vidhar: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-02-17 16:36:42 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-02-17 16:36:42 +0100
commit: b72ae2fe4e822e4af562f9a8b704371179d20405 (patch)
tree: c3d7ba124dd6e5ba8a5912fb59906a7ec4dc69b5 /hosts
parent: eabaaa9c7a9adf158bdbcb3c269541cebd4ad21c (diff)
download: nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar
nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar.gz
nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar.bz2
nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar.xz
nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.zip
1 files changed, 9 insertions, 12 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py
index 3cf5f968..5617635b 100755
--- a/hosts/vidhar/borg/copy.py
+++ b/hosts/vidhar/borg/copy.py
@@ -102,24 +102,21 @@ def copy_archive(src_repo_path, dst_repo_path, entry):
            pyprctl.cap_effective.add(*(ps_effective | ps_ambient))
            pyprctl.cap_inheritable.add(*ps_ambient)
            pyprctl.cap_ambient.add(*ps_ambient)
-            with open('/proc/self/setgroups', 'w') as setgroups:
+            # with open('/proc/self/setgroups', 'w') as setgroups:
-                setgroups.write('deny')
+            #     setgroups.write('deny')
-            with open('/proc/self/uid_map', 'w') as uid_map:
+            # with open('/proc/self/uid_map', 'w') as uid_map:
-                uid_map.write(f'0 {uid} 1')
+            #     uid_map.write(f'0 {uid} 1')
-            with open('/proc/self/gid_map', 'w') as gid_map:
+            # with open('/proc/self/gid_map', 'w') as gid_map:
-                gid_map.write(f'0 {gid} 1')
+            #     gid_map.write(f'0 {gid} 1')
            subprocess.run(['mount', '--make-rprivate', '/'], check=True)
            chroot = pathlib.Path(tmpdir) / 'chroot'
-            lower = pathlib.Path(tmpdir) / 'lower'
            upper = pathlib.Path(tmpdir) / 'upper'
            work = pathlib.Path(tmpdir) / 'work'
-            for path in [chroot,lower,upper,work]:
+            for path in [chroot,upper,work]:
                path.mkdir()
            print(f'euid={os.getuid()}', file=stderr)
-            subprocess.run(['stat', '/', lower, upper, work, chroot], check=True)
+            subprocess.run(['stat', '/', upper, work, chroot], check=True)
-            subprocess.run(['mount', '-t', 'shiftfs', '/', lower], check=True)
+            subprocess.run(['mount', '-t', 'overlay', 'overlay', '-o', f'lowerdir=/,upperdir={upper},workdir={work}', chroot], check=True)
-            subprocess.run(['stat', lower], check=True)
-            subprocess.run(['mount', '-t', 'overlay', 'overlay', '-o', f'lowerdir={lower},upperdir={upper},workdir={work}', chroot], check=True)
            bindMounts = ['nix', 'run', 'proc', 'dev', 'sys', pathlib.Path(os.path.expanduser('~')).relative_to('/')]
            if not ":" in src_repo_path:
                bindMounts.append(pathlib.Path(src_repo_path).relative_to('/'))
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-02-17 16:36:42 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-02-17 16:36:42 +0100
commit	b72ae2fe4e822e4af562f9a8b704371179d20405 (patch)
tree	c3d7ba124dd6e5ba8a5912fb59906a7ec4dc69b5 /hosts
parent	eabaaa9c7a9adf158bdbcb3c269541cebd4ad21c (diff)
download	nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar.gz nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar.bz2 nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.tar.xz nixos-b72ae2fe4e822e4af562f9a8b704371179d20405.zip