diff options
Diffstat (limited to 'nixops/modules')
-rw-r--r-- | nixops/modules/pub/restrict | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/nixops/modules/pub/restrict b/nixops/modules/pub/restrict index 6204aa2..b2f3be3 100644 --- a/nixops/modules/pub/restrict +++ b/nixops/modules/pub/restrict | |||
@@ -2,7 +2,6 @@ | |||
2 | user="$1" | 2 | user="$1" |
3 | rootuser="$HOME/$user/" | 3 | rootuser="$HOME/$user/" |
4 | mkdir -p $rootuser | 4 | mkdir -p $rootuser |
5 | mkdir -p $HOME/$user-nixstore | ||
6 | 5 | ||
7 | orig="$SSH_ORIGINAL_COMMAND" | 6 | orig="$SSH_ORIGINAL_COMMAND" |
8 | if [ -z "$orig" ]; then | 7 | if [ -z "$orig" ]; then |
@@ -29,7 +28,6 @@ rsync*) | |||
29 | 28 | ||
30 | set -euo pipefail | 29 | set -euo pipefail |
31 | (exec -c bwrap --ro-bind /usr /usr \ | 30 | (exec -c bwrap --ro-bind /usr /usr \ |
32 | --bind /var/lib/pub/$user-nixstore /nix \ | ||
33 | --args 10 \ | 31 | --args 10 \ |
34 | --dir /tmp \ | 32 | --dir /tmp \ |
35 | --dir /var \ | 33 | --dir /var \ |
@@ -46,7 +44,6 @@ rsync*) | |||
46 | --bind /var/lib/pub/$user /var/lib/pub \ | 44 | --bind /var/lib/pub/$user /var/lib/pub \ |
47 | --dir /var/lib/commons \ | 45 | --dir /var/lib/commons \ |
48 | --ro-bind $TMUX_RESTRICT /var/lib/commons/tmux.restrict.conf \ | 46 | --ro-bind $TMUX_RESTRICT /var/lib/commons/tmux.restrict.conf \ |
49 | --file 9 /var/lib/commons/nix-dump \ | ||
50 | --chdir /var/lib/pub \ | 47 | --chdir /var/lib/pub \ |
51 | --unshare-all \ | 48 | --unshare-all \ |
52 | --share-net \ | 49 | --share-net \ |
@@ -60,7 +57,6 @@ rsync*) | |||
60 | --file 11 /etc/passwd \ | 57 | --file 11 /etc/passwd \ |
61 | --file 12 /etc/group \ | 58 | --file 12 /etc/group \ |
62 | -- $orig) \ | 59 | -- $orig) \ |
63 | 9< <(nix-store --dump-db) \ | ||
64 | 10< <(nix_store_paths) \ | 60 | 10< <(nix_store_paths) \ |
65 | 11< <(getent passwd $UID 65534) \ | 61 | 11< <(getent passwd $UID 65534) \ |
66 | 12< <(getent group $(id -g) 65534) | 62 | 12< <(getent group $(id -g) 65534) |