fix: skip system dirs during restore to prevent /bin/sh permission loss

HF datasets don't preserve Unix execute permissions. Restoring /bin/sh
from the dataset removes +x, breaking all shell=True subprocess calls.

- Save: still syncs full disk to dataset (user's full mirror requirement)
- Restore: skips /bin, /sbin, /lib, /usr/bin, /usr/lib, /usr/share etc.
(system packages reinstalled via user-packages.list + apt install)
- Only user-modifiable dirs (/home, /root, /etc, /opt, /var, /usr/local)
are restored from dataset

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

entrypoint.py

@@ -29,21 +29,29 @@ LOGFILE = "/var/log/huggingrun.log"
 PKG_FILE = os.path.join(PERSIST_PATH, "user-packages.list")
 BASE_PKG_FILE = "/etc/base-packages.list"
 
-# rsync excludes for both save (/ → /data/) and restore (/data/ → /)
-RSYNC_EXCLUDES = [
-    # Virtual / kernel (don't exist as real files)
-    "/proc", "/sys", "/dev",
-    # Our persist path (avoid recursion)
-    "/data",
-    # Temporary / runtime
-    "/tmp", "/run",
-    # Docker-managed (overwritten each container start)
-    "/etc/hostname", "/etc/hosts", "/etc/resolv.conf", "/etc/mtab",
-    # Transient
-    "*.sock", "*.pid",
+# Common rsync excludes
+_RSYNC_COMMON = [
+    "/proc", "/sys", "/dev",    # virtual / kernel
+    "/data",                     # our persist path (avoid recursion)
+    "/tmp", "/run",              # temporary / runtime
+    "/etc/hostname", "/etc/hosts", "/etc/resolv.conf", "/etc/mtab",  # Docker-managed
+    "*.sock", "*.pid",           # transient
     "/var/lock",
 ]
 
+# SAVE excludes: minimal — upload full disk mirror to dataset
+RSYNC_SAVE_EXCLUDES = list(_RSYNC_COMMON)
+
+# RESTORE excludes: also skip system dirs (HF loses Unix execute permissions,
+# restoring /bin/sh without +x breaks the container). System packages are
+# reinstalled via user-packages.list instead.
+RSYNC_RESTORE_EXCLUDES = list(_RSYNC_COMMON) + [
+    "/bin", "/sbin", "/lib", "/lib64",
+    "/usr/bin", "/usr/sbin", "/usr/lib", "/usr/libexec", "/usr/include",
+    "/usr/share",               # system data, reinstalled via apt
+    "/boot",                    # kernel files
+]
+
 # upload_folder ignore patterns (HF API rejects some paths)
 UPLOAD_IGNORE = [
     "__pycache__", "*.pyc",
@@ -160,11 +168,11 @@ def restore_state():
         log("  no filesystem data in dataset (fresh start)")
         return
 
-    log("── RESTORE: rsync /data/ → /")
-    excludes = " ".join(f"--exclude='{e}'" for e in RSYNC_EXCLUDES)
+    log("── RESTORE: rsync /data/ → / (skipping system dirs)")
+    excludes = " ".join(f"--exclude='{e}'" for e in RSYNC_RESTORE_EXCLUDES)
     t0 = time.time()
     # rsync with -rlptD: recursive, links, perms, times, devices
-    # --exclude .huggingface and .git (download metadata, not filesystem data)
+    # Skip system binary dirs (HF loses execute permissions); packages reinstalled via apt
     cmd = (f"rsync -rlptD --delete "
            f"{excludes} "
            f"--exclude='.huggingface' --exclude='.git' --exclude='.gitattributes' "
@@ -225,9 +233,9 @@ def save_and_upload():
     except Exception:
         pass
 
-    # rsync entire filesystem → /data/
+    # rsync entire filesystem → /data/ (full mirror)
     t0 = time.time()
-    excludes = " ".join(f"--exclude='{e}'" for e in RSYNC_EXCLUDES)
+    excludes = " ".join(f"--exclude='{e}'" for e in RSYNC_SAVE_EXCLUDES)
     cmd = (f"rsync -rlptD --delete "
            f"{excludes} "
            f"--exclude='.huggingface' --exclude='.git' --exclude='.gitattributes' "