This issue tracks progress on enabling lind-wasm to run inside Enarx without relying on Wasmtime’s CLI infrastructure. I have submitted a PR #5 to integrate it into Enarx’s execution flow.
High Level Design
The core design of lind-wasm originally relies heavily on Wasmtime's CLI infrastructure to manage process behavior, including fork, exec, and module instantiation. However, in the Enarx runtime, I decoupled these CLI dependencies and replaced them with a custom host context structure, MyCtx, which retains only the essential components required for lind-wasm to function correctly.
The key responsibilities of lind-wasm’s multi-process support lie in lifetime management and startup configuration for Cage. To support this, I preserved a minimal subset of the original lind-wasm initialization pipeline, including automatic setup of WASI preview1 and thread support. These features are explicitly configured during instantiation, without relying on CLI arguments or pre-baked startup behavior.
In addition, Enarx's native configuration model via Enarx.toml is leveraged to support argument passing. The arguments provided in the TOML file are injected into the WASI context during initial startup. For subsequent exec calls, arguments are derived directly from runtime inputs, with the configuration updated accordingly.
lind-wasm version
Some modifications were made to lind-wasm to support execution on a bare-metal host via Enarx, without depending on Wasmtime CLI logic:
- Clone the lind-wasm repository at the same directory level as the Enarx repo.
- Branch:
run-enarx
- Only compile lind-glibc by running
make_glibc. Due to CLI removal, Wasmtime itself is no longer buildable in this context.
Compilation Commands
Because Enarx disables debug sections for security, any DWARF debug info in the Wasm binary (e.g., from -g or --debug) will cause a DWARF error. These flags should be omitted from all compilation steps.
# Clang compilation
/home/alice/lind-wasm/clang+llvm-16.0.4-x86_64-linux-gnu-ubuntu-22.04/bin/clang \
-pthread --target=wasm32-unknown-wasi --sysroot /home/alice/lind-wasm/src/glibc/sysroot \
-Wl,--import-memory,--export-memory,--max-memory=67108864,--export=__stack_pointer,--export=__stack_low \
<source_code> -O0 -o <output_wasm>
# Asynify and signal injection
/home/alice/lind-wasm/tools/binaryen/bin/wasm-opt --epoch-injection --asyncify -O2 <input_wasm> -o <output_wasm>For Binaries with exec Call
Some binaries that invoke exec will fail with the error signal_callback export not found. This requires explicitly exporting the symbol:
Command:
/home/alice/lind-wasm/clang+llvm-16.0.4-x86_64-linux-gnu-ubuntu-22.04/bin/clang \
-pthread --target=wasm32-unknown-wasi --sysroot /home/alice/lind-wasm/src/glibc/sysroot \
-Wl,--import-memory,--export-memory,--max-memory=67108864,--export=__stack_pointer,--export=__stack_low,--export=signal_callback \
<source_code> -O0 -o <output_wasm>Run
- Run with Enarx.toml (Wasm configuration file)
- Create Enarx.toml according to official template
- Explicitly mention when running
ENARX_WASMCFGFILE=<path_to_Enarx.toml> enarx run <path_to_wasm>
- Run without configuration
This issue tracks progress on enabling lind-wasm to run inside Enarx without relying on Wasmtime’s CLI infrastructure. I have submitted a PR #5 to integrate it into Enarx’s execution flow.
High Level Design
The core design of lind-wasm originally relies heavily on Wasmtime's CLI infrastructure to manage process behavior, including
fork,exec, and module instantiation. However, in the Enarx runtime, I decoupled these CLI dependencies and replaced them with a custom host context structure,MyCtx, which retains only the essential components required for lind-wasm to function correctly.The key responsibilities of lind-wasm’s multi-process support lie in lifetime management and startup configuration for Cage. To support this, I preserved a minimal subset of the original lind-wasm initialization pipeline, including automatic setup of WASI preview1 and thread support. These features are explicitly configured during instantiation, without relying on CLI arguments or pre-baked startup behavior.
In addition, Enarx's native configuration model via
Enarx.tomlis leveraged to support argument passing. The arguments provided in the TOML file are injected into the WASI context during initial startup. For subsequentexeccalls, arguments are derived directly from runtime inputs, with the configuration updated accordingly.lind-wasmversionSome modifications were made to lind-wasm to support execution on a bare-metal host via Enarx, without depending on Wasmtime CLI logic:
run-enarxmake_glibc. Due to CLI removal, Wasmtime itself is no longer buildable in this context.Compilation Commands
Because Enarx disables debug sections for security, any DWARF debug info in the Wasm binary (e.g., from
-gor--debug) will cause aDWARF error. These flags should be omitted from all compilation steps.For Binaries with exec Call
Some binaries that invoke
execwill fail with the errorsignal_callback export not found. This requires explicitly exporting the symbol:Command:
/home/alice/lind-wasm/clang+llvm-16.0.4-x86_64-linux-gnu-ubuntu-22.04/bin/clang \ -pthread --target=wasm32-unknown-wasi --sysroot /home/alice/lind-wasm/src/glibc/sysroot \ -Wl,--import-memory,--export-memory,--max-memory=67108864,--export=__stack_pointer,--export=__stack_low,--export=signal_callback \ <source_code> -O0 -o <output_wasm>Run