-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running untrusted WASM plugin #77
Comments
It sounds cool feature ^_^ |
Yes. Wasm is expected to be a sandbox environment.
The CPU is managed at the process level, and Wasm is embedded inside Nginx, so there is no way to limit CPU per plugin. Some Wasm runtimes support limiting memory per plugin. Unfortunately, wasmtime only supports limiting memory at VM level yet.
The API is registered per plugin, so we can register fewer APIs for some untrusted plugins. |
We can switch to |
Thanks for the replies, it'd be great to have a page explaining benefits of writing a plugin in this framework than in Lua. |
According to bytecodealliance/wasmtime-go#101, I think the sys resource limit development is still in progress ? |
With Wasmtime, you should be able to use This require modification of this nginx plugin, it's not supported out of the box yet. But the Wasmtime C SDK is ready. |
Will this WASM support provide better isolation and resource limit enforcement than running Lua code? i.e will we be able to limit CPU/memory usage per plugin or reduce API access?
Exciting project btw, thanks for working on this!
The text was updated successfully, but these errors were encountered: