diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-17 13:42:53 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-17 13:42:53 +0100 |
commit | a6589c75e19a1882a5d7e87e14200ce921c10da2 (patch) | |
tree | 35d65b46dec137de29bdd2917317c035dd1dbe70 /hosts/vidhar/borg | |
parent | 4298702d69454cba1c2bcfad6ee4d644c256fce8 (diff) | |
download | nixos-a6589c75e19a1882a5d7e87e14200ce921c10da2.tar nixos-a6589c75e19a1882a5d7e87e14200ce921c10da2.tar.gz nixos-a6589c75e19a1882a5d7e87e14200ce921c10da2.tar.bz2 nixos-a6589c75e19a1882a5d7e87e14200ce921c10da2.tar.xz nixos-a6589c75e19a1882a5d7e87e14200ce921c10da2.zip |
vidhar: ...
Diffstat (limited to 'hosts/vidhar/borg')
-rwxr-xr-x | hosts/vidhar/borg/copy.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py index 98de51dd..38502a28 100755 --- a/hosts/vidhar/borg/copy.py +++ b/hosts/vidhar/borg/copy.py | |||
@@ -87,12 +87,13 @@ def copy_archive(src_repo_path, dst_repo_path, entry): | |||
87 | # print('unshare/chroot', file=stderr) | 87 | # print('unshare/chroot', file=stderr) |
88 | uid_map_content = f'0 {os.getuid()} 1' | 88 | uid_map_content = f'0 {os.getuid()} 1' |
89 | gid_map_content = f'0 {os.getgid()} 1' | 89 | gid_map_content = f'0 {os.getgid()} 1' |
90 | unshare.unshare(unshare.CLONE_NEWUSER) | 90 | unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER) |
91 | with open('/proc/self/setgroups', 'w') as setgroups: | ||
92 | setgroups.write('deny') | ||
91 | with open('/proc/self/uid_map', 'w') as uid_map: | 93 | with open('/proc/self/uid_map', 'w') as uid_map: |
92 | uid_map.write(uid_map_content) | 94 | uid_map.write(uid_map_content) |
93 | with open('/proc/self/gid_map', 'w') as gid_map: | 95 | with open('/proc/self/gid_map', 'w') as gid_map: |
94 | gid_map.write(gid_map_content) | 96 | gid_map.write(gid_map_content) |
95 | unshare.unshare(unshare.CLONE_NEWNS) | ||
96 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) | 97 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) |
97 | chroot = pathlib.Path(tmpdir) / 'chroot' | 98 | chroot = pathlib.Path(tmpdir) / 'chroot' |
98 | upper = pathlib.Path(tmpdir) / 'upper' | 99 | upper = pathlib.Path(tmpdir) / 'upper' |