aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules
diff options
context:
space:
mode:
Diffstat (limited to 'nixops/modules')
-rw-r--r--nixops/modules/pub/restrict4
1 files changed, 0 insertions, 4 deletions
diff --git a/nixops/modules/pub/restrict b/nixops/modules/pub/restrict
index 6204aa2..b2f3be3 100644
--- a/nixops/modules/pub/restrict
+++ b/nixops/modules/pub/restrict
@@ -2,7 +2,6 @@
2user="$1" 2user="$1"
3rootuser="$HOME/$user/" 3rootuser="$HOME/$user/"
4mkdir -p $rootuser 4mkdir -p $rootuser
5mkdir -p $HOME/$user-nixstore
6 5
7orig="$SSH_ORIGINAL_COMMAND" 6orig="$SSH_ORIGINAL_COMMAND"
8if [ -z "$orig" ]; then 7if [ -z "$orig" ]; then
@@ -29,7 +28,6 @@ rsync*)
29 28
30 set -euo pipefail 29 set -euo pipefail
31 (exec -c bwrap --ro-bind /usr /usr \ 30 (exec -c bwrap --ro-bind /usr /usr \
32 --bind /var/lib/pub/$user-nixstore /nix \
33 --args 10 \ 31 --args 10 \
34 --dir /tmp \ 32 --dir /tmp \
35 --dir /var \ 33 --dir /var \
@@ -46,7 +44,6 @@ rsync*)
46 --bind /var/lib/pub/$user /var/lib/pub \ 44 --bind /var/lib/pub/$user /var/lib/pub \
47 --dir /var/lib/commons \ 45 --dir /var/lib/commons \
48 --ro-bind $TMUX_RESTRICT /var/lib/commons/tmux.restrict.conf \ 46 --ro-bind $TMUX_RESTRICT /var/lib/commons/tmux.restrict.conf \
49 --file 9 /var/lib/commons/nix-dump \
50 --chdir /var/lib/pub \ 47 --chdir /var/lib/pub \
51 --unshare-all \ 48 --unshare-all \
52 --share-net \ 49 --share-net \
@@ -60,7 +57,6 @@ rsync*)
60 --file 11 /etc/passwd \ 57 --file 11 /etc/passwd \
61 --file 12 /etc/group \ 58 --file 12 /etc/group \
62 -- $orig) \ 59 -- $orig) \
63 9< <(nix-store --dump-db) \
64 10< <(nix_store_paths) \ 60 10< <(nix_store_paths) \
65 11< <(getent passwd $UID 65534) \ 61 11< <(getent passwd $UID 65534) \
66 12< <(getent group $(id -g) 65534) 62 12< <(getent group $(id -g) 65534)