diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-17 16:04:07 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-17 16:04:07 +0100 |
commit | 8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c (patch) | |
tree | 792fd4f45cd3a2baf1d9e9df4df5e9b5c4162916 /hosts/vidhar | |
parent | 69b373acd6079f857462a0653c12e86f74bb00b1 (diff) | |
download | nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar.gz nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar.bz2 nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar.xz nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.zip |
vidhar: ...
Diffstat (limited to 'hosts/vidhar')
-rwxr-xr-x | hosts/vidhar/borg/copy.py | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py index 4858db78..227b7d8a 100755 --- a/hosts/vidhar/borg/copy.py +++ b/hosts/vidhar/borg/copy.py | |||
@@ -96,20 +96,18 @@ def copy_archive(src_repo_path, dst_repo_path, entry): | |||
96 | # print('unshare/chroot', file=stderr) | 96 | # print('unshare/chroot', file=stderr) |
97 | uid, gid = os.getuid(), os.getgid() | 97 | uid, gid = os.getuid(), os.getgid() |
98 | unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER) | 98 | unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER) |
99 | ps_effective = {pyprctl.Cap.SETUID, pyprctl.Cap.SETGID} | 99 | ps_effective = {} # {pyprctl.Cap.SETUID, pyprctl.Cap.SETGID} |
100 | ps_ambient = {pyprctl.Cap.SYS_ADMIN} | 100 | ps_ambient = {pyprctl.Cap.SYS_ADMIN} |
101 | pyprctl.cap_permitted.add(*(ps_effective | ps_ambient)) | 101 | pyprctl.cap_permitted.add(*(ps_effective | ps_ambient)) |
102 | pyprctl.cap_effective.add(*(ps_effective | ps_ambient)) | 102 | pyprctl.cap_effective.add(*(ps_effective | ps_ambient)) |
103 | pyprctl.cap_inheritable.add(*ps_ambient) | 103 | pyprctl.cap_inheritable.add(*ps_ambient) |
104 | pyprctl.cap_ambient.add(*ps_ambient) | 104 | pyprctl.cap_ambient.add(*ps_ambient) |
105 | with open('/proc/self/uid_map', 'r') as uid_map: | ||
106 | print(uid_map.read(), file=stderr) | ||
107 | with open('/proc/self/setgroups', 'w') as setgroups: | 105 | with open('/proc/self/setgroups', 'w') as setgroups: |
108 | setgroups.write('deny') | 106 | setgroups.write('deny') |
109 | with open('/proc/self/uid_map', 'w') as uid_map: | 107 | with open('/proc/self/uid_map', 'w') as uid_map: |
110 | uid_map.write(f'0 0 4294967295') | 108 | uid_map.write(f'0 {uid} 4294967295') |
111 | with open('/proc/self/gid_map', 'w') as gid_map: | 109 | with open('/proc/self/gid_map', 'w') as gid_map: |
112 | gid_map.write(f'0 0 4294967295') | 110 | gid_map.write(f'0 {gid} 4294967295') |
113 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) | 111 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) |
114 | chroot = pathlib.Path(tmpdir) / 'chroot' | 112 | chroot = pathlib.Path(tmpdir) / 'chroot' |
115 | upper = pathlib.Path(tmpdir) / 'upper' | 113 | upper = pathlib.Path(tmpdir) / 'upper' |