Running untrusted WASM plugin

[ElvinEfendi]

Will this WASM support provide better isolation and resource limit enforcement than running Lua code? i.e will we be able to limit CPU/memory usage per plugin or reduce API access?

Exciting project btw, thanks for working on this!

[membphis]

It sounds cool feature ^_^

[spacewander]

provide better isolation

Yes. Wasm is expected to be a sandbox environment.

limit CPU/memory usage per plugin

The CPU is managed at the process level, and Wasm is embedded inside Nginx, so there is no way to limit CPU per plugin.

Some Wasm runtimes support limiting memory per plugin. Unfortunately, wasmtime only supports limiting memory at VM level yet.

reduce API access

The API is registered per plugin, so we can register fewer APIs for some untrusted plugins.

[spacewander]

We can switch to a VM per plugin model if the memory limit per plugin is critical.

[ElvinEfendi]

Thanks for the replies, it'd be great to have a page explaining benefits of writing a plugin in this framework than in Lua.

[hanf2x]

According to bytecodealliance/wasmtime-go#101, I think the sys resource limit development is still in progress ?

[LukasForst]

With Wasmtime, you should be able to use ResourceLimitter to limit CPU (with fuel) & Memory (once this PR is released).

This require modification of this nginx plugin, it's not supported out of the box yet. But the Wasmtime C SDK is ready.