From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Sep 2025 10:28:39 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pg1-f188.google.com (mail-pg1-f188.google.com [209.85.215.188]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58F8SbB7009355 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Sep 2025 10:28:38 +0200 Received: by mail-pg1-f188.google.com with SMTP id 41be03b00d2f7-b52047b3f21sf2089145a12.2 for ; Mon, 15 Sep 2025 01:28:38 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1757924911; cv=pass; d=google.com; s=arc-20240605; b=DgVwG7Y4vDwoxoApc/q+X4dInLB+sNGmYJCezHvB00X1R5Do9+eLXnyE5mFePMF95z I3mattHVIcy2ydwhDgLHwfFFcvdR+PhWrgF6doyJ8WUyKpERBCQu+pHpDGAj/MJF504x LZI6Pp/kY6gS+8PBgWktFJagz0QkSd9mxrF0CxY9mE7+K9pTwwNvHgiWkD4Qa4pb23Dj Hs7/s4argDQ+zWN7IzCl5h9Q/chRuMh3bgN96IM7hLM3rMz3ZU9VAVS6FR+Rw8BlgNjC C/Ono3CVuJclCSI5zmmBP+BEXt5nYi+pSX2BQj8gBMntQsrRIakj0o1EkThxaEUOdSrB zVEg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:in-reply-to :autocrypt:content-language:from:references:cc:to:subject:user-agent :date:message-id:dkim-signature; bh=EJmWigPuHd8sk5J+WwXw36i03R20xn87z/xf73j8jhI=; fh=JPvUtru4XtPxYR+CLcwglQ3JKksYTWC5AL9jwLRQofw=; b=ccSJuo6WdpnR7/Wq/wO7ChMWDjYTdfQ9Os5KPqJrIqVEOveZqmt5eimz1k7IOZkGee tXAsxDOpIC+AMPOL1c8SYuneG553b/beOXwqsTvG2taizW3V4Lo24baUe2kQzfO4uOkm NJdg9rEoVsgeXeTK2UIOab7ycBxrCQVpR2cVibTnySzaF7KhO+5HF/QYIfS/MBdVPssi ie2k2DcbDtNVAZsPFlCf43ivMS0VsJO/+4uA1K77h0EXTT66WD30tVud9Z2XvQuAM8Vf J0pP4d8MFp3C3n8Gqd7QKUv9ipoH/OyHWXQsfzXNvGpPJ8sxanBo7zx2X04wcXVTI7QX OkSA==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=jTX+GAFK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1757924911; x=1758529711; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:content-language:from:references:cc:to :subject:user-agent:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=EJmWigPuHd8sk5J+WwXw36i03R20xn87z/xf73j8jhI=; b=kVIvpBi7ixAo/qwXVevgsNMNogTGf+qj+Vn5pWXGrKC8PahMgjKL3x/3ydWxkrWzMM 0YFUvmlgkpEs6D77otMltzYqhqScUcINYxNY/LYFfuFolRac8qBZi8assqgx6BBw9Y0f 7lL/VhtKwMjHmr656hWkv+grYEb76QbGVaQg3vkEuMU4Qo613Y1h5jUYO6GSXj5mM/hO DkmN9Lb39wO/sg83tUNh+ULqf87fwrPDJ5EYzGG9/8x1qBMZ983UG89yvJBo1qkUzjb3 oUYYWUAxndF+eFgUnYQAtfq07ysHAtl3SamXvjQ4erPovgXZaJAvu5gd6NXi6f/KAAaO P/Ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757924911; x=1758529711; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:content-language:from:references:cc:to :subject:user-agent:date:message-id:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=EJmWigPuHd8sk5J+WwXw36i03R20xn87z/xf73j8jhI=; b=MiKi3cGPIyyM/tE5ZjU/7Ln8vbRqwyrZWnIQrMoVuOGVA8w1Ks/XgokFptB6tYy2xM ZLEO9eIT9BIjWdDj6zvRwf8ey+m3AxDUkQCDGCVXiNM5TsqnClESRFUqLT/7KmU6qSJg 2Pe4AVBSQl82kbXNMbfoOCLgHLa0IQqDlxOSS4J7GI3Dntv2g3DrA0o/wBSDWNHTI708 kOQMVWl+CzmBzx2AU+4m56IGeQRIifQ12eloQQCr4XPWQ7fh4rRZHXh6W+cyGSpVytjj ZX8Qrkr38xEEqj+E89mUOt7YMqb7lnCGnFbDwYDiCHOMOJbRFb/MgKlC7ECqzMZWmnwW gxSw== X-Forwarded-Encrypted: i=3; AJvYcCXcgPIN34BPBWQOk8CpUT85Ovxy3cmMZIFDVE1DbCpcmhi2h/O1rQK1IXQwVFxjBswzq3FO@ilbers.de X-Gm-Message-State: AOJu0YzUFXF3G4dFXNZlrzdv3A9wXBXwKIsJ8zKzHbF7isKLXM5HjmC9 fjdTj4Eaekgueu7i2Yqvy7PBFV+AuMEFGkdzahWe4SPOptl8PbPOZ/hJ X-Google-Smtp-Source: AGHT+IERnyPW0TBqC6R1uV0UT+0nicmgRNQ/YCRmKrucAC+eW0ucQ6AG8mWQ0P5xcrLFSuKLSWpTGA== X-Received: by 2002:a17:90b:5108:b0:32e:45f8:9f9e with SMTP id 98e67ed59e1d1-32e45f8a08cmr3853585a91.31.1757924911257; Mon, 15 Sep 2025 01:28:31 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARHlJd6MbU/2hcX0NVrG4GMYBqGKXzAy9BAHp+MRjPBZpWVoww== Received: by 2002:a17:90b:1e0a:b0:32e:374b:1df4 with SMTP id 98e67ed59e1d1-32e374b204dls883273a91.1.-pod-prod-01-us; Mon, 15 Sep 2025 01:28:29 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW5komae7BZBpvXH0RJ0S+3b+7QFvzAfQxsv3Jz0+ouyD46p/OHt/eBG4FnrtmwjJRDvC9Ocbi0KbCM@googlegroups.com X-Received: by 2002:a17:90b:3890:b0:329:cb75:ff06 with SMTP id 98e67ed59e1d1-32de4e7114bmr13080413a91.7.1757924909107; Mon, 15 Sep 2025 01:28:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1757924909; cv=pass; d=google.com; s=arc-20240605; b=CFEYd43cKBd7RhcMMNtexmOHSF3CpowHzVMyJFzeUN5MVsiTaldTOLcCmAVfXEtyOA qUOWXufbrfnGQdRwJimQ14H+lpytKt4OZyAUDhAfQEJiUMiJw46i8Srz+AATNxjPK3Y0 O2DPo/DN758sWfOzCWsvW4pApOtH+MnuchXnV/R74yy90krnTC/kAzAEiYyxT7v21RzI 15zhgsNYxK/MgILZj7wara90d69+HpcwqzGDg5eV0U1Szyb1NwOKkxdNYff43FPXsRH/ BPbHd38fzTZ4I1XLFzLWEC+PrHSTXUD2Ip7apz1RWkciaTK6V/P4wAN9lGhsj83U7/cX oMUQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:in-reply-to:autocrypt :content-language:from:references:cc:to:subject:user-agent:date :message-id:dkim-signature; bh=NHg95wwnK3u6mn3q40HzQLoMvyzgSeumT4sFrB/AcPo=; fh=mwVTC4ILVezY8hrKBzSDpUkZljj3McZDb5y43WPXz2s=; b=k4vosqJX9fFDFr7fQBKL25DKduxYyZyGWmDaFgKxYxqzj8ApxRVNGkrPM7TzTtKYBB tusZzUwTni5eRmTiR8iUvQatBqYDGsDHUjPlUtcKksGMWRTKxVrn9qUXDgoHZibN0uTi srnWGUYLzPARWk7AvGNhm03qdaKIreYHrhHcqht1fG/MmMSyfMftdmLjXfEOxVb6gM1r o8imO8kBbnow5NmSnmJjK9/CDHCwDbTqvxfFsO6PyhbVrSKlQiI3os1uB5CpCTiwtbLH 7XK4SFiPsFceYRswzRaTzQsdz6e7YNTp91ViM+fDL3N8yaYvP7idxqxLmxjRTCFlpFfo ELBA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=jTX+GAFK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-32df968713bsi212734a91.1.2025.09.15.01.28.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Sep 2025 01:28:28 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nZtn5eXvE6FVCu/OBjcBQlrT2Fb2pVG50GyEqHGarmLj2TjYDS2RCARJ+i9wkb8SvCYkZ+cKiCLIKHk5Pa4E2p0IOmO3t8w+ZKDfiMpApriGW8XuI212BXChSfvFwaLMYy6Ynji0o3hoJ1aOv7tCREkZqOSFCo+Fb/dRhfyiBhIUAXUCljkR/xrI5e/b93WU1BT27CeyG+iEcQi/+LQxZ9rqULaCAqA8/3R7Dpct4ab3E6hn0kIME9gFyBHDEBIQtIYV/4PHRQ5V78TD7qdWmypIHfIoKJlSMlmjwTDJV4zjYYteYiyQz6AQXg4fF2PSZCZhKpnBgxFm6fkdVu8vcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NHg95wwnK3u6mn3q40HzQLoMvyzgSeumT4sFrB/AcPo=; b=QVncPycBgj8QDVTp98yJpBAKyXDxepIQCuWtk43SxrRHtQdAkD3UaKB7k6kHMYhnx/Ag3fTxJeJJPpBViN5nm4Syz+o3BBKOH7QhtObPCr0eOpWln1EPEsaj2hjeBrME23C5FxOFwa+BqztpVopsAniEosJMd6O6ovxgeshiWrOy+JKDgiTeQyv5CquomlKXIxfGby9aJlzV1hQuetig4lYChR9vP3PoeD9hLnwqZ5ZzgV7WGFwQdwkEwegJFQMfKFCWKSPCXcGdcwQRIHZ4VJIOFxgzhI97aSN8oA2TsO4aJLsEZml8c9U1yUQ4DADpeCZtDgVAlh+csazXyp4rzg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DB4PR10MB6190.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:386::16) by GV2PR10MB7512.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:d8::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.19; Mon, 15 Sep 2025 08:28:24 +0000 Received: from DB4PR10MB6190.EURPRD10.PROD.OUTLOOK.COM ([fe80::fa4b:dd2d:9aea:d5b3]) by DB4PR10MB6190.EURPRD10.PROD.OUTLOOK.COM ([fe80::fa4b:dd2d:9aea:d5b3%6]) with mapi id 15.20.9115.018; Mon, 15 Sep 2025 08:28:23 +0000 Message-ID: <161b6da4-e7d1-4668-87aa-a0ae041fb8c6@siemens.com> Date: Mon, 15 Sep 2025 10:28:20 +0200 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 1/6] rootfs: introduce wrapper to run commands against a rootfs To: Cedric Hombourger , isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com References: <20250625193748.2681-1-cedric.hombourger@siemens.com> <20250625193748.2681-2-cedric.hombourger@siemens.com> From: "'Jan Kiszka' via isar-users" Content-Language: en-US Autocrypt: addr=jan.kiszka@siemens.com; keydata= xsFNBGZY+hkBEACkdtFD81AUVtTVX+UEiUFs7ZQPQsdFpzVmr6R3D059f+lzr4Mlg6KKAcNZ uNUqthIkgLGWzKugodvkcCK8Wbyw+1vxcl4Lw56WezLsOTfu7oi7Z0vp1XkrLcM0tofTbClW xMA964mgUlBT2m/J/ybZd945D0wU57k/smGzDAxkpJgHBrYE/iJWcu46jkGZaLjK4xcMoBWB I6hW9Njxx3Ek0fpLO3876bszc8KjcHOulKreK+ezyJ01Hvbx85s68XWN6N2ulLGtk7E/sXlb 79hylHy5QuU9mZdsRjjRGJb0H9Buzfuz0XrcwOTMJq7e7fbN0QakjivAXsmXim+s5dlKlZjr L3ILWte4ah7cGgqc06nFb5jOhnGnZwnKJlpuod3pc/BFaFGtVHvyoRgxJ9tmDZnjzMfu8YrA +MVv6muwbHnEAeh/f8e9O+oeouqTBzgcaWTq81IyS56/UD6U5GHet9Pz1MB15nnzVcyZXIoC roIhgCUkcl+5m2Z9G56bkiUcFq0IcACzjcRPWvwA09ZbRHXAK/ao/+vPAIMnU6OTx3ejsbHn oh6VpHD3tucIt+xA4/l3LlkZMt5FZjFdkZUuAVU6kBAwElNBCYcrrLYZBRkSGPGDGYZmXAW/ VkNUVTJkRg6MGIeqZmpeoaV2xaIGHBSTDX8+b0c0hT/Bgzjv8QARAQABzSNKYW4gS2lzemth IDxqYW4ua2lzemthQHNpZW1lbnMuY29tPsLBlAQTAQoAPhYhBABMZH11cs99cr20+2mdhQqf QXvYBQJmWPvXAhsDBQkFo5qABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGmdhQqfQXvY zPAP/jGiVJ2VgPcRWt2P8FbByfrJJAPCsos+SZpncRi7tl9yTEpS+t57h7myEKPdB3L+kxzg K3dt1UhYp4FeIHA3jpJYaFvD7kNZJZ1cU55QXrJI3xu/xfB6VhCs+VAUlt7XhOsOmTQqCpH7 pRcZ5juxZCOxXG2fTQTQo0gfF5+PQwQYUp0NdTbVox5PTx5RK3KfPqmAJsBKdwEaIkuY9FbM 9lGg8XBNzD2R/13cCd4hRrZDtyegrtocpBAruVqOZhsMb/h7Wd0TGoJ/zJr3w3WnDM08c+RA 5LHMbiA29MXq1KxlnsYDfWB8ts3HIJ3ROBvagA20mbOm26ddeFjLdGcBTrzbHbzCReEtN++s gZneKsYiueFDTxXjUOJgp8JDdVPM+++axSMo2js8TwVefTfCYt0oWMEqlQqSqgQwIuzpRO6I ik7HAFq8fssy2cY8Imofbj77uKz0BNZC/1nGG1OI9cU2jHrqsn1i95KaS6fPu4EN6XP/Gi/O 0DxND+HEyzVqhUJkvXUhTsOzgzWAvW9BlkKRiVizKM6PLsVm/XmeapGs4ir/U8OzKI+SM3R8 VMW8eovWgXNUQ9F2vS1dHO8eRn2UqDKBZSo+qCRWLRtsqNzmU4N0zuGqZSaDCvkMwF6kIRkD ZkDjjYQtoftPGchLBTUzeUa2gfOr1T4xSQUHhPL8zsFNBGZY+hkBEADb5quW4M0eaWPIjqY6 aC/vHCmpELmS/HMa5zlA0dWlxCPEjkchN8W4PB+NMOXFEJuKLLFs6+s5/KlNok/kGKg4fITf Vcd+BQd/YRks3qFifckU+kxoXpTc2bksTtLuiPkcyFmjBph/BGms35mvOA0OaEO6fQbauiHa QnYrgUQM+YD4uFoQOLnWTPmBjccoPuiJDafzLxwj4r+JH4fA/4zzDa5OFbfVq3ieYGqiBrtj tBFv5epVvGK1zoQ+Rc+h5+dCWPwC2i3cXTUVf0woepF8mUXFcNhY+Eh8vvh1lxfD35z2CJeY txMcA44Lp06kArpWDjGJddd+OTmUkFWeYtAdaCpj/GItuJcQZkaaTeiHqPPrbvXM361rtvaw XFUzUlvoW1Sb7/SeE/BtWoxkeZOgsqouXPTjlFLapvLu5g9MPNimjkYqukASq/+e8MMKP+EE v3BAFVFGvNE3UlNRh+ppBqBUZiqkzg4q2hfeTjnivgChzXlvfTx9M6BJmuDnYAho4BA6vRh4 Dr7LYTLIwGjguIuuQcP2ENN+l32nidy154zCEp5/Rv4K8SYdVegrQ7rWiULgDz9VQWo2zAjo TgFKg3AE3ujDy4V2VndtkMRYpwwuilCDQ+Bpb5ixfbFyZ4oVGs6F3jhtWN5Uu43FhHSCqUv8 FCzl44AyGulVYU7hTQARAQABwsF8BBgBCgAmFiEEAExkfXVyz31yvbT7aZ2FCp9Be9gFAmZY +hkCGwwFCQWjmoAACgkQaZ2FCp9Be9hN3g/8CdNqlOfBZGCFNZ8Kf4tpRpeN3TGmekGRpohU bBMvHYiWW8SvmCgEuBokS+Lx3pyPJQCYZDXLCq47gsLdnhVcQ2ZKNCrr9yhrj6kHxe1Sqv1S MhxD8dBqW6CFe/mbiK9wEMDIqys7L0Xy/lgCFxZswlBW3eU2Zacdo0fDzLiJm9I0C9iPZzkJ gITjoqsiIi/5c3eCY2s2OENL9VPXiH1GPQfHZ23ouiMf+ojVZ7kycLjz+nFr5A14w/B7uHjz uL6tnA+AtGCredDne66LSK3HD0vC7569sZ/j8kGKjlUtC+zm0j03iPI6gi8YeCn9b4F8sLpB lBdlqo9BB+uqoM6F8zMfIfDsqjB0r/q7WeJaI8NKfFwNOGPuo93N+WUyBi2yYCXMOgBUifm0 T6Hbf3SHQpbA56wcKPWJqAC2iFaxNDowcJij9LtEqOlToCMtDBekDwchRvqrWN1mDXLg+av8 qH4kDzsqKX8zzTzfAWFxrkXA/kFpR3JsMzNmvextkN2kOLCCHkym0zz5Y3vxaYtbXG2wTrqJ 8WpkWIE8STUhQa9AkezgucXN7r6uSrzW8IQXxBInZwFIyBgM0f/fzyNqzThFT15QMrYUqhhW ZffO4PeNJOUYfXdH13A6rbU0y6xE7Okuoa01EqNi9yqyLA8gPgg/DhOpGtK8KokCsdYsTbk= In-Reply-To: <20250625193748.2681-2-cedric.hombourger@siemens.com> Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: FR4P281CA0341.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:ea::16) To DB4PR10MB6190.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:386::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB4PR10MB6190:EE_|GV2PR10MB7512:EE_ X-MS-Office365-Filtering-Correlation-Id: d2043d91-3190-4b6b-502f-08ddf431d501 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: =?utf-8?B?MTEzbjl6QUpKK1A5L2VzSzd6Lzd0MVpOUTlBTkJsQWVOTkdadm9WcHF6aXpL?= =?utf-8?B?c2tnQkdYUk1pQWs2TGFqWnBZbXdCaVdpZHVwWkpSbWIzTEp1K01LbXRIUFc4?= =?utf-8?B?NWp0cDFEVjFLR3NQcStmelZVZit2QW1PMVZ6cEZQdkRoWTVObE9UaUZRQUNR?= =?utf-8?B?QlNzZzQ0cHcrUzZEZXlheWNJN0x6SXF2blp3S24zUC9zTjB3d1p4bTkzbE51?= =?utf-8?B?UzVEUllsTHZKWDI3QjNpczFpNWZsTnZFN0p1TTRNR1RtZndoQm5zUEF3Y2Ez?= =?utf-8?B?aGwraStYSlo1OHgvcHd6dVl4RjBqaExVUkFKeHRzeXMxaVhrR0YyQ0I1elVP?= =?utf-8?B?QU1kVEQxNDBsbEpBcUlwMTVxZEZqWCtIME9MbGEzQUVpSGI4S0Q5eXpJY1dw?= =?utf-8?B?RzhJRmFCcjJlaC9yU0hldVhWMGF0RzFqd1ZVL3dSY1hWeG53VGhqd3RORmN5?= =?utf-8?B?dlJQRDlwSWVMUG5xaVRQMEdMY2JXOVRQWFRleVMvZzdOeTU3d2lkTjBETSsy?= =?utf-8?B?YjdpVFoxMHVMUXRwb0JZRHhxUElkTlJpRkdydmRYRTJSWE9mKzlZa29DUDBw?= =?utf-8?B?L1hDZUVrRzN0bmJhYlRRZkxQSmZxTHUxS0VhNm1McStPQm9rcVMvMnkrOXl2?= =?utf-8?B?TGl4SFdQdW5BcVZXaFB0a05maFp4V2NVb3BadGNMOENxc2h0Ri9WMlpvQWhR?= =?utf-8?B?NmxPeWdtK0pXcG1vL2ZLK2FsdDJ3UWNmbjNHRjN2NG9ic1Z1RGtaRm5DRm9o?= =?utf-8?B?aGh3d0E3WjFKdDlRb2haSEc5ZU1jcHNQTHdYc3l6L2xtMUhhOGQ0L0puVUhm?= =?utf-8?B?Z1R5amVoUW9zd1JZNm1PeEhiTDJpZW9qenNNOVdNa2NQSG9uNCtseWp6Nmhy?= =?utf-8?B?cWcxeWZXSkpIREFzWWIrZkV0UWVveUIyNitmeDlQSzRCYUNWaHNNeHpNQ3Jv?= =?utf-8?B?eVFuUEdCUkFqeDVTSU5xRTFxMllIT2tycUJWTDhPUG1xdWtITGdZUCtTQ2cy?= =?utf-8?B?Tnhscjl3anpmQ2ZROWp1bDlHN3NXdytxbkVPTEZ4ZGhmSGRHU1NaQ0tnTDI2?= =?utf-8?B?R2QzYUNJTGNHN1dQd3RNMUZycEU4SjFFNWp4bXl4bGZDeHRVYXFiZWM2NHFm?= =?utf-8?B?UFVyYnQxNC9QaUxzQnhPWXArS1pkMEhjK04wNnVteVZzRUtXRytWM2I4ZGJK?= =?utf-8?B?RDBqZjlEeUJhS0NXeEh5TE5jNGxOMDZzdzhxTTdPRk9TM09BODhjRXBxK05N?= =?utf-8?B?d043c3JvTU9wbXpiZGg0U1JzK0dieVN0VThSZElFZTl6b3lUaS9qYk5mNFht?= =?utf-8?B?R0dwOVo5OEEwQ1Q0eFR6Tlg5RzJzK3JRZUdTRFU4amJGWWJiemE0OUVySU9x?= =?utf-8?B?aWM4R0lpU0NWQ3FZMC81QzJGU3BrSHJVS2tTNTZ4TGpmQnZxYURGVFhWUGk4?= =?utf-8?B?RWFxMjNPQzVlZ3hHMVhiemZ3SVZROE1ENkpQbXloN1BGa3RJWUpURCt3Sm5J?= =?utf-8?B?M0Q4Rk96bERZVDhNN3BUbVIxckt5T3ZXbEhBc3ppQkFLN3YvclF0bG1HSSsr?= =?utf-8?B?WHF2Nm94M3ZLMlBxRVRsWkhyK3REbE51UlNSaElQYlZSZEovbDVoVjg3U3NR?= =?utf-8?B?MUgrQ2Y1OWxUemdDV2Fsdkh1TUc5bTNzWGVTZnlubFpGL3lvWmtzdzRQcjlW?= =?utf-8?B?ajJNZEdBSnFPMnZGSTYwVDAwaGZTUkhqY3hObDk3ZFdyaVJyREdhYW1TRkpI?= =?utf-8?B?d1FIS2cySHpYSG9aYVlHbDlBTzJzU0JwUE5Wc2U0R1RMQkliWURQbUdBcnJo?= =?utf-8?B?MHNNWE1JT2FCNktHTlJpWHhUSnk0TjAwR3dOSFZxS3p2dmhCUEhLS2l4cUVF?= =?utf-8?B?YW9PRWpqR005a3UxTC9iSEZaSUVjVWk0QVdOTWxqTVJ3Q2o1K1JaYld3amJP?= =?utf-8?Q?gqc7w8KRQxA=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB4PR10MB6190.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NmFybW1MZlAzY090OXhPVndlK2lUSmZMaGNwcnNPV3UzNG9tenA0WFduZ3cv?= =?utf-8?B?aHRNc2txMStKalhPOXBCL3p3S3VFemVzd01ySjFrK2RQaTh1ekhuUXNPbUtH?= =?utf-8?B?MWhEb28xRlA2SWRwcVF4Z2dIcDJ5eUtJcGVVYTFLdHdHblJIZVNKZ1NYbUpq?= =?utf-8?B?N1pIZ3BOeXZlZ0huWFQvQ1VXTS90bjY4ODkvSU9WK2FNbjFHeDZrNjFEWlEz?= =?utf-8?B?bGxLamgrUFp2eVNkU2JXU3ExWVFJcEhnVGxNaldtMGpGK3V3TkpFUnZ6R3Js?= =?utf-8?B?TnVqYm5LOUc0SjdxeklHWjJGeVE2YTYyb1k5VVovQnNKTUhyMFJnQWpQTGhQ?= =?utf-8?B?SUtTMDQ0aks5ZHNHYitRK1M3Smp4aGd0dUQxVFRqL0puSjFCZ21CQkFqNFBx?= =?utf-8?B?a0c5MzdjdGhPZlBEajQwS3U0REM1aDF0TnY5VnY1Q09peEZoTXVXVExUTzFW?= =?utf-8?B?dGhDWk1zL2Frbll3cFFZUXhNb3B2NzBTRGRPOTUzbDNHdTBNdmdJNlpCbUFW?= =?utf-8?B?NTUzdWR6N3Z1YWFoL050UVA5cXZEdGtCaityT2c1aXVsWVNvaGhTWFF5L0xL?= =?utf-8?B?V0NSMFZrdmZVM2h0TktoYm1uL21nS2l2MVJoZnpiTzhEM2J1YU5GTnkzZmlt?= =?utf-8?B?Mmc4UzJsSDBldWFXOWpFYkMyK3RMbDd2SnFkWVVLWnp0N09uNGIwckh5T1hW?= =?utf-8?B?Y1NMMy92d1I4clNkdTEzZms2UmhGY0c1b2x5RHNvamN6Si9GS2Z5aytmeFRk?= =?utf-8?B?eGdpbHU5R1NQV2xaQzRncThHTW0zc2xHYXM1RHNEQlBGYzhoOFVEaW03U0ll?= =?utf-8?B?NndDVTNadmNWSFpOOXNJMXVjSmJzekFIZ1hqNUpuTG9ZR2JmNWlPMElPWU1K?= =?utf-8?B?bnlyUldCVkhKYWRBMUVMTVU5SHRyNXB0anJmZ1FodjVqVmJSWlRvL2VLb1BC?= =?utf-8?B?QnY0Ri81Smx4SnpORngzb0hsOWtUM3JyQjBFdy92a1JkbXliZmRsZzM0Tjh2?= =?utf-8?B?OGFUOGpZZXhGWHVmNjc1UEJBa29EQ0JNWnlMSmU4azlVM3htdlBKTDlObFgr?= =?utf-8?B?dDh4c21GNEUxUEw0aThXU0pRUnRtYnBCYmpzMTBNOFJJUlVaOXZZN29kQXVv?= =?utf-8?B?ODlEd01LUy9ORmpicFZoWWxaVFQxaEpURmlqK1ZobGxZbHdEaFRHRHFwWHBu?= =?utf-8?B?QXV6L2puZmdYeDhVNmRkNnBZYnVRUVk0aFBZZTBDV1dJaCtjT0RwM0tNajdY?= =?utf-8?B?QkRDMS9xYTlvZ1NIamlZSHJSd0xqSWVIUHIrZmlsendWR0hRdEo4K2RVVThn?= =?utf-8?B?elNXRmFSNHhaQXN0QnU1T05YVWROSVZkOHdzVmM2dU1GdmQvdjNsK1Rqanph?= =?utf-8?B?RFNDblNteDBGeDB2ejFRdlhKemNueUo4ZGJVaWNIRytPN1hCb0RQMFlaUkhQ?= =?utf-8?B?ZlppRTVpaDJqRWZaS1gwNkF1QXY2RGw0UjQrR2pOWlZmSTRFSnNncGN0Z2dn?= =?utf-8?B?NGpDWjVvMVFDTGc2RlZSbVhoMXEwbjhLeEUrM1Y3TENBVDVuMVBPakxKVnIy?= =?utf-8?B?TGdhWFF6Q21TWFhCZlM4WlJLV0RBem93clhBTjhCYTJKcSs0WjBXVWZhUmFL?= =?utf-8?B?RVVmZFEwTWNtUnQyUDlkWkhZZDBjZ1hYeHFTSURDcmlzTGhnVlRNWXd5TTg0?= =?utf-8?B?ODJzQjlRMDJLS0lwMUFNbTNhcVM3NlpHckxZb1pxTmRIdnpYSHRiYlBJOElh?= =?utf-8?B?QVk2WU15OENvTkJRbzFzdnZ2QkVhbTJGRk1YbTVKQlJMYTdNbHRKTUtqU0s1?= =?utf-8?B?d01xWWpwQ1Y0LzhOWkVHMGxsRlRuWWxXUXNpdnB6MXZPMDBRMXNaOHhRUDRy?= =?utf-8?B?UGFzeUpSQzVGbThJNDdubmRNZUQvVnh5K2JybnAvYzZDVnNFbWpJWDhmd1hH?= =?utf-8?B?d1JrZEFDZjVrMk5qTk1SRjRaQWo1Mm8wUllPTlRBUGxGYTRwME9mYy84WDUv?= =?utf-8?B?ZHZZYW5FaVNuK3IxUzRKK25KVXFkVTgvMk1JZzd1YUVnSlFNbHBQNkV1WnJE?= =?utf-8?B?UVIrekgrWUVsbVpuN1VWWVpPM1N5cWFCTWxKQ0hmNmw1MVN0OWNqcFE3TEV6?= =?utf-8?Q?F/ts5sPiBo8tmSFY/0u9HOVQw?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: d2043d91-3190-4b6b-502f-08ddf431d501 X-MS-Exchange-CrossTenant-AuthSource: DB4PR10MB6190.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2025 08:28:23.3873 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: V8Dd1PEAYdyCb6IQQapQmb4lCwMxMPBsWoEeLWItJgczbBDDe86aSvZDtyFZ4KHf/Ca6Mqgdc2Y4ONg3rW2auA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR10MB7512 X-Original-Sender: jan.kiszka@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=jTX+GAFK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Jan Kiszka Reply-To: Jan Kiszka Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 3vroYKfuDsRd On 25.06.25 21:37, 'Cedric Hombourger' via isar-users wrote: > "sudo chroot" is used in several places to run commands inside rootfs > directories constructed by Isar. There are cases where a command could > be used without elevated privileges as long as special folders such as > /isar-apt are mounted (they are often referenced as /isar-apt in > configuration files found in the target rootfs). For such cases, > bubblewrap may be used to create a non-privileged namespace (either > in a bare/native environment or within a docker/podman container) > where the command will be executed as if chroot had been used. The > rootfs may also be the host root file-system: this should however > be used with care to avoid host contamination problems (note: Isar > already relies on a number of host tools). Where does this take the commands from then, the host env or some better defined rootfs that is aligned with the target rootfs release-wise? Is that controlled by the caller or implicitly by the wrapper. I have to remind that we cannot blindly use host-side tools on the target rootfs (except for the very basic ones) as the latter may be newer than the former and not necessarily compatible. Jan > > Signed-off-by: Cedric Hombourger > --- > RECIPE-API-CHANGELOG.md | 7 ++++ > doc/user_manual.md | 1 + > meta/classes/rootfs.bbclass | 67 +++++++++++++++++++++++++++++++++++++ > 3 files changed, 75 insertions(+) > > diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md > index 8468717d..18b90555 100644 > --- a/RECIPE-API-CHANGELOG.md > +++ b/RECIPE-API-CHANGELOG.md > @@ -727,3 +727,10 @@ Changes in next > > This was never documented and never had practical relevance. `oci-archive` is > the useful OCI image format that can be imported, e.g., by podman. > + > +### Require bubblewrap to run non-privileged commands with bind-mounts > + > +Isar occasionally needs to run commands within root file-systems that it > +builds and with several bind-mounts (e.g. /isar-apt). bubblewrap may be > +used in Isar classes instead of `sudo chroot`. It is pre-installed in > +kas-container version 4.8 (or later). > diff --git a/doc/user_manual.md b/doc/user_manual.md > index ca551a0d..a4fff34a 100644 > --- a/doc/user_manual.md > +++ b/doc/user_manual.md > @@ -75,6 +75,7 @@ Install the following packages: > ``` > apt install \ > binfmt-support \ > + bubblewrap \ > bzip2 \ > mmdebstrap \ > arch-test \ > diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass > index 5f877962..429494ae 100644 > --- a/meta/classes/rootfs.bbclass > +++ b/meta/classes/rootfs.bbclass > @@ -34,6 +34,73 @@ export LANG = "C" > export LANGUAGE = "C" > export LC_ALL = "C" > > +# Execute a command against a rootfs and with isar-apt bind-mounted. > +# Additional mounts may be specified using --bind and a > +# custom directory for the command to be executed with --chdir . The > +# command is assumed to follow the special "--" argument. This would replace > +# "sudo chroot" calls especially when a native command may be used instead of > +# chroot'ed command and without elevated privileges (the command will likely > +# take the rootfs as argument; e.g. apt-get -o Dir=${ROOTFSDIR}). If the > +# optional rootfs argument is omitted, the host rootfs will be used (e.g. to > +# run native commands): this should be used with care. > +# > +# Usage: rootfs_cmd [options] [rootfs] -- command > +# > +rootfs_cmd() { > + set -- "$@" > + bwrap_args="--bind ${REPO_ISAR_DIR}/${DISTRO} /isar-apt" > + bwrap_binds="" > + bwrap_rootfs="" > + > + while [ "${#}" -gt "0" ] && [ "${1}" != "--" ]; do > + case "${1}" in > + --bind) > + if [ "${#}" -lt "3" ]; then > + bbfatal "--bind requires two arguments" > + fi > + bwrap_binds="${bwrap_binds} --bind ${2} ${3}" > + shift 3 > + ;; > + --chdir) > + if [ "${#}" -lt "2" ]; then > + bbfatal "${1} requires an argument" > + fi > + bwrap_args="${bwrap_args} ${1} ${2}" > + shift 2 > + ;; > + -*) > + bbfatal "${1} is not a supported option!" > + ;; > + *) > + if [ -z "${bwrap_rootfs}" ]; then > + bwrap_rootfs="${1}" > + shift > + else > + bbfatal "unexpected argument '${1}'" > + fi > + ;; > + esac > + done > + > + if [ -n "${bwrap_rootfs}" ]; then > + bwrap_args="${bwrap_args} --bind ${bwrap_rootfs} /" > + fi > + > + if [ "${#}" -le "1" ] || [ "${1}" != "--" ]; then > + bbfatal "no command specified (missing --)" > + fi > + shift # remove "--", command and its arguments follows > + > + for ro_d in bin etc lib lib64 sys usr var; do > + [ -d ${bwrap_rootfs}/${ro_d} ] || continue > + bwrap_args="${bwrap_args} --ro-bind ${bwrap_rootfs}/${ro_d} /${ro_d}" > + done > + > + bwrap --unshare-user --unshare-pid ${bwrap_args} \ > + --dev-bind /dev /dev --proc /proc --tmpfs /tmp \ > + ${bwrap_binds} -- "${@}" > +} > + > rootfs_do_mounts[weight] = "3" > rootfs_do_mounts() { > sudo -s <<'EOSUDO' -- Siemens AG, Foundational Technologies Linux Expert Center -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/161b6da4-e7d1-4668-87aa-a0ae041fb8c6%40siemens.com.