diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-17 16:04:07 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-17 16:04:07 +0100 |
| commit | 8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c (patch) | |
| tree | 792fd4f45cd3a2baf1d9e9df4df5e9b5c4162916 /hosts | |
| parent | 69b373acd6079f857462a0653c12e86f74bb00b1 (diff) | |
| download | nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar.gz nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar.bz2 nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.tar.xz nixos-8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c.zip | |
vidhar: ...
Diffstat (limited to 'hosts')
| -rwxr-xr-x | hosts/vidhar/borg/copy.py | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py index 4858db78..227b7d8a 100755 --- a/hosts/vidhar/borg/copy.py +++ b/hosts/vidhar/borg/copy.py | |||
| @@ -96,20 +96,18 @@ def copy_archive(src_repo_path, dst_repo_path, entry): | |||
| 96 | # print('unshare/chroot', file=stderr) | 96 | # print('unshare/chroot', file=stderr) |
| 97 | uid, gid = os.getuid(), os.getgid() | 97 | uid, gid = os.getuid(), os.getgid() |
| 98 | unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER) | 98 | unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER) |
| 99 | ps_effective = {pyprctl.Cap.SETUID, pyprctl.Cap.SETGID} | 99 | ps_effective = {} # {pyprctl.Cap.SETUID, pyprctl.Cap.SETGID} |
| 100 | ps_ambient = {pyprctl.Cap.SYS_ADMIN} | 100 | ps_ambient = {pyprctl.Cap.SYS_ADMIN} |
| 101 | pyprctl.cap_permitted.add(*(ps_effective | ps_ambient)) | 101 | pyprctl.cap_permitted.add(*(ps_effective | ps_ambient)) |
| 102 | pyprctl.cap_effective.add(*(ps_effective | ps_ambient)) | 102 | pyprctl.cap_effective.add(*(ps_effective | ps_ambient)) |
| 103 | pyprctl.cap_inheritable.add(*ps_ambient) | 103 | pyprctl.cap_inheritable.add(*ps_ambient) |
| 104 | pyprctl.cap_ambient.add(*ps_ambient) | 104 | pyprctl.cap_ambient.add(*ps_ambient) |
| 105 | with open('/proc/self/uid_map', 'r') as uid_map: | ||
| 106 | print(uid_map.read(), file=stderr) | ||
| 107 | with open('/proc/self/setgroups', 'w') as setgroups: | 105 | with open('/proc/self/setgroups', 'w') as setgroups: |
| 108 | setgroups.write('deny') | 106 | setgroups.write('deny') |
| 109 | with open('/proc/self/uid_map', 'w') as uid_map: | 107 | with open('/proc/self/uid_map', 'w') as uid_map: |
| 110 | uid_map.write(f'0 0 4294967295') | 108 | uid_map.write(f'0 {uid} 4294967295') |
| 111 | with open('/proc/self/gid_map', 'w') as gid_map: | 109 | with open('/proc/self/gid_map', 'w') as gid_map: |
| 112 | gid_map.write(f'0 0 4294967295') | 110 | gid_map.write(f'0 {gid} 4294967295') |
| 113 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) | 111 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) |
| 114 | chroot = pathlib.Path(tmpdir) / 'chroot' | 112 | chroot = pathlib.Path(tmpdir) / 'chroot' |
| 115 | upper = pathlib.Path(tmpdir) / 'upper' | 113 | upper = pathlib.Path(tmpdir) / 'upper' |