From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7082715741139501056 X-Received: by 2002:a05:600c:4f94:b0:38d:ed0:8468 with SMTP id n20-20020a05600c4f9400b0038d0ed08468mr19335841wmq.164.1649079673817; Mon, 04 Apr 2022 06:41:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:f5cf:0:b0:205:e1d9:2a6b with SMTP id k15-20020adff5cf000000b00205e1d92a6bls2218293wrp.1.gmail; Mon, 04 Apr 2022 06:41:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwplovnSGfQjE4XaSR1YUWSgorRWDKf4WI+6pY6rcba2W2PZ6JZnNAhxDDU/onadMrT0zms X-Received: by 2002:a5d:598e:0:b0:205:9da6:1621 with SMTP id n14-20020a5d598e000000b002059da61621mr16955971wri.573.1649079672970; Mon, 04 Apr 2022 06:41:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1649079672; cv=pass; d=google.com; s=arc-20160816; b=H+U5JdiJHgkMp+fy1PPbnA/XVyc9TlhsipONxB3zmYeaFEYvijig3uorz8AhX0nL6w oeNHk+Y5hqgRFtI1J5BtGZECcQ1QfrHx34yt7S+2Dqav6FLA1UAThKUwYvBMqqtJ7UFo FHOpGkwsfyrjxqAPepUuaTKvd10WwnceZ0pu6ztQqIapIWWrsgWy5XHMs3gNrTEQ74nv uECb6gPlBW+ocVs2mnId4jFcHLFAM1Hl/mc/Ic3UoxtlpLu3O0z4qFxFbLdpLXjED8gz srhYF/eAKCENwsr9Hjet6FvZfp2YsY5ds+hBIs/ffgGyykcIQge6CcF7cQXFVYqWn0GT OlPw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:subject:cc:to:from:date:dkim-signature; bh=5Mu7tAH93Avpjh4vNXxuaZQMIED/zkwKY4fi3iTRGGo=; b=C8RTVshT//dAQkXaBi08GqoJX1ftADIWCnLn3SXfKM5By/ZB8z3H0REQEg4UyxJZQK SwI6olYIEw9YN7s/ca3Lv5lSeor0cDUH92pyeSRgVzXlJHvi1dGIQWOhYNQWyFSBukLS Q3QSaaUHEyAFHaVwLIIlaw3Xl67ovVHjtH5thGsQoaaBLx2XiYe73DWGWiHoJkSzDunE QV+gzIvJtgzgK01rGCM+vsSLQosqqBGeRqxkEi6ijPqhckelB1hhMe9VZdvFNikdOKwP topGNbui2oY9YCN46QRMxpcukLbN5KH6RuSTuciK4lgqbWeXtZ/H+J+jK/9epyxY1ip5 ACFg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=LNj4wUsi; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:fe0d::60b as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on060b.outbound.protection.outlook.com. [2a01:111:f400:fe0d::60b]) by gmr-mx.google.com with ESMTPS id p6-20020a1c2906000000b0038e5649eef4si327456wmp.2.2022.04.04.06.41.12 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Apr 2022 06:41:12 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:fe0d::60b as permitted sender) client-ip=2a01:111:f400:fe0d::60b; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=LNj4wUsi; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:fe0d::60b as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZQpD53swAFkvGY9WTJO7rGFHJOPuWs4p4pFAJvbMTJfx6vOrnEA7D/Smj3XuI8WkInaAgbpQCLVzg7BuWykw4d9MACHoaWZtGuA8PDl4PQ56Yrxy42lowt10PNIUxXizGjP/c3/8ffsWBV4Dj5dHhh13ndfJvMzdJo3KEFomCdPq08HvIyDlDiqTRrwQfRY1zNNHoD9+nvcymohxYqWbfUvrjsUKie34lKdnA8QRVT0T6iC9CpiY97xY5X5qF56baA/7lugSq2IpDUXd0vyyKhVyaesnOWXXlggTAetKEU4fTZngLQYLgSBw9vy/ThtDFGjrfUSPkNV2tQzpfO7JuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5Mu7tAH93Avpjh4vNXxuaZQMIED/zkwKY4fi3iTRGGo=; b=YCkSUd/XLajIqTQa9xXdn/cJs8uJt/5WBJZ6mZuq/oLW6/huJJiESrmxgF9tnsexP/8MRHpMrirXisynKFnlXPJoMfletWFrEmXQu469HOgiiQvFOYjIkEPqcxozfl7wQVt1zYs+R+tPfMDfs2VbGh2kJNnwYEv/GqUU7U1XDA19X451jPcWhsyil8Y49X7VhwZVc+BB1ddf5puozvR2XCggRils/cCrhqIOjAL4p6bEfgy0o38mlEcSnmduMmj3itbDAfSy6zT2I/ac4S+tZMly8AJ7o9Un8BAF5keQQkskbwBQzf6d2t0ohJz/i/eT13PbnUrT73oOocBsoOWenQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5Mu7tAH93Avpjh4vNXxuaZQMIED/zkwKY4fi3iTRGGo=; b=LNj4wUsiYjVbR1Rl44ajhR/ODr7Q/fDIuJwDcH36s6QFt2xUQsPaJV5uNT5xmIq1vGAw0G/DLz+Jf7HI0pVa7oSXm0vkneUGmazGOHYgEbddpm7HhDhL8GDRg8lsNfLx+idwt0NRAHgoQrEj28kcP6MyZOlBgHjnXDO7m5+zcSLVhbouZVP9OVAjcEWJWQg3QoBP2gDiA/xaLGULRYhDpamdbWlbKptUK5j1A+a6VK9xC/3gl0CgcfpMmSiucFAejlxiCqI4RQ4+vB1J5sApENUDten4NJZmALOoF1n4d6r5bXipeS8b0l4ahSRGpV3eIqEsDjIDyJZG4PgzmCa2UA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AM0PR10MB3459.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:155::20) by DB6PR10MB1734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:6:36::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.16; Mon, 4 Apr 2022 13:41:09 +0000 Received: from AM0PR10MB3459.EURPRD10.PROD.OUTLOOK.COM ([fe80::31e9:4e5d:6594:a423]) by AM0PR10MB3459.EURPRD10.PROD.OUTLOOK.COM ([fe80::31e9:4e5d:6594:a423%6]) with mapi id 15.20.5123.031; Mon, 4 Apr 2022 13:41:09 +0000 Date: Mon, 4 Apr 2022 15:41:04 +0200 From: Henning Schild To: martin.banov.dev@gmail.com Cc: isar-users@googlegroups.com, mabo , Daniel Machon Subject: Re: [RFC PATCH v1] image-container-extension: exclude proc sys dev Message-ID: <20220404154104.3773d35a@md1za8fc.ad001.siemens.net> In-Reply-To: <20220404115420.31933-1-martin.banov.dev@gmail.com> References: <20220404115420.31933-1-martin.banov.dev@gmail.com> X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ClientProxiedBy: AM6P195CA0071.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:87::48) To AM0PR10MB3459.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:155::20) Return-Path: henning.schild@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 39fa939b-2082-4055-abd0-08da1640c65e X-MS-TrafficTypeDiagnostic: DB6PR10MB1734:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xDK66sBdMAartK8LK/usYJ7KjkNFvsUHW+8w3jmQZZWub3mZlyG88CO3qUN5EhvnL77e7qECVYW2BZelLu2o4DSgZQYf+y7OFMS4vtM3WApdTC3maGD1H4Q5k1ZL2N86Jcmpo/4VjiGECXWGCM1+6z7SSXhIMAJW4nkY0/0POgnYHot1DfgOaPupPKW8DBVjhR677QhetlwW8rGvHiMR1jmtqpYpxLwimoT/iTDiCQChwY2r9xSsnfohI/eI1EoT9K1pr+Qg7/fIQ9x/o8p3xNBc0MKiI3gUOJ8Sh37BpPukAPpdRekzjhF4iuMmVwQy/JGqaGO3/uPygkFCrkdNhMfB89sGZhlqF/9LjHetwb65bPHMyygAVShPI0EvFLLs5gz3h6+bG6ylGMH0GDH7IGdOtyEA+oG4PjrVrhGR5nfgWrda5zLM9LIHUBVKMZjGcr6uXcnUmY0gbIryp9+6yV8yFO3Kltcq/xZ8dQFUB4cVsBDoPhKC85epNgMcM+oHOpMMTKHCVzCvTJJK0sn+01Wbmm2QloiqlKfQfrTBdlA6MuY5GhMpKCLvO2IuJF/iZBPlSgy5veRzBvL+Ej/3gcWrmv3Xf2pxiRN+6Gycq6QUwwJEiOq5sfmaE6ZXHHynkAGU42GKqTrqQ7C2wJcdow== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM0PR10MB3459.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(5660300002)(9686003)(6666004)(82960400001)(2906002)(86362001)(8676002)(508600001)(66556008)(6512007)(66946007)(186003)(1076003)(6916009)(316002)(44832011)(38100700002)(6506007)(6486002)(66476007)(83380400001)(4326008)(8936002)(54906003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?MnCt4WTZgchEkAd34uZymP659rAb3VU9d29vUbdiPAXzDOWsLWPQEphzqS3y?= =?us-ascii?Q?aEQ0+9J+ZDPT0R2uhZQ/iPGhREYvtPUYbtrTGmDNlWCGb4T/njY+a0sTlELa?= =?us-ascii?Q?y9iaz+oK7BezIu0WhI1zB6TmOIi4OQJm0D51jvGIc09uyJVzxXeeoCKh748H?= =?us-ascii?Q?7+0P92aLMKHLXdJ2GwFZaRxL2i7kudc/f98t7MTCvnRmU+HA/8B9/TVEKjCD?= =?us-ascii?Q?5DBbfsCIGRa109Bi/wLVO/2Sz1JTHvnaJDQKNZZ55QTTEx+rRq4yI8CJXLzH?= =?us-ascii?Q?UCj6iio3gUa90yiSjb/8fod/50c5f4iSDbkQ7pJk76FkJKJNiiiQHguZVsnY?= =?us-ascii?Q?TaxPhRNrr/cihjcap52EA5+a0qGX01RU8ilT4D+8/1tNWx4U2nazoTZrIvzJ?= =?us-ascii?Q?lOBfNdKVBICjPSoZGXEdDd270WAGIn2bU/VWoDE6MTUXHLRI4bW6zokxUV5d?= =?us-ascii?Q?nUUzt8lVL3lTfgVFhdC4MCkWH0JxzRqZdUYnHOrONqgGVTelfrAudep+lz2K?= =?us-ascii?Q?GaWGwVUe0kgrkN6zVVNbUK3dzMtZwMyEk/eQIX+IFF5MleegTKr5GIZ+sRBJ?= =?us-ascii?Q?dpy7H6PfX/7MSqiQG6Db862biHTJvFUy9TsdL2CS3Tl72swrFWJMHp2qbk0Z?= =?us-ascii?Q?9XLgnumf8C6AOrAYm6OUIoC/o9e/ndGAsKjYRwFqI6ggh0ec4z+NMq0uWNYN?= =?us-ascii?Q?WHrCnftYoQJ9yaRqiBmOsWHlbBQisL1a0bjApjWpW6JrCXNB1J2/rkJsFc8H?= =?us-ascii?Q?q36qTtYR4wMMhuunhOSzmcS9an6G83dkdF9XbqEUQRh7NwXGZ/K6qCTHB7cS?= =?us-ascii?Q?vkQSwEArWQpKs8UU5ehfpmqkPrZkG1yAowHJroZ11QUXT625m7ACXhO6IoBA?= =?us-ascii?Q?52YK2jUpvFgtKLN/wqbvQmM6Z0J0gAuU6Gz24jTKGGTDwK7atBA2Y2fJTOw1?= =?us-ascii?Q?Cn2gEc30id938HHZd7sbd8OGuz//duSdvYeLZqMuVOop6XRG7UiOt7KylkKa?= =?us-ascii?Q?M1qs19eiT/Hc9f3icVWsMicb9GlFxfEbX2WfTPN9poEWvkyH/3sGrLK21Poy?= =?us-ascii?Q?6yHW5L2oK+5koHqz4tMcBtyzPEw5Y8F/pY28tEOu/apw8n5SzacisCLX+/LZ?= =?us-ascii?Q?yhiO9hUJy56vgRhJy0XfyAK3d+A7lODzSSUYEycw2I267qOJ1d/7tjvZjdWI?= =?us-ascii?Q?aqd/AF8DBZeaNgjtNXBNaeEUoyNT1DHKxNw0vXfRrOvj9lIG72WMuOl+DdyR?= =?us-ascii?Q?5klcwGEi8XxwdkXszrDqULMeP/I3rfvXl20CA61uoDyFH6ejk6BRvbhFnAH0?= =?us-ascii?Q?0OGKrPub45Q+nTbBnQ2kAWeV32MDnU9cTjdi8sc6JZz4aejhiA3K4YHQBeYf?= =?us-ascii?Q?wat2+uk7cm5zWPeYMIzErkoTiUzcgZQG4NVK07Oaya9pu3P+8Ui+ViFeg0wO?= =?us-ascii?Q?aKkJcHRhZHvXDq3kKGsrl29ex/KhSOkvvinPYv4Jj1xTtDJfHT2/nonguHM+?= =?us-ascii?Q?IMIKn625ciFVV/P4SugYNuXt4drZXb+SMq2p/VFrDCEO3S0k49sT8rnMr3rl?= =?us-ascii?Q?qqEHhdGxzU+PXPI5PMqbiVj2WKrENonnh6aQzE0QVUfPv40Dz8bHIj5CbCxD?= =?us-ascii?Q?vMMEbh8/4ZtmC4nGwTJpkF9qauT2k0mJpX9YNchUXsP+D8jYoXOuOELPJPvU?= =?us-ascii?Q?+QelQh0LXA6cVjjFRMtlrzELbwFm0uFnJ98sTldG+FmSjDKKdwZTp1Via7FV?= =?us-ascii?Q?dt0rUa3M8jyFU83cIxYuEl4K3O9pudIkHc66KNUGLSO2xLVcsxphBwKZkt7A?= X-MS-Exchange-AntiSpam-MessageData-1: GCjfe1rWq3VZDw9tEPjoS9sJK6bq4aNkdvU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 39fa939b-2082-4055-abd0-08da1640c65e X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB3459.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Apr 2022 13:41:09.0969 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eqtNshRxi751Lu8Qogrd18wu8XLWj8SxoI+7Unx4zmmv65hg6A421Otc8TVIMbesIzXo7y6ywczv6do9PsSY2uAVEgb56PLrk0+qOz7gu5I= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR10MB1734 X-TUID: LDVfOHBfK3Cz Am Mon, 4 Apr 2022 13:54:20 +0200 schrieb martin.banov.dev@gmail.com: > From: mabo > > The patch prevents 'cp' from copying the kernel filesystems > into the docker container. > We had CI issues with 'cp' trying to copy /proc//pagemap. I would expect that to only run once that thing is ready to be "shipped", so all those filesystems should not be mounted any longer. But the whole mounting logic has been reworked and some of the umounting might remain lazy ... So we can probably not rule out that they might for whatever reason be mounted. And it seems pretty clear that we only want "--one-file-system". > Signed-off-by: mabo > Signed-off-by: Daniel Machon > --- > meta/classes/image-container-extension.bbclass | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/meta/classes/image-container-extension.bbclass > b/meta/classes/image-container-extension.bbclass index > cdec463..f4e8d41 100644 --- > a/meta/classes/image-container-extension.bbclass +++ > b/meta/classes/image-container-extension.bbclass @@ -29,9 +29,8 @@ > containerize_rootfs() { "${oci_img_dir}_unpacked" > > # add root filesystem as the flesh of the skeleton > - sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" > - # clean-up temporary files > - sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 > -delete > + sudo cp -axT "${rootfs}" "${oci_img_dir}_unpacked/rootfs/" > + LGTM. Henning > # pack container image > bbdebug 1 "pack container image"