Re: Using the jail Module with (Base-)Lua on FreeBSD

Reply: Matthias Petermann : "Re: Using the jail Module with (Base-)Lua on FreeBSD"
In reply to: Dave Cottlehuber: "Re: Using the jail Module with (Base-)Lua on FreeBSD"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alex Arslan <ararslan_at_comcast.net>
Date: Sun, 29 Dec 2024 22:36:42 UTC

> On Dec 29, 2024, at 2:13 PM, Dave Cottlehuber <dch@skunkwerks.at> wrote:
> 
> On Sun, 29 Dec 2024, at 11:26, Matthias Petermann wrote:
>> Dear FreeBSD Community,
>> 
>> I am currently working on a FreeBSD system where I am managing multiple 
>> Jails using Bastille. Here's a snapshot of the active Jails for context:
>> 
>> ```
>> user@microserver:~ $ jls
>>    JID  IP Address      Hostname                      Path
>>      1  10.0.0.1        dns /usr/local/bastille/jails/dns/root
>>      2  10.0.0.10       redmine /usr/local/bastille/jails/redmine/root
>>      ... (truncated for brevity) ...
>>     63  10.0.0.18       webproxy /usr/local/bastille/jails/webproxy/root
>> ```
>> 
>> I attempted to use the jail module with Lua (via /usr/libexec/flua), but 
>> I encountered issues when trying to load or interact with it. Below are 
>> the steps and results:
>> 
>> ```
>> user@microserver:~ $ /usr/libexec/flua
>> Lua 5.4.6  Copyright (C) 1994-2023 Lua.org, PUC-Rio
>>> package.cpath
>> /usr/lib/flua/?.so;/usr/lib/flua/loadall.so;./?.so
>>> local jail = require("jail")
>>> print(jail)
>> nil
>>> jail.list()
>> stdin:1: attempt to index a nil value (global 'jail')
>> stack traceback:
>>         stdin:1: in main chunk
>>         [C]: in ?
>>> local path = package.searchpath("jail", package.path)
>>> print(path)
>> nil
>>> local path = package.searchpath("jail", package.cpath)
>>> print(path)
>> nil
>> ```
>> 
>> It seems that the jail module is not accessible through Lua’s require() 
>> function, and package.searchpath doesn't locate it either in 
>> package.path or package.cpath.
>> 
>> Questions:
>> 
>> - Is the jail module supposed to be available by default in 
>> /usr/libexec/flua?
> 
> yes, but I had the same error you did during interactive flua,
> it runs just fine from scripts. Perhaps somebody else can
> explain the difference, and if the jail module can be used from
> plain lua in ports or not.

As I understand it, the difference between interactive vs. script execution
is that each line evaluated at the REPL is evaluated as its own block, and
variables declared `local` are local to the block. Things should work as
you expect in the REPL if you drop the `local`s, since Lua variables are
in global scope by default. There's a relevant answer on Stack Overflow:
https://stackoverflow.com/a/33155461.

Unfortunately I can't speak to the differences between the system Lua and
Lua installed from Ports (assuming there are any).

> 
>> - If not, what are the steps to install or enable it?
> 
> https://gist.github.com/dch/ec05fa084a58040d4d5760447cd31d0d has a couple of examples in it.
> 
> $./jls.lua | column -t
> 1    100.64.66.115   ci           ci                        /jails/instances/14.2-RELEASE-amd64-amd64/ci
> 2    100.64.24.38    jenkins      jenkins                   /jails/instances/14.2-RELEASE-amd64-amd64/jenkins
> 3    100.64.0.3      couchdb      couchdb                   /jails/instances/14.2-RELEASE-amd64-amd64/couchdb
> ...
> 147  100.64.146.97   zonemaster   zonemaster.skunkwerks.at  /jails/instances/14.2-RELEASE-amd64-amd64/zonemaster
> 
> I'm not an idiomatic lua user, but the gist should be there.
> 
> `man 3lua jail` or https://man.freebsd.org/cgi/man.cgi?query=jail&sektion=3lua 
> has docs, I did not find these easy to locate originally. See intro(3lua) as well.
> 
> A+
> Dave
>