From nobody Mon Dec 30 12:49:16 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YMGBt1xlCz5jvp5 for ; Mon, 30 Dec 2024 12:49:26 +0000 (UTC) (envelope-from matthias@d2ux.net) Received: from www444.your-server.de (www444.your-server.de [136.243.160.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YMGBs39MKz4TQY for ; Mon, 30 Dec 2024 12:49:25 +0000 (UTC) (envelope-from matthias@d2ux.net) Authentication-Results: mx1.freebsd.org; none Received: from sslproxy02.your-server.de ([78.47.166.47]) by www444.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from ) id 1tSFCv-000Hd7-0v; Mon, 30 Dec 2024 13:49:17 +0100 Received: from [87.185.210.171] (helo=mail.localdomain) by sslproxy02.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tSFCv-000DCz-0H; Mon, 30 Dec 2024 13:49:17 +0100 Received: from [192.168.2.29] (celsius.fritz.box [192.168.2.29]) by mail.localdomain (Postfix) with ESMTPSA id B508F8516; Mon, 30 Dec 2024 13:49:16 +0100 (CET) Message-ID: Date: Mon, 30 Dec 2024 13:49:16 +0100 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Using the jail Module with (Base-)Lua on FreeBSD To: Alex Arslan , Dave Cottlehuber Cc: freebsd-questions References: <1de29b99-b23d-4aad-9bbd-2b9df298008b@d2ux.net> <84dccb3a-417d-4074-891c-f9aa418a7161@app.fastmail.com> Content-Language: de-DE From: Matthias Petermann In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Authenticated-Sender: mpeterma@petermann-it.de X-Virus-Scanned: Clear (ClamAV 1.0.7/27503/Mon Dec 30 10:34:51 2024) X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:24940, ipnet:136.243.0.0/16, country:DE] X-Rspamd-Queue-Id: 4YMGBs39MKz4TQY X-Spamd-Bar: ---- Hello Dave and Alex, thank you both for your helpful input! On 12/29/24 23:36, Alex Arslan wrote: >> On Dec 29, 2024, at 2:13 PM, Dave Cottlehuber wrote: >> yes, but I had the same error you did during interactive flua, >> it runs just fine from scripts. Perhaps somebody else can >> explain the difference, and if the jail module can be used from >> plain lua in ports or not. > > As I understand it, the difference between interactive vs. script execution > is that each line evaluated at the REPL is evaluated as its own block, and > variables declared `local` are local to the block. Things should work as > you expect in the REPL if you drop the `local`s, since Lua variables are > in global scope by default. There's a relevant answer on Stack Overflow: > https://stackoverflow.com/a/33155461. Your explanation about the Lua interpreter’s behavior in the interactive REPL clarified the situation for me. Dropping the local keyword resolved the issue immediately—something I should have realized myself, given that it’s a known characteristic of Lua. ``` user@microserver:~ $ /usr/libexec/flua Lua 5.4.6 Copyright (C) 1994-2023 Lua.org, PUC-Rio > jail=require("jail") > jail.list() function: 0x311f496128e0 jail iterator metatable: 0x33cb1ee13af8 > for j in jail.list({"name", "host.hostname", "path", "ip4.addr"}) do >> print(j["jid"] .. " " .. j["ip4.addr"] .. " " .. j["name"] .. " " .. j["host.hostname"] .. " " .. j["path"]) >> end 1 10.0.0.1 dns dns /usr/local/bastille/jails/dns/root 2 10.0.0.10 redmine redmine /usr/local/bastille/jails/redmine/root 3 10.0.0.2 proxy proxy /usr/local/bastille/jails/proxy/root 4 10.0.0.7 prometheus prometheus /usr/local/bastille/jails/prometheus/root 5 10.0.0.5 node-red node-red /usr/local/bastille/jails/node-red/root 6 10.0.0.3 nextcloud nextcloud /usr/local/bastille/jails/nextcloud/root 7 10.0.0.14 nats nats /usr/local/bastille/jails/nats/root 8 10.0.0.13 minio minio /usr/local/bastille/jails/minio/root 9 10.0.0.11 minetest minetest /usr/local/bastille/jails/minetest/root 10 10.0.0.6 mail mail /usr/local/bastille/jails/mail/root 11 10.0.0.4 ldap ldap /usr/local/bastille/jails/ldap/root 12 10.0.0.16 jenkins jenkins /usr/local/bastille/jails/jenkins/root 13 10.0.0.8 grafana grafana /usr/local/bastille/jails/grafana/root 14 10.0.0.9 forgejo forgejo /usr/local/bastille/jails/forgejo/root 50 10.0.0.17 servicehub servicehub /usr/local/bastille/jails/servicehub/root 63 10.0.0.18 webproxy webproxy /usr/local/bastille/jails/webproxy/root ``` :-) >>> - If not, what are the steps to install or enable it? >> >> https://gist.github.com/dch/ec05fa084a58040d4d5760447cd31d0d has a couple of examples in it. This reference was also very helpful to me - good starting point for further exploration. Kind regards Matthias