summaryrefslogtreecommitdiff
path: root/hosts/vidhar
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-02-17 16:04:07 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-02-17 16:04:07 +0100
commit8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c (patch)
tree792fd4f45cd3a2baf1d9e9df4df5e9b5c4162916 /hosts/vidhar
parent69b373acd6079f857462a0653c12e86f74bb00b1 (diff)
downloadnixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar
nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar.gz
nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar.bz2
nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar.xz
nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.zip
vidhar: ...
Diffstat (limited to 'hosts/vidhar')
-rwxr-xr-xhosts/vidhar/borg/copy.py8
1 files changed, 3 insertions, 5 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py
index 4858db78..227b7d8a 100755
--- a/hosts/vidhar/borg/copy.py
+++ b/hosts/vidhar/borg/copy.py
@@ -96,20 +96,18 @@ def copy_archive(src_repo_path, dst_repo_path, entry):
96 # print('unshare/chroot', file=stderr) 96 # print('unshare/chroot', file=stderr)
97 uid, gid = os.getuid(), os.getgid() 97 uid, gid = os.getuid(), os.getgid()
98 unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER) 98 unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER)
99 ps_effective = {pyprctl.Cap.SETUID, pyprctl.Cap.SETGID} 99 ps_effective = {} # {pyprctl.Cap.SETUID, pyprctl.Cap.SETGID}
100 ps_ambient = {pyprctl.Cap.SYS_ADMIN} 100 ps_ambient = {pyprctl.Cap.SYS_ADMIN}
101 pyprctl.cap_permitted.add(*(ps_effective | ps_ambient)) 101 pyprctl.cap_permitted.add(*(ps_effective | ps_ambient))
102 pyprctl.cap_effective.add(*(ps_effective | ps_ambient)) 102 pyprctl.cap_effective.add(*(ps_effective | ps_ambient))
103 pyprctl.cap_inheritable.add(*ps_ambient) 103 pyprctl.cap_inheritable.add(*ps_ambient)
104 pyprctl.cap_ambient.add(*ps_ambient) 104 pyprctl.cap_ambient.add(*ps_ambient)
105 with open('/proc/self/uid_map', 'r') as uid_map:
106 print(uid_map.read(), file=stderr)
107 with open('/proc/self/setgroups', 'w') as setgroups: 105 with open('/proc/self/setgroups', 'w') as setgroups:
108 setgroups.write('deny') 106 setgroups.write('deny')
109 with open('/proc/self/uid_map', 'w') as uid_map: 107 with open('/proc/self/uid_map', 'w') as uid_map:
110 uid_map.write(f'0 0 4294967295') 108 uid_map.write(f'0 {uid} 4294967295')
111 with open('/proc/self/gid_map', 'w') as gid_map: 109 with open('/proc/self/gid_map', 'w') as gid_map:
112 gid_map.write(f'0 0 4294967295') 110 gid_map.write(f'0 {gid} 4294967295')
113 subprocess.run(['mount', '--make-rprivate', '/'], check=True) 111 subprocess.run(['mount', '--make-rprivate', '/'], check=True)
114 chroot = pathlib.Path(tmpdir) / 'chroot' 112 chroot = pathlib.Path(tmpdir) / 'chroot'
115 upper = pathlib.Path(tmpdir) / 'upper' 113 upper = pathlib.Path(tmpdir) / 'upper'