From b72ae2fe4e822e4af562f9a8b704371179d20405 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 17 Feb 2022 16:36:42 +0100
Subject: vidhar: ...

---
 hosts/vidhar/borg/copy.py | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

(limited to 'hosts/vidhar')

diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py
index 3cf5f968..5617635b 100755
--- a/hosts/vidhar/borg/copy.py
+++ b/hosts/vidhar/borg/copy.py
@@ -102,24 +102,21 @@ def copy_archive(src_repo_path, dst_repo_path, entry):
             pyprctl.cap_effective.add(*(ps_effective | ps_ambient))
             pyprctl.cap_inheritable.add(*ps_ambient)
             pyprctl.cap_ambient.add(*ps_ambient)
-            with open('/proc/self/setgroups', 'w') as setgroups:
-                setgroups.write('deny')
-            with open('/proc/self/uid_map', 'w') as uid_map:
-                uid_map.write(f'0 {uid} 1')
-            with open('/proc/self/gid_map', 'w') as gid_map:
-                gid_map.write(f'0 {gid} 1')
+            # with open('/proc/self/setgroups', 'w') as setgroups:
+            #     setgroups.write('deny')
+            # with open('/proc/self/uid_map', 'w') as uid_map:
+            #     uid_map.write(f'0 {uid} 1')
+            # with open('/proc/self/gid_map', 'w') as gid_map:
+            #     gid_map.write(f'0 {gid} 1')
             subprocess.run(['mount', '--make-rprivate', '/'], check=True)
             chroot = pathlib.Path(tmpdir) / 'chroot'
-            lower = pathlib.Path(tmpdir) / 'lower'
             upper = pathlib.Path(tmpdir) / 'upper'
             work = pathlib.Path(tmpdir) / 'work'
-            for path in [chroot,lower,upper,work]:
+            for path in [chroot,upper,work]:
                 path.mkdir()
             print(f'euid={os.getuid()}', file=stderr)
-            subprocess.run(['stat', '/', lower, upper, work, chroot], check=True)
-            subprocess.run(['mount', '-t', 'shiftfs', '/', lower], check=True)
-            subprocess.run(['stat', lower], check=True)
-            subprocess.run(['mount', '-t', 'overlay', 'overlay', '-o', f'lowerdir={lower},upperdir={upper},workdir={work}', chroot], check=True)
+            subprocess.run(['stat', '/', upper, work, chroot], check=True)
+            subprocess.run(['mount', '-t', 'overlay', 'overlay', '-o', f'lowerdir=/,upperdir={upper},workdir={work}', chroot], check=True)
             bindMounts = ['nix', 'run', 'proc', 'dev', 'sys', pathlib.Path(os.path.expanduser('~')).relative_to('/')]
             if not ":" in src_repo_path:
                 bindMounts.append(pathlib.Path(src_repo_path).relative_to('/'))
-- 
cgit v1.2.3