From nobody Sun Dec 29 22:36:42 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YLvHp2K2Pz5jvfc for ; Sun, 29 Dec 2024 22:37:26 +0000 (UTC) (envelope-from ararslan@comcast.net) Received: from resqmta-a2p-658480.sys.comcast.net (resqmta-a2p-658480.sys.comcast.net [IPv6:2001:558:fd01:2bb4::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YLvHn4GXGz4c9R for ; Sun, 29 Dec 2024 22:37:25 +0000 (UTC) (envelope-from ararslan@comcast.net) Authentication-Results: mx1.freebsd.org; none Received: from resomta-a2p-647973.sys.comcast.net ([96.103.145.227]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 256/256 bits) (Client did not present a certificate) by resqmta-a2p-658480.sys.comcast.net with ESMTPS id S0vEt0KOdZlduS1uNtBHm1; Sun, 29 Dec 2024 22:37:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=20190202a; t=1735511836; bh=zEFbFkirPTbTUsL1AL9cqXmZ1+cIsRK97KWAuA5cB2M=; h=Received:Received:Content-Type:Mime-Version:Subject:From:Date: Message-Id:To:Xfinity-Spam-Result; b=LzUbZ66TowqdpnwxA6YEZkbi+WQjDKhryBmbDAB8OhFjjiDKrIdoTYS/5A+89G7FP xwNZptowC6kkSGvBeAlEVHjStI3zOviqmTSg+B4/rSJyGS1pVpzksMeugwoAwAHIKe sEafAdlbXpyyqN7unSnC9Q/RWj1N42LoBkIUDjHP3Nx28tDow9SWR8eF4qrkyz1uyf z3HeEBYJvd8JvbkHjPF2mxU0RZvWJk/XD2xY9UkPqqk1lYFy06IiV8bkRyGcFhrSyF bmIcqm/UXbo+8+BkeTNC/wJFlFEoCg+pB3vdRZHDDzBbLWVAM1U2b9R8MbMD5izfGZ JBCZCrcIUduPg== Received: from smtpclient.apple ([174.61.230.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) (Client did not present a certificate) by resomta-a2p-647973.sys.comcast.net with ESMTPSA id S1u0t8BOVwNvGS1u1tiMUQ; Sun, 29 Dec 2024 22:36:55 +0000 Content-Type: text/plain; charset=utf-8 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.300.87.4.3\)) Subject: Re: Using the jail Module with (Base-)Lua on FreeBSD From: Alex Arslan In-Reply-To: <84dccb3a-417d-4074-891c-f9aa418a7161@app.fastmail.com> Date: Sun, 29 Dec 2024 14:36:42 -0800 Cc: Matthias Petermann , freebsd-questions Content-Transfer-Encoding: quoted-printable Message-Id: References: <1de29b99-b23d-4aad-9bbd-2b9df298008b@d2ux.net> <84dccb3a-417d-4074-891c-f9aa418a7161@app.fastmail.com> To: Dave Cottlehuber X-Mailer: Apple Mail (2.3826.300.87.4.3) X-CMAE-Envelope: MS4xfFkkfDQb94c3Xhtti7gxjZ1FI2fyuTgEJ8MyWnD05MWGY33nwDYWoD49m4OxSVrDCYoi6w286LpJtGQ0muwVugKr1T7Tj9TE5fqiwhVcEd39rBT61qyx ky5zcmb3whm5G3OvrhI7I/fis0t+46c+7WTjsi05fwlK9vspQ4lCdBGFIUecCdGr/30FeH0NMgWILb7xqD/Crsk61+1ps4gXKZ17nahqAiiIpL4AHJMkO71P w67c5PPlQK6dgTjewagl0qbJazvhH9vqPrsMJYMV+pQ= X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:7922, ipnet:2001:558::/29, country:US] X-Rspamd-Queue-Id: 4YLvHn4GXGz4c9R X-Spamd-Bar: ---- > On Dec 29, 2024, at 2:13=E2=80=AFPM, Dave Cottlehuber = wrote: >=20 > On Sun, 29 Dec 2024, at 11:26, Matthias Petermann wrote: >> Dear FreeBSD Community, >>=20 >> I am currently working on a FreeBSD system where I am managing = multiple=20 >> Jails using Bastille. Here's a snapshot of the active Jails for = context: >>=20 >> ``` >> user@microserver:~ $ jls >> JID IP Address Hostname Path >> 1 10.0.0.1 dns /usr/local/bastille/jails/dns/root >> 2 10.0.0.10 redmine = /usr/local/bastille/jails/redmine/root >> ... (truncated for brevity) ... >> 63 10.0.0.18 webproxy = /usr/local/bastille/jails/webproxy/root >> ``` >>=20 >> I attempted to use the jail module with Lua (via /usr/libexec/flua), = but=20 >> I encountered issues when trying to load or interact with it. Below = are=20 >> the steps and results: >>=20 >> ``` >> user@microserver:~ $ /usr/libexec/flua >> Lua 5.4.6 Copyright (C) 1994-2023 Lua.org, PUC-Rio >>> package.cpath >> /usr/lib/flua/?.so;/usr/lib/flua/loadall.so;./?.so >>> local jail =3D require("jail") >>> print(jail) >> nil >>> jail.list() >> stdin:1: attempt to index a nil value (global 'jail') >> stack traceback: >> stdin:1: in main chunk >> [C]: in ? >>> local path =3D package.searchpath("jail", package.path) >>> print(path) >> nil >>> local path =3D package.searchpath("jail", package.cpath) >>> print(path) >> nil >> ``` >>=20 >> It seems that the jail module is not accessible through Lua=E2=80=99s = require()=20 >> function, and package.searchpath doesn't locate it either in=20 >> package.path or package.cpath. >>=20 >> Questions: >>=20 >> - Is the jail module supposed to be available by default in=20 >> /usr/libexec/flua? >=20 > yes, but I had the same error you did during interactive flua, > it runs just fine from scripts. Perhaps somebody else can > explain the difference, and if the jail module can be used from > plain lua in ports or not. As I understand it, the difference between interactive vs. script = execution is that each line evaluated at the REPL is evaluated as its own block, = and variables declared `local` are local to the block. Things should work as you expect in the REPL if you drop the `local`s, since Lua variables are in global scope by default. There's a relevant answer on Stack Overflow: https://stackoverflow.com/a/33155461. Unfortunately I can't speak to the differences between the system Lua = and Lua installed from Ports (assuming there are any). >=20 >> - If not, what are the steps to install or enable it? >=20 > https://gist.github.com/dch/ec05fa084a58040d4d5760447cd31d0d has a = couple of examples in it. >=20 > $./jls.lua | column -t > 1 100.64.66.115 ci ci = /jails/instances/14.2-RELEASE-amd64-amd64/ci > 2 100.64.24.38 jenkins jenkins = /jails/instances/14.2-RELEASE-amd64-amd64/jenkins > 3 100.64.0.3 couchdb couchdb = /jails/instances/14.2-RELEASE-amd64-amd64/couchdb > ... > 147 100.64.146.97 zonemaster zonemaster.skunkwerks.at = /jails/instances/14.2-RELEASE-amd64-amd64/zonemaster >=20 > I'm not an idiomatic lua user, but the gist should be there. >=20 > `man 3lua jail` or = https://man.freebsd.org/cgi/man.cgi?query=3Djail&sektion=3D3lua=20 > has docs, I did not find these easy to locate originally. See = intro(3lua) as well. >=20 > A+ > Dave >=20