diff options
-rwxr-xr-x | hosts/vidhar/borg/copy.py | 3 | ||||
-rw-r--r-- | hosts/vidhar/borg/default.nix | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py index 0b863094..cd63146d 100755 --- a/hosts/vidhar/borg/copy.py +++ b/hosts/vidhar/borg/copy.py | |||
@@ -21,6 +21,8 @@ from xdg import xdg_runtime_dir | |||
21 | import pathlib | 21 | import pathlib |
22 | 22 | ||
23 | import unshare | 23 | import unshare |
24 | import pyprctl | ||
25 | |||
24 | import signal | 26 | import signal |
25 | from time import sleep | 27 | from time import sleep |
26 | 28 | ||
@@ -86,6 +88,7 @@ def copy_archive(src_repo_path, dst_repo_path, entry): | |||
86 | # print('unshare/chroot', file=stderr) | 88 | # print('unshare/chroot', file=stderr) |
87 | unshare.unshare(unshare.CLONE_NEWUSER) | 89 | unshare.unshare(unshare.CLONE_NEWUSER) |
88 | unshare.unshare(unshare.CLONE_NEWNS) | 90 | unshare.unshare(unshare.CLONE_NEWNS) |
91 | pyprctl.cap_ambient_raise(pyprctl.SYS_ADMIN) | ||
89 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) | 92 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) |
90 | chroot = pathlib.Path(tmpdir) / 'chroot' | 93 | chroot = pathlib.Path(tmpdir) / 'chroot' |
91 | upper = pathlib.Path(tmpdir) / 'upper' | 94 | upper = pathlib.Path(tmpdir) / 'upper' |
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index 88fcc1ed..cae241d2 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix | |||
@@ -50,7 +50,7 @@ let | |||
50 | 50 | ||
51 | buildInputs = with pkgs; [makeWrapper]; | 51 | buildInputs = with pkgs; [makeWrapper]; |
52 | 52 | ||
53 | python = pkgs.python39.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare halo]); | 53 | python = pkgs.python39.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]); |
54 | 54 | ||
55 | buildPhase = '' | 55 | buildPhase = '' |
56 | substitute $src copy \ | 56 | substitute $src copy \ |