Redox paths causing issues with Rust std::path and std::fs
Using scheme:resource
as an absolute path creates several problems.
- Rust's
std::path
crate must be fixed to allow Prefix(Scheme) as the root of an absolute path - After applying the above fix, attempting to allow
:
as a valid character in filenames makesstd::fs::DirEntry
function incorrectly. DirEntry usesPath::join
, which misinterprets the:
-containing path as absolute. It may be possible to patchstd::fs::DirEntry
to not usePath::join
. -
:
cannot be used as a separator in$PATH
and PATH-like variables. This can be solved but it creates headaches with additional porting effort and/or creating symbolic links that don't use schemes. -
:
is allowed in Linux paths. It's unclear how much Linux software will have to be patched to recognize scheme-rooted paths as absolute, and disallow/replace ':' in paths.
There are several possible solutions to the above problems. Some suggestions are given below. The options are not necessarily mutually exclusive.
- Disallow
:
in filenames (i.e. status quo). This is partially implemented in Redox in a few places, but kind of haphazardly. It's most effectively handled in RedoxFS as the node is about to be created in the directory, where filenames containing:
are rejected. We would have to decide where the correct places are in the code to reject filenames with:
(e.g. Relibc). - Don't support Scheme prefixes in normal programs. Filenames containing
:
would be treated as normal filenames. Canonicalize would treat a path starting withname:
as a relative path and would prepend$PWD
. We could permit a program to still open a scheme path if it uses libredox, but we would mostly use symbolic links from the filesystem to schemes, or have custom tools that are scheme-aware. - Use a different format for scheme, that starts with '/'. For example,
/scheme:
would work fine. It would allow us to usestd::path::Path
unmodified, and Linux programs would work fine. In RedoxFS (and other schemes that allow creating names), we could disallow filenames containing:
at the root, to prevent any ambiguity or spoofing. - Make schemes end in
:/
or://
, e.g.scheme://path
. Then we can make directory names ending in:
illegal. We would have to find a workaround for illegal directory names on Linux-native filesystems, e.g. treat them as unreadable. This would allow us to treata:b
unambiguously as a valid filename. - Use a substitute character for
:
in filenames, e.g. . I don't think this could be done transparently, so it's not really feasible, but I thought I should mention it. This is sometimes done when mapping Linux filesystems into Windows, percent-encoding is used.
A proposed solution is the following.
- Implement
openat
, so most programs will not use schemes. This will allow us to implement option 2 above easily. We also prevent the possibility of spoofing schemes, as users would not normally use them, so any fake scheme-like path would not confuse the user. - Use e.g.
/scheme:/
as the usual format for schemes. This will allow us to use most Linux and Rust software unmodified.std::path
andstd:fs
would no longer require Redox-specific code. We would still need/want to use absolute paths that don't start with a scheme to be treated as/file:/path
, so we can use symbolic links that do not contain:
. We could allow programs usinglibredox
to use the current scheme format, but code that usesstd::path::Path
would not. - Disable
:
in top level directories, to prevent confusion with schemes. If we require one or two slashes following a scheme for all schemes, i.e./scheme:/
or/scheme://
, then we can reduce our restriction to "top level directories cannot end in:
".