From 8d439cb16fde604a8fb8d7b12f6c9ffd137baf2c Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 17 Feb 2022 16:04:07 +0100 Subject: vidhar: ... --- hosts/vidhar/borg/copy.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py index 4858db78..227b7d8a 100755 --- a/hosts/vidhar/borg/copy.py +++ b/hosts/vidhar/borg/copy.py @@ -96,20 +96,18 @@ def copy_archive(src_repo_path, dst_repo_path, entry): # print('unshare/chroot', file=stderr) uid, gid = os.getuid(), os.getgid() unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER) - ps_effective = {pyprctl.Cap.SETUID, pyprctl.Cap.SETGID} + ps_effective = {} # {pyprctl.Cap.SETUID, pyprctl.Cap.SETGID} ps_ambient = {pyprctl.Cap.SYS_ADMIN} pyprctl.cap_permitted.add(*(ps_effective | ps_ambient)) pyprctl.cap_effective.add(*(ps_effective | ps_ambient)) pyprctl.cap_inheritable.add(*ps_ambient) pyprctl.cap_ambient.add(*ps_ambient) - with open('/proc/self/uid_map', 'r') as uid_map: - print(uid_map.read(), file=stderr) with open('/proc/self/setgroups', 'w') as setgroups: setgroups.write('deny') with open('/proc/self/uid_map', 'w') as uid_map: - uid_map.write(f'0 0 4294967295') + uid_map.write(f'0 {uid} 4294967295') with open('/proc/self/gid_map', 'w') as gid_map: - gid_map.write(f'0 0 4294967295') + gid_map.write(f'0 {gid} 4294967295') subprocess.run(['mount', '--make-rprivate', '/'], check=True) chroot = pathlib.Path(tmpdir) / 'chroot' upper = pathlib.Path(tmpdir) / 'upper' -- cgit v1.2.3