1*7899f917SBaptiste Daroussin.\" 2*7899f917SBaptiste Daroussin.\" SPDX-License-Identifier: BSD-2-Clause 3*7899f917SBaptiste Daroussin.\" 4*7899f917SBaptiste Daroussin.\" Copyright (c) 2020, Ryan Moeller <freqlabs@FreeBSD.org> 5*7899f917SBaptiste Daroussin.\" 6*7899f917SBaptiste Daroussin.\" Redistribution and use in source and binary forms, with or without 7*7899f917SBaptiste Daroussin.\" modification, are permitted provided that the following conditions 8*7899f917SBaptiste Daroussin.\" are met: 9*7899f917SBaptiste Daroussin.\" 1. Redistributions of source code must retain the above copyright 10*7899f917SBaptiste Daroussin.\" notice, this list of conditions and the following disclaimer. 11*7899f917SBaptiste Daroussin.\" 2. Redistributions in binary form must reproduce the above copyright 12*7899f917SBaptiste Daroussin.\" notice, this list of conditions and the following disclaimer in the 13*7899f917SBaptiste Daroussin.\" documentation and/or other materials provided with the distribution. 14*7899f917SBaptiste Daroussin.\" 15*7899f917SBaptiste Daroussin.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16*7899f917SBaptiste Daroussin.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17*7899f917SBaptiste Daroussin.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18*7899f917SBaptiste Daroussin.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19*7899f917SBaptiste Daroussin.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20*7899f917SBaptiste Daroussin.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21*7899f917SBaptiste Daroussin.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22*7899f917SBaptiste Daroussin.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23*7899f917SBaptiste Daroussin.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24*7899f917SBaptiste Daroussin.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25*7899f917SBaptiste Daroussin.\" SUCH DAMAGE. 26*7899f917SBaptiste Daroussin.\" 27*7899f917SBaptiste Daroussin.Dd October 24, 2020 28*7899f917SBaptiste Daroussin.Dt JAIL 3lua 29*7899f917SBaptiste Daroussin.Os 30*7899f917SBaptiste Daroussin.Sh NAME 31*7899f917SBaptiste Daroussin.Nm attach , 32*7899f917SBaptiste Daroussin.Nm getid , 33*7899f917SBaptiste Daroussin.Nm getname , 34*7899f917SBaptiste Daroussin.Nm list , 35*7899f917SBaptiste Daroussin.Nm allparams , 36*7899f917SBaptiste Daroussin.Nm getparams , 37*7899f917SBaptiste Daroussin.Nm remove , 38*7899f917SBaptiste Daroussin.Nm setparams , 39*7899f917SBaptiste Daroussin.Nm CREATE , 40*7899f917SBaptiste Daroussin.Nm UPDATE , 41*7899f917SBaptiste Daroussin.Nm ATTACH , 42*7899f917SBaptiste Daroussin.Nm DYING 43*7899f917SBaptiste Daroussin.Nd Lua binding to 44*7899f917SBaptiste Daroussin.Xr jail 3 45*7899f917SBaptiste Daroussin.Sh SYNOPSIS 46*7899f917SBaptiste Daroussin.Bd -literal 47*7899f917SBaptiste Daroussinlocal jail = require('jail') 48*7899f917SBaptiste Daroussin.Ed 49*7899f917SBaptiste Daroussin.Pp 50*7899f917SBaptiste Daroussin.Bl -tag -width XXXX -compact 51*7899f917SBaptiste Daroussin.It Dv ok, err = jail.attach(jid|name) 52*7899f917SBaptiste Daroussin.It Dv jid, err = jail.getid(name) 53*7899f917SBaptiste Daroussin.It Dv name, err = jail.getname(jid) 54*7899f917SBaptiste Daroussin.It Dv params, err = jail.allparams() 55*7899f917SBaptiste Daroussin.It Dv iter, jail_obj = jail.list([params]) 56*7899f917SBaptiste Daroussin.It Dv jid, res = jail.getparams(jid|name, params [, flags ] ) 57*7899f917SBaptiste Daroussin.It Dv ok, err = jail.remove(jid|name) 58*7899f917SBaptiste Daroussin.It Dv jid, err = jail.setparams(jid|name, params, flags ) 59*7899f917SBaptiste Daroussin.It Dv jail.CREATE 60*7899f917SBaptiste Daroussin.It Dv jail.UPDATE 61*7899f917SBaptiste Daroussin.It Dv jail.ATTACH 62*7899f917SBaptiste Daroussin.It Dv jail.DYING 63*7899f917SBaptiste Daroussin.El 64*7899f917SBaptiste Daroussin.Sh DESCRIPTION 65*7899f917SBaptiste DaroussinThe 66*7899f917SBaptiste Daroussin.Nm jail 67*7899f917SBaptiste Daroussinmodule is a binding to the 68*7899f917SBaptiste Daroussin.Xr jail 3 69*7899f917SBaptiste Daroussinlibrary. 70*7899f917SBaptiste DaroussinIt provides a string-oriented interface for the 71*7899f917SBaptiste Daroussin.Xr jail_get 2 72*7899f917SBaptiste Daroussinand 73*7899f917SBaptiste Daroussin.Xr jail_set 2 74*7899f917SBaptiste Daroussinsystem calls. 75*7899f917SBaptiste Daroussin.Bl -tag -width XXXX 76*7899f917SBaptiste Daroussin.It Dv ok, err = jail.attach(jid|name) 77*7899f917SBaptiste DaroussinAttach to the given jail, identified by an integer 78*7899f917SBaptiste Daroussin.Fa jid 79*7899f917SBaptiste Daroussinor the 80*7899f917SBaptiste Daroussin.Fa name . 81*7899f917SBaptiste Daroussin.It Dv jid, err = jail.getid(name) 82*7899f917SBaptiste DaroussinGet the jail identifier 83*7899f917SBaptiste Daroussin.Pq jid 84*7899f917SBaptiste Daroussinas an integer. 85*7899f917SBaptiste Daroussin.Fa name 86*7899f917SBaptiste Daroussinis the name of a jail or a jid in the form of a string. 87*7899f917SBaptiste Daroussin.It Dv name, err = jail.getname(jid) 88*7899f917SBaptiste DaroussinGet the name of a jail as a string for the given 89*7899f917SBaptiste Daroussin.Fa jid 90*7899f917SBaptiste Daroussin.Pq an integer . 91*7899f917SBaptiste Daroussin.It Dv iter, jail_obj = jail.list([params]) 92*7899f917SBaptiste DaroussinReturns an iterator over running jails on the system. 93*7899f917SBaptiste Daroussin.Dv params 94*7899f917SBaptiste Daroussinis a list of parameters to fetch for each jail as we iterate. 95*7899f917SBaptiste Daroussin.Dv jid 96*7899f917SBaptiste Daroussinand 97*7899f917SBaptiste Daroussin.Dv name 98*7899f917SBaptiste Daroussinwill always be returned, and may be omitted from 99*7899f917SBaptiste Daroussin.Dv params . 100*7899f917SBaptiste DaroussinAdditionally, 101*7899f917SBaptiste Daroussin.Dv params 102*7899f917SBaptiste Daroussinmay be omitted or an empty table, but not nil. 103*7899f917SBaptiste Daroussin.Pp 104*7899f917SBaptiste DaroussinSee 105*7899f917SBaptiste Daroussin.Sx EXAMPLES . 106*7899f917SBaptiste Daroussin.It Dv params, err = jail.allparams() 107*7899f917SBaptiste DaroussinGet a list of all supported parameter names 108*7899f917SBaptiste Daroussin.Pq as strings . 109*7899f917SBaptiste DaroussinSee 110*7899f917SBaptiste Daroussin.Xr jail 8 111*7899f917SBaptiste Daroussinfor descriptions of the core jail parameters. 112*7899f917SBaptiste Daroussin.It Dv jid, res = jail.getparams(jid|name, params [, flags ] ) 113*7899f917SBaptiste DaroussinGet a table of the requested parameters for the given jail. 114*7899f917SBaptiste Daroussin.Nm jid|name 115*7899f917SBaptiste Daroussincan either be the jid as an integer or the jid or name as a string. 116*7899f917SBaptiste Daroussin.Nm params 117*7899f917SBaptiste Daroussinis a list of parameter names. 118*7899f917SBaptiste Daroussin.Nm flags 119*7899f917SBaptiste Daroussinis an optional integer representing the flag bits to apply for the operation. 120*7899f917SBaptiste DaroussinSee the list of flags below. 121*7899f917SBaptiste DaroussinOnly the 122*7899f917SBaptiste Daroussin.Dv DYING 123*7899f917SBaptiste Daroussinflag is valid to set. 124*7899f917SBaptiste Daroussin.It Dv ok, err = jail.remove(jid|name) 125*7899f917SBaptiste DaroussinRemove the given jail, identified by an integer 126*7899f917SBaptiste Daroussin.Fa jid 127*7899f917SBaptiste Daroussinor the 128*7899f917SBaptiste Daroussin.Fa name . 129*7899f917SBaptiste Daroussin.It Dv jid, err = jail.setparams(jid|name, params [, flags ] ) 130*7899f917SBaptiste DaroussinSet parameters for a given jail. 131*7899f917SBaptiste DaroussinThis is used to create, update, attach to, or destroy a jail. 132*7899f917SBaptiste Daroussin.Nm jid|name 133*7899f917SBaptiste Daroussincan either be the jid as an integer or the jid or name as a string. 134*7899f917SBaptiste Daroussin.Nm params 135*7899f917SBaptiste Daroussinis a table of parameters to apply to the jail, where each key in the table 136*7899f917SBaptiste Daroussinis a parameter name as a string and each value is a string that will be 137*7899f917SBaptiste Daroussinconverted to the internal value type by 138*7899f917SBaptiste Daroussin.Xr jailparam_import 3 . 139*7899f917SBaptiste Daroussin.Nm flags 140*7899f917SBaptiste Daroussinis an optional integer representing the flag bits to apply for the operation. 141*7899f917SBaptiste DaroussinSee the list of flags below. 142*7899f917SBaptiste Daroussin.El 143*7899f917SBaptiste Daroussin.Pp 144*7899f917SBaptiste DaroussinThe 145*7899f917SBaptiste Daroussin.Nm flags 146*7899f917SBaptiste Daroussinarguments are an integer bitwise-or combination of one or more of the following 147*7899f917SBaptiste Daroussinflags: 148*7899f917SBaptiste Daroussin.Bl -tag -width XXXX 149*7899f917SBaptiste Daroussin.It Dv jail.CREATE 150*7899f917SBaptiste DaroussinUsed with 151*7899f917SBaptiste Daroussin.Fn setparams 152*7899f917SBaptiste Daroussinto create a new jail. 153*7899f917SBaptiste DaroussinThe jail must not already exist, unless combined with 154*7899f917SBaptiste Daroussin.Dv UPDATE . 155*7899f917SBaptiste Daroussin.It Dv jail.UPDATE 156*7899f917SBaptiste DaroussinUsed with 157*7899f917SBaptiste Daroussin.Fn setparams 158*7899f917SBaptiste Daroussinto modify an existing jail. 159*7899f917SBaptiste DaroussinThe jail must already exist, unless combined with 160*7899f917SBaptiste Daroussin.Dv CREATE . 161*7899f917SBaptiste Daroussin.It Dv jail.ATTACH 162*7899f917SBaptiste DaroussinUsed with 163*7899f917SBaptiste Daroussin.Fn setparams 164*7899f917SBaptiste Daroussinin combination with 165*7899f917SBaptiste Daroussin.Dv CREATE 166*7899f917SBaptiste Daroussinor 167*7899f917SBaptiste Daroussin.Dv UPDATE 168*7899f917SBaptiste Daroussinto attach the current process to a jail. 169*7899f917SBaptiste Daroussin.It Dv jail.DYING 170*7899f917SBaptiste DaroussinAllow operating on a jail that is in the process of being removed. 171*7899f917SBaptiste Daroussin.El 172*7899f917SBaptiste Daroussin.Sh RETURN VALUES 173*7899f917SBaptiste DaroussinThe 174*7899f917SBaptiste Daroussin.Fn getid 175*7899f917SBaptiste Daroussinand 176*7899f917SBaptiste Daroussin.Fn setparams 177*7899f917SBaptiste Daroussinfunctions return a jail identifier integer on success, or 178*7899f917SBaptiste Daroussin.Dv nil 179*7899f917SBaptiste Daroussinand an error message string if an error occurred. 180*7899f917SBaptiste Daroussin.Pp 181*7899f917SBaptiste DaroussinThe 182*7899f917SBaptiste Daroussin.Fn getname 183*7899f917SBaptiste Daroussinfunction returns a jail name string on success, or 184*7899f917SBaptiste Daroussin.Dv nil 185*7899f917SBaptiste Daroussinand an error message string if an error occurred. 186*7899f917SBaptiste Daroussin.Pp 187*7899f917SBaptiste DaroussinThe 188*7899f917SBaptiste Daroussin.Fn allparams 189*7899f917SBaptiste Daroussinfunction returns a list of parameter name strings on success, or 190*7899f917SBaptiste Daroussin.Dv nil 191*7899f917SBaptiste Daroussinand an error message string if an error occurred. 192*7899f917SBaptiste Daroussin.Pp 193*7899f917SBaptiste DaroussinThe 194*7899f917SBaptiste Daroussin.Fn getparams 195*7899f917SBaptiste Daroussinfunction returns a jail identifier integer and a table of jail parameters 196*7899f917SBaptiste Daroussinwith parameter name strings as keys and strings for values on success, or 197*7899f917SBaptiste Daroussin.Dv nil 198*7899f917SBaptiste Daroussinand an error message string if an error occurred. 199*7899f917SBaptiste Daroussin.Pp 200*7899f917SBaptiste DaroussinThe 201*7899f917SBaptiste Daroussin.Fn list 202*7899f917SBaptiste Daroussinfunction returns an iterator over the list of running jails. 203*7899f917SBaptiste Daroussin.Pp 204*7899f917SBaptiste DaroussinThe 205*7899f917SBaptiste Daroussin.Fn attach 206*7899f917SBaptiste Daroussinand 207*7899f917SBaptiste Daroussin.Fn remove 208*7899f917SBaptiste Daroussinfunctions return true on success, or 209*7899f917SBaptiste Daroussin.Dv nil 210*7899f917SBaptiste Daroussinand an error message string if an error occurred. 211*7899f917SBaptiste Daroussin.Sh EXAMPLES 212*7899f917SBaptiste DaroussinSet the hostname of jail 213*7899f917SBaptiste Daroussin.Dq foo 214*7899f917SBaptiste Daroussinto 215*7899f917SBaptiste Daroussin.Dq foo.bar : 216*7899f917SBaptiste Daroussin.Bd -literal -offset indent 217*7899f917SBaptiste Daroussinlocal jail = require('jail') 218*7899f917SBaptiste Daroussin 219*7899f917SBaptiste Daroussinjid, err = jail.setparams("foo", {["host.hostname"]="foo.bar"}, 220*7899f917SBaptiste Daroussin jail.UPDATE) 221*7899f917SBaptiste Daroussinif not jid then 222*7899f917SBaptiste Daroussin error(err) 223*7899f917SBaptiste Daroussinend 224*7899f917SBaptiste Daroussin.Ed 225*7899f917SBaptiste Daroussin.Pp 226*7899f917SBaptiste DaroussinRetrieve the hostname of jail 227*7899f917SBaptiste Daroussin.Dq foo : 228*7899f917SBaptiste Daroussin.Bd -literal -offset indent 229*7899f917SBaptiste Daroussinlocal jail = require('jail') 230*7899f917SBaptiste Daroussin 231*7899f917SBaptiste Daroussinjid, res = jail.getparams("foo", {"host.hostname"}) 232*7899f917SBaptiste Daroussinif not jid then 233*7899f917SBaptiste Daroussin error(res) 234*7899f917SBaptiste Daroussinend 235*7899f917SBaptiste Daroussinprint(res["host.hostname"]) 236*7899f917SBaptiste Daroussin.Ed 237*7899f917SBaptiste Daroussin.Pp 238*7899f917SBaptiste DaroussinIterate over jails on the system: 239*7899f917SBaptiste Daroussin.Bd -literal -offset indent 240*7899f917SBaptiste Daroussinlocal jail = require('jail') 241*7899f917SBaptiste Daroussin 242*7899f917SBaptiste Daroussin-- Recommended: just loop over it 243*7899f917SBaptiste Daroussinfor jparams in jail.list() do 244*7899f917SBaptiste Daroussin print(jparams["jid"] .. " = " .. jparams["name"]) 245*7899f917SBaptiste Daroussinend 246*7899f917SBaptiste Daroussin 247*7899f917SBaptiste Daroussin-- Request path and hostname, too 248*7899f917SBaptiste Daroussinfor jparams in jail.list({"path", "host.hostname"}) do 249*7899f917SBaptiste Daroussin print(jparams["host.hostname"] .. " mounted at " .. jparams["path"]) 250*7899f917SBaptiste Daroussinend 251*7899f917SBaptiste Daroussin 252*7899f917SBaptiste Daroussin-- Raw iteration protocol 253*7899f917SBaptiste Daroussinlocal iter, jail_obj = jail.list() 254*7899f917SBaptiste Daroussin 255*7899f917SBaptiste Daroussin-- Request the first params 256*7899f917SBaptiste Daroussinlocal jparams = jail_obj:next() 257*7899f917SBaptiste Daroussinwhile jparams do 258*7899f917SBaptiste Daroussin print(jparams["jid"] .. " = " .. jparams["name"]) 259*7899f917SBaptiste Daroussin -- Subsequent calls may return nil 260*7899f917SBaptiste Daroussin jparams = jail_obj:next() 261*7899f917SBaptiste Daroussinend 262*7899f917SBaptiste Daroussin.Ed 263*7899f917SBaptiste Daroussin.Sh SEE ALSO 264*7899f917SBaptiste Daroussin.Xr jail 2 , 265*7899f917SBaptiste Daroussin.Xr jail 3 , 266*7899f917SBaptiste Daroussin.Xr jail 8 267*7899f917SBaptiste Daroussin.Sh HISTORY 268*7899f917SBaptiste DaroussinThe 269*7899f917SBaptiste Daroussin.Nm jail 270*7899f917SBaptiste DaroussinLua module for flua first appeared in 271*7899f917SBaptiste Daroussin.Fx 13.0 . 272*7899f917SBaptiste Daroussin.Sh AUTHORS 273*7899f917SBaptiste Daroussin.An Ryan Moeller , 274*7899f917SBaptiste Daroussinwith inspiration from 275*7899f917SBaptiste Daroussin.Nx 276*7899f917SBaptiste Daroussingpio(3lua), by 277*7899f917SBaptiste Daroussin.An Mark Balmer . 278