diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-17 16:36:42 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-17 16:36:42 +0100 |
commit | b72ae2fe4e822e4af562f9a8b704371179d20405 (patch) | |
tree | c3d7ba124dd6e5ba8a5912fb59906a7ec4dc69b5 /hosts/vidhar | |
parent | eabaaa9c7a9adf158bdbcb3c269541cebd4ad21c (diff) | |
download | nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar.gz nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar.bz2 nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar.xz nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.zip |
vidhar: ...
Diffstat (limited to 'hosts/vidhar')
-rwxr-xr-x | hosts/vidhar/borg/copy.py | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py index 3cf5f968..5617635b 100755 --- a/hosts/vidhar/borg/copy.py +++ b/hosts/vidhar/borg/copy.py | |||
@@ -102,24 +102,21 @@ def copy_archive(src_repo_path, dst_repo_path, entry): | |||
102 | pyprctl.cap_effective.add(*(ps_effective | ps_ambient)) | 102 | pyprctl.cap_effective.add(*(ps_effective | ps_ambient)) |
103 | pyprctl.cap_inheritable.add(*ps_ambient) | 103 | pyprctl.cap_inheritable.add(*ps_ambient) |
104 | pyprctl.cap_ambient.add(*ps_ambient) | 104 | pyprctl.cap_ambient.add(*ps_ambient) |
105 | with open('/proc/self/setgroups', 'w') as setgroups: | 105 | # with open('/proc/self/setgroups', 'w') as setgroups: |
106 | setgroups.write('deny') | 106 | # setgroups.write('deny') |
107 | with open('/proc/self/uid_map', 'w') as uid_map: | 107 | # with open('/proc/self/uid_map', 'w') as uid_map: |
108 | uid_map.write(f'0 {uid} 1') | 108 | # uid_map.write(f'0 {uid} 1') |
109 | with open('/proc/self/gid_map', 'w') as gid_map: | 109 | # with open('/proc/self/gid_map', 'w') as gid_map: |
110 | gid_map.write(f'0 {gid} 1') | 110 | # gid_map.write(f'0 {gid} 1') |
111 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) | 111 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) |
112 | chroot = pathlib.Path(tmpdir) / 'chroot' | 112 | chroot = pathlib.Path(tmpdir) / 'chroot' |
113 | lower = pathlib.Path(tmpdir) / 'lower' | ||
114 | upper = pathlib.Path(tmpdir) / 'upper' | 113 | upper = pathlib.Path(tmpdir) / 'upper' |
115 | work = pathlib.Path(tmpdir) / 'work' | 114 | work = pathlib.Path(tmpdir) / 'work' |
116 | for path in [chroot,lower,upper,work]: | 115 | for path in [chroot,upper,work]: |
117 | path.mkdir() | 116 | path.mkdir() |
118 | print(f'euid={os.getuid()}', file=stderr) | 117 | print(f'euid={os.getuid()}', file=stderr) |
119 | subprocess.run(['stat', '/', lower, upper, work, chroot], check=True) | 118 | subprocess.run(['stat', '/', upper, work, chroot], check=True) |
120 | subprocess.run(['mount', '-t', 'shiftfs', '/', lower], check=True) | 119 | subprocess.run(['mount', '-t', 'overlay', 'overlay', '-o', f'lowerdir=/,upperdir={upper},workdir={work}', chroot], check=True) |
121 | subprocess.run(['stat', lower], check=True) | ||
122 | subprocess.run(['mount', '-t', 'overlay', 'overlay', '-o', f'lowerdir={lower},upperdir={upper},workdir={work}', chroot], check=True) | ||
123 | bindMounts = ['nix', 'run', 'proc', 'dev', 'sys', pathlib.Path(os.path.expanduser('~')).relative_to('/')] | 120 | bindMounts = ['nix', 'run', 'proc', 'dev', 'sys', pathlib.Path(os.path.expanduser('~')).relative_to('/')] |
124 | if not ":" in src_repo_path: | 121 | if not ":" in src_repo_path: |
125 | bindMounts.append(pathlib.Path(src_repo_path).relative_to('/')) | 122 | bindMounts.append(pathlib.Path(src_repo_path).relative_to('/')) |