Filesystem access for web applications and native code modules

摘要

One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application.

主权项

1. A computer-implemented method, comprising:
executing, on a computing system, a web application; generating, on the computing system, a private filesystem to manage data storage for the web application, wherein the computing system is configured (i) to allow the web application to access the private filesystem, (ii) to prevent applications other than the web application from accessing the private filesystem, and (iii) to prevent the web application from accessing a host filesystem on the computing system that is external to the private filesystem; identifying a call from the web application to the private filesystem to perform a data storage operation; determining whether a proposed size of the private filesystem that results from performing the data storage operation in response to the identified call exceeds a size limit of the private filesystem; and in response to determining that the proposed size of the private filesystem exceeds the size limit of the private filesystem:
(i) increasing the size limit of the private filesystem,(ii) restricting an ability of the web application to write data to the private filesystem,(iii) generating a notification to present to a user of the computing system,(iv) removing data stored in the private filesystem, or(v) terminating execution of the web application.