fix(p2-shim): correct read/write semantics

= · = · commit ea05fe70dc65 · 2026-03-16T11:08:08.000-04:00
diff --git a/packages/preview2-shim/lib/nodejs/filesystem.js b/packages/preview2-shim/lib/nodejs/filesystem.js
@@ -81,6 +81,11 @@ class Descriptor {
 
   static _createPreopen(hostPreopen) {
     const descriptor = new Descriptor();
+    descriptor.#mode = {
+      read: true,
+      write: true,
+      mutateDirectory: true,
+    };
     descriptor.#hostPreopen = hostPreopen.endsWith("/")
       ? hostPreopen.slice(0, -1) || "/"
       : hostPreopen;
@@ -353,6 +358,25 @@ class Descriptor {
     if (preopenEntries.length === 0) {
       throw "access";
     }
+    // https://github.com/WebAssembly/WASI/blob/b7ee9febdcc0652aef5aeaf80dc329d240eb84e8/proposals/filesystem/wit/types.wit#L532-L534
+    // > If `flags` contains `descriptor-flags::mutate-directory`, and the base
+    // > descriptor doesn't have `descriptor-flags::mutate-directory` set,
+    // > `open-at` fails with `error-code::read-only`.
+    if (descriptorFlags.mutateDirectory && !this.#mode?.mutateDirectory) {
+      throw "read-only";
+    }
+    // https://github.com/WebAssembly/WASI/blob/b7ee9febdcc0652aef5aeaf80dc329d240eb84e8/proposals/filesystem/wit/types.wit#L536-L539
+    // > If `flags` contains `write` or `mutate-directory`, or `open-flags`
+    // > contains `truncate` or `create`, and the base descriptor doesn't have
+    // > `descriptor-flags::mutate-directory` set, `open-at` fails with
+    // > `error-code::read-only`.
+    if(
+      !this.#mode?.mutateDirectory
+      &&
+      (descriptorFlags.write || descriptorFlags.mutateDirectory || openFlags.truncate || openFlags.create)
+    ) {
+      throw "read-only";
+    }
     const fullPath = this.#getFullPath(path, pathFlags.symlinkFollow);
     let fsOpenFlags = 0x0;
     if (openFlags.create) {
@@ -383,7 +407,7 @@ class Descriptor {
     if (!pathFlags.symlinkFollow) {
       fsOpenFlags |= constants.O_NOFOLLOW;
     }
-    if (descriptorFlags.requestedWriteSync || descriptorFlags.mutateDirectory) {
+    if (descriptorFlags.requestedWriteSync) {
       throw "unsupported";
     }
     // Currently throw to match Wasmtime
diff --git a/packages/preview2-shim/test/test.js b/packages/preview2-shim/test/test.js
@@ -894,6 +894,235 @@ suite("Sandboxing", () => {
     }),
   );
 });
+suite("FS openAt descriptor flags", () => {
+  test("preopen descriptor has read, write, and mutateDirectory flags", async () => {
+    const { filesystem } = await import("@bytecodealliance/preview2-shim");
+    const [[rootDescriptor]] = filesystem.preopens.getDirectories();
+    const flags = rootDescriptor.getFlags();
+    assert.strictEqual(flags.read, true);
+    assert.strictEqual(flags.write, true);
+    assert.strictEqual(flags.mutateDirectory, true);
+  });
+
+  test(
+    "openAt with mutateDirectory descriptor flag succeeds on preopen",
+    testWithGCWrap(async () => {
+      const { mkdtemp, mkdir } = await import("node:fs/promises");
+      const { tmpdir } = await import("node:os");
+      const { sep, normalize } = await import("node:path");
+      const { WASIShim } = await import("@bytecodealliance/preview2-shim/instantiation");
+
+      const tmpDir = await mkdtemp(normalize(tmpdir() + sep));
+      await mkdir(`${tmpDir}/subdir`);
+
+      const shim = new WASIShim({
+        sandbox: { preopens: { "/work": tmpDir } },
+      });
+      const importObj = shim.getImportObject();
+      const [[rootDescriptor]] = importObj["wasi:filesystem/preopens"].getDirectories();
+
+      const dirDescriptor = rootDescriptor.openAt(
+        {},
+        "subdir",
+        { directory: true },
+        { read: true, mutateDirectory: true },
+      );
+      dirDescriptor[symbolDispose]();
+    }),
+  );
+
+  test(
+    "openAt with create and write flags succeeds on preopen",
+    testWithGCWrap(async () => {
+      const { mkdtemp } = await import("node:fs/promises");
+      const { tmpdir } = await import("node:os");
+      const { sep, normalize } = await import("node:path");
+      const { WASIShim } = await import("@bytecodealliance/preview2-shim/instantiation");
+
+      const tmpDir = await mkdtemp(normalize(tmpdir() + sep));
+
+      const shim = new WASIShim({
+        sandbox: { preopens: { "/work": tmpDir } },
+      });
+      const importObj = shim.getImportObject();
+      const [[rootDescriptor]] = importObj["wasi:filesystem/preopens"].getDirectories();
+
+      const fd = rootDescriptor.openAt(
+        {},
+        "test-file.txt",
+        { create: true },
+        { write: true },
+      );
+      fd[symbolDispose]();
+    }),
+  );
+
+  test(
+    "openAt read-only on read-only base descriptor succeeds",
+    testWithGCWrap(async () => {
+      const { mkdtemp, mkdir, writeFile } = await import("node:fs/promises");
+      const { tmpdir } = await import("node:os");
+      const { sep, normalize } = await import("node:path");
+      const { WASIShim } = await import("@bytecodealliance/preview2-shim/instantiation");
+
+      const tmpDir = await mkdtemp(normalize(tmpdir() + sep));
+      await mkdir(`${tmpDir}/subdir`);
+      await writeFile(`${tmpDir}/subdir/existing.txt`, "hello");
+
+      const shim = new WASIShim({
+        sandbox: { preopens: { "/work": tmpDir } },
+      });
+      const importObj = shim.getImportObject();
+      const [[rootDescriptor]] = importObj["wasi:filesystem/preopens"].getDirectories();
+
+      const readOnlyDir = rootDescriptor.openAt(
+        {},
+        "subdir",
+        { directory: true },
+        { read: true },
+      );
+
+      const fd = readOnlyDir.openAt({}, "existing.txt", {}, { read: true });
+      fd[symbolDispose]();
+      readOnlyDir[symbolDispose]();
+    }),
+  );
+
+  test(
+    "openAt throws read-only when base lacks mutateDirectory and write requested",
+    testWithGCWrap(async () => {
+      const { mkdtemp, mkdir, writeFile } = await import("node:fs/promises");
+      const { tmpdir } = await import("node:os");
+      const { sep, normalize } = await import("node:path");
+      const { WASIShim } = await import("@bytecodealliance/preview2-shim/instantiation");
+
+      const tmpDir = await mkdtemp(normalize(tmpdir() + sep));
+      await mkdir(`${tmpDir}/subdir`);
+      await writeFile(`${tmpDir}/subdir/existing.txt`, "hello");
+
+      const shim = new WASIShim({
+        sandbox: { preopens: { "/work": tmpDir } },
+      });
+      const importObj = shim.getImportObject();
+      const [[rootDescriptor]] = importObj["wasi:filesystem/preopens"].getDirectories();
+
+      const readOnlyDir = rootDescriptor.openAt(
+        {},
+        "subdir",
+        { directory: true },
+        { read: true },
+      );
+
+      throws(
+        () => readOnlyDir.openAt({}, "existing.txt", {}, { write: true }),
+        (err) => err === "read-only",
+      );
+
+      readOnlyDir[symbolDispose]();
+    }),
+  );
+
+  test(
+    "openAt throws read-only when base lacks mutateDirectory and create requested",
+    testWithGCWrap(async () => {
+      const { mkdtemp, mkdir } = await import("node:fs/promises");
+      const { tmpdir } = await import("node:os");
+      const { sep, normalize } = await import("node:path");
+      const { WASIShim } = await import("@bytecodealliance/preview2-shim/instantiation");
+
+      const tmpDir = await mkdtemp(normalize(tmpdir() + sep));
+      await mkdir(`${tmpDir}/subdir`);
+
+      const shim = new WASIShim({
+        sandbox: { preopens: { "/work": tmpDir } },
+      });
+      const importObj = shim.getImportObject();
+      const [[rootDescriptor]] = importObj["wasi:filesystem/preopens"].getDirectories();
+
+      const readOnlyDir = rootDescriptor.openAt(
+        {},
+        "subdir",
+        { directory: true },
+        { read: true },
+      );
+
+      throws(
+        () => readOnlyDir.openAt({}, "new-file.txt", { create: true }, { read: true }),
+        (err) => err === "read-only",
+      );
+
+      readOnlyDir[symbolDispose]();
+    }),
+  );
+
+  test(
+    "openAt throws read-only when base lacks mutateDirectory and truncate requested",
+    testWithGCWrap(async () => {
+      const { mkdtemp, mkdir, writeFile } = await import("node:fs/promises");
+      const { tmpdir } = await import("node:os");
+      const { sep, normalize } = await import("node:path");
+      const { WASIShim } = await import("@bytecodealliance/preview2-shim/instantiation");
+
+      const tmpDir = await mkdtemp(normalize(tmpdir() + sep));
+      await mkdir(`${tmpDir}/subdir`);
+      await writeFile(`${tmpDir}/subdir/existing.txt`, "hello");
+
+      const shim = new WASIShim({
+        sandbox: { preopens: { "/work": tmpDir } },
+      });
+      const importObj = shim.getImportObject();
+      const [[rootDescriptor]] = importObj["wasi:filesystem/preopens"].getDirectories();
+
+      const readOnlyDir = rootDescriptor.openAt(
+        {},
+        "subdir",
+        { directory: true },
+        { read: true },
+      );
+
+      throws(
+        () => readOnlyDir.openAt({}, "existing.txt", { truncate: true }, { write: true }),
+        (err) => err === "read-only",
+      );
+
+      readOnlyDir[symbolDispose]();
+    }),
+  );
+
+  test(
+    "openAt throws read-only when base lacks mutateDirectory and mutateDirectory requested",
+    testWithGCWrap(async () => {
+      const { mkdtemp, mkdir } = await import("node:fs/promises");
+      const { tmpdir } = await import("node:os");
+      const { sep, normalize } = await import("node:path");
+      const { WASIShim } = await import("@bytecodealliance/preview2-shim/instantiation");
+
+      const tmpDir = await mkdtemp(normalize(tmpdir() + sep));
+      await mkdir(`${tmpDir}/subdir`);
+
+      const shim = new WASIShim({
+        sandbox: { preopens: { "/work": tmpDir } },
+      });
+      const importObj = shim.getImportObject();
+      const [[rootDescriptor]] = importObj["wasi:filesystem/preopens"].getDirectories();
+
+      const readOnlyDir = rootDescriptor.openAt(
+        {},
+        "subdir",
+        { directory: true },
+        { read: true },
+      );
+
+      throws(
+        () => readOnlyDir.openAt({}, "subdir", { directory: true }, { read: true, mutateDirectory: true }),
+        (err) => err === "read-only",
+      );
+
+      readOnlyDir[symbolDispose]();
+    }),
+  );
+});
+
 suite("Browser shim guards", () => {
   test("pollList throws on empty list", async () => {
     const { poll } = await import("../lib/browser/io.js");
