From nobody Sun Dec 29 22:13:59 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YLtnC1NxDz5jtMK for ; Sun, 29 Dec 2024 22:14:23 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from fhigh-b2-smtp.messagingengine.com (fhigh-b2-smtp.messagingengine.com [202.12.124.153]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YLtnB3GyXz4YSl for ; Sun, 29 Dec 2024 22:14:22 +0000 (UTC) (envelope-from dch@skunkwerks.at) Authentication-Results: mx1.freebsd.org; none Received: from phl-compute-02.internal (phl-compute-02.phl.internal [10.202.2.42]) by mailfhigh.stl.internal (Postfix) with ESMTP id 7C2E72540086; Sun, 29 Dec 2024 17:14:20 -0500 (EST) Received: from phl-imap-02 ([10.202.2.81]) by phl-compute-02.internal (MEProxy); Sun, 29 Dec 2024 17:14:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm3; t=1735510460; x=1735596860; bh=Btg9baLZgBMGF5BGEPJUZ5udYkZEwZbN Xui4QIFhJQI=; b=mFe0vTn912Rpa9FQLfDRobESvyNdDmQHmb5bzxOWdFVVQsrg ePUJfXclUtvZdpkVvrzEt7UaKG7Uu7wjTrZwQNVkK9DD7cacn0VRhUH/T/zAW/8k t9hDhjXTrIWeQ50ZEvzGhvvVqowo+pEMR56/U4if+b4bU9LWvk237sJwjfUuJQ50 UEaOhgJ10w4eqfFVaRumLW+dsPCOxO7hDQyQJ8rxe99YWu4aSmR/WuVGlWu0BXf7 s1EZjACa7QyMLSruOu2H2OQ2YUt0U21tft7Z4kwV16k4UIw0sTSaKbg2cf9Jcnni +VCA781aJiWlUIXkyn3gdxCE/4o5z/sJ64LayQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735510460; x= 1735596860; bh=Btg9baLZgBMGF5BGEPJUZ5udYkZEwZbNXui4QIFhJQI=; b=p qvlsJSD7Bl6xNmA2aTwVD4ue8qLxlpka0yq2oLdrOcMyNZcUajghKWmn1srmgo6c x5WEyyxqRG2Kms0Gjz8wbM2hEBkrMnOTWRgxq2xs0osdFhcTuJxOSb+leiGV9ISQ euSX4UH3QUyxEbvp7XHoyg+cujhRn3pFgWEYLEJe1f+n6gYOiAoBtgwNPYM9Vebx 1Oty5eijmEpZdMuKCJKlOpVevEYio23182giA30QS5t7SaA+wQ1MEe/j3wlGIflp 60ZuU1UqLS0USnU8vdM8orPKIwDPldh0TeYosnrOKsjI66/HgpJ4nDVBSLA+Ccz8 G9x76k2QkdhYDvCTfavow== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddvgedgudeivdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg hnthhsucdlqddutddtmdenucfjughrpefoggffhffvvefkjghfufgtgfesthhqredtredt jeenucfhrhhomhepfdffrghvvgcuvehothhtlhgvhhhusggvrhdfuceouggthhesshhkuh hnkhifvghrkhhsrdgrtheqnecuggftrfgrthhtvghrnhepiedthfeujefgkefgjeegleev gfelfeethfeifeejtdfggeevieejheffjeekfedunecuffhomhgrihhnpehgihhthhhusg drtghomhdpshhkuhhnkhifvghrkhhsrdgrthdpfhhrvggvsghsugdrohhrghenucevlhhu shhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegutghhsehskhhunh hkfigvrhhkshdrrghtpdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdp rhgtphhtthhopehmrghtthhhihgrshesugdvuhigrdhnvghtpdhrtghpthhtohepfhhrvg gvsghsugdqqhhuvghsthhiohhnshesfhhrvggvsghsugdrohhrgh X-ME-Proxy: Feedback-ID: ic0e84090:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id BA6F7B00069; Sun, 29 Dec 2024 17:14:19 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Date: Sun, 29 Dec 2024 22:13:59 +0000 From: "Dave Cottlehuber" To: "Matthias Petermann" Cc: freebsd-questions Message-Id: <84dccb3a-417d-4074-891c-f9aa418a7161@app.fastmail.com> In-Reply-To: <1de29b99-b23d-4aad-9bbd-2b9df298008b@d2ux.net> References: <1de29b99-b23d-4aad-9bbd-2b9df298008b@d2ux.net> Subject: Re: Using the jail Module with (Base-)Lua on FreeBSD Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:151847, ipnet:202.12.124.0/24, country:AU] X-Rspamd-Queue-Id: 4YLtnB3GyXz4YSl X-Spamd-Bar: ---- On Sun, 29 Dec 2024, at 11:26, Matthias Petermann wrote: > Dear FreeBSD Community, > > I am currently working on a FreeBSD system where I am managing multipl= e=20 > Jails using Bastille. Here's a snapshot of the active Jails for contex= t: > > ``` > user@microserver:~ $ jls > JID IP Address Hostname Path > 1 10.0.0.1 dns /usr/local/bastille/jails/dns/root > 2 10.0.0.10 redmine /usr/local/bastille/jails/redmine/root > ... (truncated for brevity) ... > 63 10.0.0.18 webproxy /usr/local/bastille/jails/webproxy/r= oot > ``` > > I attempted to use the jail module with Lua (via /usr/libexec/flua), b= ut=20 > I encountered issues when trying to load or interact with it. Below ar= e=20 > the steps and results: > > ``` > user@microserver:~ $ /usr/libexec/flua > Lua 5.4.6 Copyright (C) 1994-2023 Lua.org, PUC-Rio >> package.cpath > /usr/lib/flua/?.so;/usr/lib/flua/loadall.so;./?.so >> local jail =3D require("jail") >> print(jail) > nil >> jail.list() > stdin:1: attempt to index a nil value (global 'jail') > stack traceback: > stdin:1: in main chunk > [C]: in ? >> local path =3D package.searchpath("jail", package.path) >> print(path) > nil >> local path =3D package.searchpath("jail", package.cpath) >> print(path) > nil > ``` > > It seems that the jail module is not accessible through Lua=E2=80=99s = require()=20 > function, and package.searchpath doesn't locate it either in=20 > package.path or package.cpath. > > Questions: > > - Is the jail module supposed to be available by default in=20 > /usr/libexec/flua? yes, but I had the same error you did during interactive flua, it runs just fine from scripts. Perhaps somebody else can explain the difference, and if the jail module can be used from plain lua in ports or not. > - If not, what are the steps to install or enable it? https://gist.github.com/dch/ec05fa084a58040d4d5760447cd31d0d has a coupl= e of examples in it. $./jls.lua | column -t 1 100.64.66.115 ci ci /jails/insta= nces/14.2-RELEASE-amd64-amd64/ci 2 100.64.24.38 jenkins jenkins /jails/insta= nces/14.2-RELEASE-amd64-amd64/jenkins 3 100.64.0.3 couchdb couchdb /jails/insta= nces/14.2-RELEASE-amd64-amd64/couchdb ... 147 100.64.146.97 zonemaster zonemaster.skunkwerks.at /jails/insta= nces/14.2-RELEASE-amd64-amd64/zonemaster I'm not an idiomatic lua user, but the gist should be there. `man 3lua jail` or https://man.freebsd.org/cgi/man.cgi?query=3Djail&sekt= ion=3D3lua=20 has docs, I did not find these easy to locate originally. See intro(3lua= ) as well. A+ Dave