- on the browser, a virtual filesystem is mounted, the I/O operations are forwarded via the `@bytecodealliance/preview2-shim/filesystem` shim, which shims the `wasi:filesystem` filesystem interface
27
27
28
+
The CLI host `pluginlab` supports the same kinds of permissions deno introduced:
29
+
30
+
-`--allow-net`: allows network access to the plugins, you can specify a list of domains comma separated (by default, no network access is allowed)
31
+
-`--allow-read`: allows read access to the filesystem
32
+
-`--allow-write`: allows write access to the filesystem
33
+
-`--allow-all`: allows all permissions (same as all the flags above), short: `-A`
34
+
35
+
This is what it means by plugins being "sandboxed by default" - you can take any plugin from anywhere, if you don't allow any access, it won't be able to make any network request or read/write to your filesystem and it will be constrained to its own part of the memory.
36
+
28
37
More details on the github repo: [topheman/webassembly-component-model-experiments](https://github.com/topheman/webassembly-component-model-experiments).
0 commit comments