Enable WasmEdge roofs support and start writing OCI tests for Wasmedge and Wasmtime

[ipuustin]

Now that we have support for OCI runtime spec for Wasmedge shim, we should try to do two things:

1. find out which OCI spec features are actually reasonable to test for runwasi shims
2. create a set of Wasm modules which exercise those OCI spec features so that we can test them

Those OCI spec features which don't really map to Wasm modules we can try to test on the runtime level, checking for example which capabilities the runtime process has?

This PR adds an external directory for storing/building the Wasm modules and an integration test directory for Wasmedge shim for trying out the OCI spec features. I added some seccomp and device file tests for seeing how this would work in practice. Support for Wasmtime is commented out because the OCI support (#142) hasn't been merged yet, but could be useful in testing the PR.

So, I think the first question is: which OCI features are meaningful and should be tested for Wasm/WASI containers? For example it could be argued that the Wasm modules should never see the device files, but the Wasm runtimes should, so that they could expose the features through the WASI APIs. The second question is that is this approach of having the test Wasm modules in-tree the right way forward? The problem is that it appears to be difficult or impossible to run cargo build for two architectures at the same time (making the tests depend on the Wasm module build).

[Mossaka]

Thanks for contributing more tests for OCI!

I quickly skimmed through the test cases and noticed that the larger part of them are not Wasmedge specific - which means the same set of tests can be port to test the wasmtime shim as well.

After #142 is merged upstream, I am happy to take this task of making these tests available across shims.

[ipuustin]

Thanks for contributing more tests for OCI!

I quickly skimmed through the test cases and noticed that the larger part of them are not Wasmedge specific - which means the same set of tests can be port to test the wasmtime shim as well.

After #142 is merged upstream, I am happy to take this task of making these tests available across shims.

Thanks! In fact the Wasmtime support is already present in the tests but commented out, because the OCI support is not there yet. If you like, you can try rebasing #142 on top of this PR, removing the comments (marked with TODO:) and running the tests.

[jsturtevant]

This is a great, It feels like you're on the verge of creating a framework for testing different module specs. I've made one suggestion to leverage our Instance trait and invert the logic a bit that would make it so we could easily re-use the tests across different runtimes. Let me know if that makes sense

[jsturtevant]

I believe this returns the trait Instance? If so we could invert this. Create the config and the instance outside the module and make this function generic run_test_with_spec and pass in the module.

This would make the tests written below to not be specific calls to each runtime let (output, retval) = common::run_wasmedge_test(&spec, &bytes)?; making it more of a framework.

[jsturtevant]

if you put this in the make target it makes, it will just skip if already present and makes it so some one runs that step they don't miss it

[Mossaka]

Is this PR ready for review? @ipuustin

[ipuustin]

Is this PR ready for review? @ipuustin

It will be shortly -- I'll still add the Wasmtime OCI tests, because the support should be there now with the libcontainer integration.

[ipuustin]

One missing part is that we now need to have a direct dependency to Wasmtime and WasmEdge crates to have access to the engine/Vm object. If we go this way, we probably should have Wasmtime and WasmEdge dependency in the workspace.

[jsturtevant]

#306 built upon this work and is now merged. Thanks @ipuustin for the initial work!