Skip to main content

Permissions

Container permissions in Atym define what system capabilities your WebAssembly applications can access at runtime.

How Permissions Work

Permissions serve as a validation mechanism in your build.yaml configuration file, allowing you to declare what capabilities your application expects to use. These permissions correspond directly to the available container APIs - when you declare a permission like networking or ocre_gpio, you're validating against the specific API functions your application calls. Currently, permissions function as a verification tool to ensure your application's requirements align with the intended functionality, rather than actively granting or restricting access to system resources. During the build process, Atym validates that your WebAssembly module only calls functions that correspond to the permissions you've declared.

Skip Validation

If you need to bypass permission validation during development or testing, you can use the --skip-validation flag with the build command:

atym build --skip-validation

Available Permissions

The following permissions are available for use in your container configuration. Each permission corresponds to a specific module and validates access to a set of related functions.

PermissionModuleDescription
networkingwasi_snapshot_preview1Network access and communication
ocre_gpioenvHardware GPIO pin access
ocre_timersenvTimer and scheduling functions
ocre_sensorsenvSensor data access
ocre_messagingenvInter-container messaging

networking

Module: wasi_snapshot_preview1

FunctionDescription
sock_bindBind socket to address
sock_listenListen for connections
sock_send_toSend data to specific address
sock_recv_fromReceive data from address
sock_openOpen network socket
sock_addr_localGet local socket address
sock_addr_remoteGet remote socket address
sock_set_recv_timeoutSet receive timeout
sock_set_send_timeoutSet send timeout
sock_set_send_buf_sizeSet send buffer size
sock_set_recv_buf_sizeSet receive buffer size
sock_set_keep_aliveSet keep-alive option
sock_set_reuse_addrSet address reuse option
sock_set_reuse_portSet port reuse option
sock_set_lingerSet linger option
sock_set_broadcastSet broadcast option
sock_set_tcp_no_delaySet TCP no delay option
sock_set_tcp_keep_idleSet TCP keep idle time
sock_set_tcp_keep_intvlSet TCP keep interval
sock_set_tcp_fastopen_connectSet TCP fast open connect
sock_set_tcp_quick_ackSet TCP quick ACK
sock_set_ip_multicast_loopSet IP multicast loop
sock_set_ip_add_membershipAdd IP multicast membership
sock_set_ip_drop_membershipDrop IP multicast membership
sock_set_ip_ttlSet IP time to live
sock_set_ip_multicast_ttlSet IP multicast TTL
sock_set_ipv6_onlySet IPv6 only option
clock_time_getGet current time
poll_oneoffPoll for events
proc_exitExit process
sock_acceptAccept incoming connection
sock_recvReceive data from socket
sock_sendSend data to socket

ocre_gpio

Module: env

FunctionDescription
ocre_gpio_initInitialize GPIO subsystem
ocre_gpio_configureConfigure GPIO pin
ocre_gpio_pin_setSet GPIO pin value
ocre_gpio_pin_getGet GPIO pin value
ocre_gpio_pin_toggleToggle GPIO pin state
ocre_gpio_register_callbackRegister GPIO interrupt callback
ocre_gpio_unregister_callbackUnregister GPIO interrupt callback

ocre_timers

Module: env

FunctionDescription
ocre_timer_createCreate new timer
ocre_timer_startStart timer
ocre_timer_stopStop timer
ocre_timer_deleteDelete timer
ocre_timer_get_remainingGet remaining timer time
ocre_timer_set_dispatcherSet timer event dispatcher

ocre_sensors

Module: env

FunctionDescription
ocre_sensors_initInitialize sensor subsystem
ocre_sensors_discoverDiscover available sensors
ocre_sensors_openOpen sensor connection
ocre_sensors_get_handleGet sensor handle
ocre_sensors_get_channel_countGet sensor channel count
ocre_sensors_get_channel_typeGet sensor channel type
ocre_sensors_readRead sensor data

ocre_messaging

Module: env

FunctionDescription
ocre_msg_system_initInitialize messaging system
ocre_publish_messagePublish message to topic
ocre_subscribe_messageSubscribe to message topic