lua: make ffi, load* available

The ffi package has been disabled for over a year and the load*
functions have been disabled for over a year and a half. There's not
really any point trying to fully sandbox the user configuration since it
requires some more invasive changes (require will still happily load
bytecode so it would be necessary to completely overwrite
package.loaders) and it will just get in the way of people trying to do
more interesting things with their configuration.

Author: tesselslate

doc/03_lua_changes.md

@@ -4,7 +4,7 @@ waywall makes use of [LuaJIT], an alternative implementation of Lua 5.1 which
 provides better performance and additional functionality. A list of LuaJIT's
 additions is available [here](https://luajit.org/extensions.html).
 
-> Note: The `ffi` and `jit` packages from LuaJIT are not available in waywall.
+> Note: The `jit` package from LuaJIT is not available in waywall.
 
 ## Instruction count limit
 
@@ -36,11 +36,6 @@ waywall makes a few changes and additions to the Lua standard library:
     - Calling `os.setenv` with a string and nil will unset the given environment
       variable.
 
-There are also a few breaking changes, which are mostly intended to prevent user
-code from causing problems within waywall's address space:
-
-  - `load`, `loadfile`, and `loadstring` are not available
-
 You can refer to the [startup code] to see all of the changes waywall makes in
 more detail.
 

waywall/lua/init.lua

@@ -44,13 +44,7 @@ local priv = _G.priv_waywall
 -- User code should not have access to private Lua API functions.
 _G.priv_waywall = nil
 
--- The load* functions can be used to circumvent security measures in LuaJIT.
-_G.load = nil
-_G.loadfile = nil
-_G.loadstring = nil
-
--- Do not load the ffi and jit extensions.
-package.preload["ffi"] = nil
+-- Do not load the jit extension.
 package.loaded["jit"] = nil
 
 -- pcall and xpcall must be overridden to prevent user code from accidentally