Re: Using the jail Module with (Base-)Lua on FreeBSD

In reply to: Alex Arslan : "Re: Using the jail Module with (Base-)Lua on FreeBSD"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Matthias Petermann <matthias_at_d2ux.net>
Date: Mon, 30 Dec 2024 12:49:16 UTC
Hello Dave and Alex,

thank you both for your helpful input!

On 12/29/24 23:36, Alex Arslan wrote:
>> On Dec 29, 2024, at 2:13 PM, Dave Cottlehuber <dch@skunkwerks.at> wrote:
>> yes, but I had the same error you did during interactive flua,
>> it runs just fine from scripts. Perhaps somebody else can
>> explain the difference, and if the jail module can be used from
>> plain lua in ports or not.
> 
> As I understand it, the difference between interactive vs. script execution
> is that each line evaluated at the REPL is evaluated as its own block, and
> variables declared `local` are local to the block. Things should work as
> you expect in the REPL if you drop the `local`s, since Lua variables are
> in global scope by default. There's a relevant answer on Stack Overflow:
> https://stackoverflow.com/a/33155461.

Your explanation about the Lua interpreter’s behavior in the interactive 
REPL clarified the situation for me. Dropping the local keyword resolved 
the issue immediately—something I should have realized myself, given 
that it’s a known characteristic of Lua.

```
user@microserver:~ $ /usr/libexec/flua
Lua 5.4.6  Copyright (C) 1994-2023 Lua.org, PUC-Rio
 > jail=require("jail")
 > jail.list()
function: 0x311f496128e0	jail iterator metatable: 0x33cb1ee13af8
 > for j in jail.list({"name", "host.hostname", "path", "ip4.addr"}) do
 >> print(j["jid"] .. " " .. j["ip4.addr"] .. " " .. j["name"] .. " " .. 
j["host.hostname"] .. " " .. j["path"])
 >> end
1 10.0.0.1 dns dns /usr/local/bastille/jails/dns/root
2 10.0.0.10 redmine redmine /usr/local/bastille/jails/redmine/root
3 10.0.0.2 proxy proxy /usr/local/bastille/jails/proxy/root
4 10.0.0.7 prometheus prometheus /usr/local/bastille/jails/prometheus/root
5 10.0.0.5 node-red node-red /usr/local/bastille/jails/node-red/root
6 10.0.0.3 nextcloud nextcloud /usr/local/bastille/jails/nextcloud/root
7 10.0.0.14 nats nats /usr/local/bastille/jails/nats/root
8 10.0.0.13 minio minio /usr/local/bastille/jails/minio/root
9 10.0.0.11 minetest minetest /usr/local/bastille/jails/minetest/root
10 10.0.0.6 mail mail /usr/local/bastille/jails/mail/root
11 10.0.0.4 ldap ldap /usr/local/bastille/jails/ldap/root
12 10.0.0.16 jenkins jenkins /usr/local/bastille/jails/jenkins/root
13 10.0.0.8 grafana grafana /usr/local/bastille/jails/grafana/root
14 10.0.0.9 forgejo forgejo /usr/local/bastille/jails/forgejo/root
50 10.0.0.17 servicehub servicehub /usr/local/bastille/jails/servicehub/root
63 10.0.0.18 webproxy webproxy /usr/local/bastille/jails/webproxy/root
```

:-)

>>> - If not, what are the steps to install or enable it?
>>
>> https://gist.github.com/dch/ec05fa084a58040d4d5760447cd31d0d has a couple of examples in it.

This reference was also very helpful to me - good starting point for 
further exploration.

Kind regards
Matthias