You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The correct procedure is that instead of running code in the (sandboxed) global state, you create new threads, sandbox them using luaL_sandboxthread and run code inside them.
So, do this once when initializing the VM:
luaL_newstate
luaL_openlibs plus whatever extra global setup for the shared global environment you need via luaL_register / lua_setglobal
luaL_sandbox
... and then do this any time you want to start a new script:
lua_newthread
luaL_sandboxthread
luau_load with bytecode
lua_resume or lua_pcall to run it
luaL_sandboxthread will create a writeable global table for the thread that will refer to the (read-only) shared global environment for unknown keys.
After calling luaL_sandbox, which we are supposed to do apparently (according to https://github.com/luau-lang/luau?tab=readme-ov-file#building), I then execute the script with
lua_pcall(state, 0, LUA_MULTRET, 0);
.In the Lua script, a new function is defined:
But this results in:
1: string: [string "test"]:40: attempt to modify a readonly table
So scripts can't define new functions?
Or are we supposed to execute the script first, then sandbox it? But doesn't this go against the principle of sandboxing in the first place?
The text was updated successfully, but these errors were encountered: