The fix contains an errno remapping in macOS case where in case
when we try to rename a file into a path with a trailing slash an
ENOENT is returned. In this case, if the destination does not exist,
an ENOTDIR should be thrown as is thrown correctly on Linux hosts.
Thus, as a fix, if an ENOENT is thrown, an additional check is
performed to see whether the destination path indeed contains
a trailing slash, and if so, the errno is adjusted to ENOTDIR
to match the POSIX/WASI spec.
* Mark public API functions as unsafe.
This marks the public hostcalls functions as unsafe.
This is generalizing from Rust's `from_raw_fd` function, which is
unsafe. The observation is that nothing prevents code using this
function from passing a bogus or stale dangling file descriptor and
corrupting an arbitrary open stream.
Technically, some of these functions don't use file descriptors, such as
random, clocks, and a few others. However I expect that in the future,
random and clocks will switch to using file descriptors anyway, and it
keeps the macro definitions simpler if we only have to handle one form.
* Mark WasiCtx functions that operate on file descriptors unsafe too.
* `fd_filestat_set_times_impl` doesn't need to be unsafe.
* Remove unnecessary unsafes
Functions which trust that their arguments are valid raw file descriptors
or raw handles should be marked unsafe, because these arguments are
passed unchecked to I/O routines.
* Fix fd_readdir on BSD-style nixes
The fix was tested on Darwin-XNU and FreeBSD. The change introduces
thread-safe cache of (RawFd, *mut libc::DIR) pairs so that
libc::fdopendir syscall is called only once when invoking fd_readdir
for the first time, and then the pointer to the directory stream,
*mut libc::DIR, is reused until the matching raw file descriptor
is closed.
This fix allows then correct use (and matching to the implementation
on Linux kernels) of libc::seekdir and libc::rewinddir to seek through
and rewind the existing directory stream, *mut libc::DIR, which
otherwise seems to be reset/invalidated every time libc::fdopendir
is called (unlike on Linux, where this behaviour is not observed).
* Store dir stream as part of the FdEntry's Descriptor
* Move bsd specifics into separate module
* Add todo comments and fix formatting
* Refactor int conversions
* Emphasise in debug logs that we're looking at fd_readdir entry
* Change visibility of FdEntry and related to public-private
* Rewrite creating DirStream for the first time
* Move path_get outside of sys module
* Add implementation of readlinkat
* Clean up path_open; use OpenOptions as much as possible
* Enable close_preopen test
* Implement path_create_directory; fix path_open
* Refactor path concatenation onto a descriptor
* Implement path_remove_directory
* Implement path_unlink_file
* Rewrite path_open using specific access mask
* Fix error mapping when unlinking file
* Fix readlinkat to pass nofollow_errors testcase
* Clean up winerror to WASI conversion
* Spoof creating dangling symlinks on windows (hacky!)
* Add positive testcase for readlink
* Implement path_readlink (for nonzero buffers for now)
* Clean up
* Add Symlink struct immitating *nix symlink
* Fix path_readlink
* Augment interesting_paths testcase with trailing slashes example
* Encapsulate path_get return value as PathGet struct
* Remove dangling symlink emulation
* Extract dangling symlinks into its own testcase
This way, we can re-enable nofollow_errors testcase
on Windows also.
* Return __WASI_ENOTCAPABLE if user lacks perms to symlink
* Implement fd_filestat_get for all platforms
* Remove an old comment
* Remove panics from the syscall wrappers
* Return WASI error type
* Reuse Metadata if possible to save syscalls.
* Refactor the change for two separate fd_filestat_get_impl
* Refactor error handling
