From a6589c75e19a1882a5d7e87e14200ce921c10da2 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 17 Feb 2022 13:42:53 +0100
Subject: vidhar: ...

---
 hosts/vidhar/borg/copy.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py
index 98de51dd..38502a28 100755
--- a/hosts/vidhar/borg/copy.py
+++ b/hosts/vidhar/borg/copy.py
@@ -87,12 +87,13 @@ def copy_archive(src_repo_path, dst_repo_path, entry):
             # print('unshare/chroot', file=stderr)
             uid_map_content = f'0 {os.getuid()} 1'
             gid_map_content = f'0 {os.getgid()} 1'
-            unshare.unshare(unshare.CLONE_NEWUSER)
+            unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER)
+            with open('/proc/self/setgroups', 'w') as setgroups:
+                setgroups.write('deny')
             with open('/proc/self/uid_map', 'w') as uid_map:
                 uid_map.write(uid_map_content)
             with open('/proc/self/gid_map', 'w') as gid_map:
                 gid_map.write(gid_map_content)
-            unshare.unshare(unshare.CLONE_NEWNS)
             subprocess.run(['mount', '--make-rprivate', '/'], check=True)
             chroot = pathlib.Path(tmpdir) / 'chroot'
             upper = pathlib.Path(tmpdir) / 'upper'
-- 
cgit v1.2.3