summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xhosts/vidhar/borg/copy.py9
1 files changed, 6 insertions, 3 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py
index ab5e027d..1a415732 100755
--- a/hosts/vidhar/borg/copy.py
+++ b/hosts/vidhar/borg/copy.py
@@ -96,6 +96,12 @@ def copy_archive(src_repo_path, dst_repo_path, entry):
96 # print('unshare/chroot', file=stderr) 96 # print('unshare/chroot', file=stderr)
97 uid, gid = os.getuid(), os.getgid() 97 uid, gid = os.getuid(), os.getgid()
98 unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER) 98 unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER)
99 ps_effective = set(pyprctl.Cap.SETUID, pyprctl.Cap.SETGID)
100 ps_ambient = set(pyprctl.Cap.SYS_ADMIN)
101 pyprctl.cap_permitted.add(*(ps_effective + ps_ambient))
102 pyprctl.cap_effective.add(*(ps_effective + ps_ambient))
103 pyprctl.cap_inheritable.add(*ps_ambient)
104 pyprctl.cap_ambient.add(*ps_ambient)
99 with open('/proc/self/uid_map', 'r') as uid_map: 105 with open('/proc/self/uid_map', 'r') as uid_map:
100 print(uid_map.read(), file=stderr) 106 print(uid_map.read(), file=stderr)
101 with open('/proc/self/setgroups', 'w') as setgroups: 107 with open('/proc/self/setgroups', 'w') as setgroups:
@@ -104,9 +110,6 @@ def copy_archive(src_repo_path, dst_repo_path, entry):
104 uid_map.write(f'0 0 4294967295') 110 uid_map.write(f'0 0 4294967295')
105 with open('/proc/self/gid_map', 'w') as gid_map: 111 with open('/proc/self/gid_map', 'w') as gid_map:
106 gid_map.write(f'0 0 4294967295') 112 gid_map.write(f'0 0 4294967295')
107 pyprctl.cap_permitted.sys_admin = True
108 pyprctl.cap_inheritable.sys_admin = True
109 pyprctl.cap_ambient.sys_admin = True
110 subprocess.run(['mount', '--make-rprivate', '/'], check=True) 113 subprocess.run(['mount', '--make-rprivate', '/'], check=True)
111 chroot = pathlib.Path(tmpdir) / 'chroot' 114 chroot = pathlib.Path(tmpdir) / 'chroot'
112 upper = pathlib.Path(tmpdir) / 'upper' 115 upper = pathlib.Path(tmpdir) / 'upper'