Suggestion: FS, network, etc isolation

[NoelJacob]

Can we have a feature flag like fs-isolation and net-isolation for complete isolation of runtime from system? Net-isolation as it is set by environment variables can be used when used as binary and net-isolation as a feature can also be added. Fs modules and require from file system features need be enabled only if fs-isolation is not present. I could try a draft pull request for fs-isolation if you could give me some starting pointers.

Here's a link to Node permissions API: https://nodejs.org/api/permissions.html

Also would rquickjs require any changes to implement fs-isolation?

[richarddavison]

This is a great suggestion which doesn't require any changes in rquickjs as these APIs are all exposed by LLRT.

[richarddavison]

@NoelJacob I would suggest adding some isolation checks in the fs modules. Best actually would be to refactor permissions model and add to userdata. That way we can remove the globals.
https://docs.rs/rquickjs/latest/rquickjs/struct.Ctx.html#method.store_userdata
Example how to use userdata:
https://github.com/awslabs/llrt/blob/main/libs/llrt_utils/src/primordials.rs#L40-L58