From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:58:51 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f56.google.com (mail-oa1-f56.google.com [209.85.160.56]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBwnvu023058 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:58:50 +0100 Received: by mail-oa1-f56.google.com with SMTP id 586e51a60fabf-40f10a8c170sf37337949fac.3 for ; Wed, 18 Feb 2026 03:58:50 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415924; cv=pass; d=google.com; s=arc-20240605; b=DoZip1EPFVQcUVWn2PL9Q4P7sD9ZhwaPrx5Lt35SrZDkvAVDnbDo5lLXI5C92ZnCh6 MEaVyzERHciUOV6rOZi80FvuraBewsOTN+MdOfqjW8exQfJK2cGuBb8Mx3shwgQcus6L Bul6qjC2858d1uJvv4ujgY07ONFSlJsBUsLvD2H3+1+7w1If7qhTZSexub0AbdAwOTvD j1PtGYpV131u0tZGf29ipY68plGcwGuHxRfieW1CeQJRiA2CL+Go+XcHiu+EG0qGncAv bcQu8DythRp6stcagVe4fza4p3d4itKlV4HEtiVNsAGEIi0oIaAJ2zw+DfzWl2pXLXzZ LEMA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:message-id :date:subject:cc:to:from:dkim-signature; bh=bNyS3g4t+Yzo1MhCyz4kaO034WRfOknCLYwNTOGBywg=; fh=++uL/YNNUvpxdOMml1qZapCzX+CbYt8RffJpybgNl1Q=; b=Y8BUfIVTh99NaxP8hJFhJSIoSo/MzIZDQMK+90za6y+cZVVexxJVRUPv28/l/YCwbq /plVT2a4/Jcpy0x7at1CmfUnK68L9NZaF0+fHQhPBHmsdtAqrE+u3THJqw5FCAA2u8gI 42llHwWWUVc9mXWAnDqKmAAcj/2jwsWVnqpxWQCfDiRJGRjLCWJEq39Mu/cQVtMpc/3B 5Yr9QqLTCJ/bcGgUVB8M2N7S5eNff1NYpJNxsCSBAA0sBWIFqV9U0eE2kF6nLc8Jg83J sxGV0aA1Lm/y2bmU56PhjZ+1gSfAU1v4G07+ORYRFI13rmrSDt+TJFkswTE+j2dqerd8 G+HA==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=OLR+bY2N; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415924; x=1772020724; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bNyS3g4t+Yzo1MhCyz4kaO034WRfOknCLYwNTOGBywg=; b=fUV6uPRIo+a5yC/KGMY653gVOUzWLQUEROVQOtaSJA3oA75pw0EkuVKqqJVXvoOuGt wdX8qH7US3VJAkLhaWIF0gWHLVacWRpDWfaM/ujJZ1BVM19P7X6tAPm4Gm1K6d30omxx yNq1svlIrr7uYE81XfGxLEw1ChV3e47K5+P4FOZt3rRuH2G4AhPC6421RPDmlGAhzuV3 DnjmscgZuQrIzUgpjVum18Q4KP/v6ViGy5G3FKXh6HLYwI4yRXGfA1k3/qHrcA1iSCjb Q06RTE35/gR+gdtHVJY+Q/frpJ6Iy/VaAc6yIK6cvxXmO1d5QovYihgHdO08kaN58hAM UelA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415924; x=1772020724; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=bNyS3g4t+Yzo1MhCyz4kaO034WRfOknCLYwNTOGBywg=; b=onTV2K1k3KK7Daj25t4jLJ3Nxn9J6DFN4LEkqQapZjXtrwxynxhEpf/0dpCMQo/P3G 7MCO0l8ICIYYY/S82wdh+xg/nouOqSzCEV3zaEyCXf9S11NYQ4hmo851vb4zIApicweP hgRifvwnYOfWQPi50G3NFJOsHykRX8wfjjyALT/+ce2T2tk0nlEQX6zBdn8lQfTwOjqV R8K79xlcx3avlvaufr1t8+A7dz2kgzoQGp9o4ZYIbdmbN3EGlAj5guvSjfW0GFOlSyXZ fX5VfT5bbcXen8+GGK1FhDaEOdOfX2EZQyeDH5Br99EteCkGTttwTe+7lRpwJQAEI0Lv 36uQ== X-Forwarded-Encrypted: i=3; AJvYcCWVNkaJnkISf7P9wPfpfqLMGqwCWgRGQpjjkuxEevmzeNNcbqJ1UqkHDnNS5OrW7tNRlbx/@ilbers.de X-Gm-Message-State: AOJu0YzW5XZ+Moopej7qxkOW/o33rLpsB14aY2D5cwY9VgrBx7aMyg94 SVrKwUC5jNRPYbaJToo2VKM7sOqIsinlrf2S9sd3h1Bavx1zNS+ncrlg X-Received: by 2002:a05:6870:e807:b0:404:b83:89c7 with SMTP id 586e51a60fabf-41529197742mr783862fac.44.1771415924039; Wed, 18 Feb 2026 03:58:44 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+EJ+qG+CxPbVS/x/AlNVS2RO2lYue54OHkNO+55DFyRwg==" Received: by 2002:a05:6871:7bc6:b0:409:6e30:2d79 with SMTP id 586e51a60fabf-40eca34a61cls5030226fac.0.-pod-prod-07-us; Wed, 18 Feb 2026 03:58:43 -0800 (PST) X-Received: by 2002:a05:6870:4782:b0:409:5ad9:67c1 with SMTP id 586e51a60fabf-415291f13cbmr853541fac.52.1771415922986; Wed, 18 Feb 2026 03:58:42 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415922; cv=pass; d=google.com; s=arc-20240605; b=GiYiaYomavHLUp5NmJkRVdlsL78sQ26q+FEBauPiPqtRv21uA5H8qFM/Gv9egkoc2D 7fppa0fB67B97p13r6fRWUiOOtFPQtM36H/qWnh9LqkIkTeUNlDfMMDq5kkueoB1aXjK 4yqVZBbzk9ktLguVgftGZdYDRt9yPTvnnES9FJXBf4/YRekS/i4lmTgoQElxDPkNo6lB r1iUTXNPN5B3AZUQXZDscHiTTsbXHomDgkFMVOpMOUsul7//vXDJOhOIIelHvxyG0OKM w17Yqd/M7vV5cMhQJotTbLBv3V0RYL/C0J+KrHVYyquWNgk2eEyQS3nsy1VUdLAkCVM/ 6C3Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:message-id:date:subject:cc :to:from:dkim-signature; bh=paotYHvkkgicADrYVYZICTy5vjiK6jFqQud7iHBQAHI=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=Z/5kR5YhKJpvDA5mQG48y/ylTfAPoMLtoZ3cu5O0Q6x5EvixtHqHt7GdcwhujXFyx9 amrjdXJcnPz4ejF53jyLDpchlIaR7/fffpZ61MpZF2coyhHlikNga2QAw+s+V7tB8s79 LQU4errS+opOYL/sogwAaDiKKGwp7wpQC+lpIQ5ZIzOT9wu5YO7I5PE/7a7tRc+hbvdr WPXAO3EctWJ9xgTqE5qtf3nrnsMPSjSkJOm1eGMUQ2oR20QAYjhtuhGjz7itxMr3i4ZH R40aP2+iZukl/jO8swVj9Rc3J8dkEdNJZQSoEThwUxJdBl6B1EabgCwTlBTIZhgUgCk7 qa7A==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=OLR+bY2N; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-40eebc3d778si667211fac.2.2026.02.18.03.58.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:58:42 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=OAvUP/YAHyAOVHxiEER+S0CT9Pevh9hNEx1GexY8XFcRiLIitloDKnKMkwvS19e85eICFDd/YRl4C2hT/yj/Wuj4DkmI9XWoWiAvCyBtJyBY+IA4uFfS741HXPZRfPPTID2Qn/kmOlsYE9FqQIXoaIUWRwZSUmwmE5AYbc7R31G5hLn6gTHNqm4ym+c9P/3ozvD1WxmXI314Jtvnsbe5GS0Jr9EtIMZJj7oz4hh08lvF/tMirhPqWM/tFgO2mEQNqWag94ahHCaJWib/1vtoPeujjPbLkLMfUZQ30Br/XfezPz0o+XOaD32NwXWycsLJ4+3eIXPr5iThRHuq+bT2nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=paotYHvkkgicADrYVYZICTy5vjiK6jFqQud7iHBQAHI=; b=WdOBlyw1Rp5n2Yygh7ncLJQ58j/YKQAL1OOkwdvVMu09uZCwoH8TIFEMoX2u2zxtyuzqhplptvZmF6V0y8AKgf3SNnuD4kGBfsJFP12ZPGcI0JCQhN36ftjhjAPjYygKwJFrjldODBgfgeHb8z6+uJ6Jadm67PlU5NsZxZdE+1lCo697TsF/vyfpGVdb3N3Id15kWa8CS1SLF8REa7RFL8xDroLyMkdmdBgh7HybfMSvfvoX+SENGhhf/aBIPERoYbYuE5FjTDKUlVnx6h/Lwk3y0hjztN/4XX5nXcEjjvdGac8/GNJObOPOJSyG9Z0P/cSICQ1b23TCXWHg/o9cVA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:39 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:39 +0000 From: "'Felix Moessbauer' via isar-users" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 00/12] add support to build isar unprivileged Date: Wed, 18 Feb 2026 12:58:15 +0100 Message-ID: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 976ed9ae-3139-4fe6-418f-08de6ee50df0 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016|7142099003; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?UG68CLXGZCQR8BLDFSAXvkMagtxeAliaY5lFbz5R5vfJ5ouqzl4bP0+tOw61?= =?us-ascii?Q?5WSK1xXhqF9UrTYko6BU95O0F//jkF1SCgO3fZ09LYyB5uKLs2EnkmlTXvfV?= =?us-ascii?Q?alkIt2ncJiXlihVX2aNMH8wMVNnD25dESqkvjTyg8nEKPNIDMEtncVoWcMEi?= =?us-ascii?Q?Pu88RgzIrywR/1g7FCYIj2A7FNN/7MSEPIvO3wsp/DPI5SDVLmUTGcY+DcNA?= =?us-ascii?Q?RH3MgL7a40BYnvZYHIG2+QKiCTezNJ5Yo+rT2KEu8ocEhFsTMaYA5Dfc4Cb8?= =?us-ascii?Q?MZwW0nQLLJQSrWdFKXqDTQ5wA9zhl62RymbKPc64/32nhGj9f2GL6NhlIBpN?= =?us-ascii?Q?m2pmiNqTkZoQvKhrmTT0rksWM0reyOBk5sVRMdcQuXRnrh6236aDahcFLFos?= =?us-ascii?Q?hqmRX32YAqxrW26garireD6LqOwUSKVvgBxtJYSFPQj7VnZ3Dq7Zgx3ZrZm5?= =?us-ascii?Q?5rKOiWV6sZhmieuTTvaHMIzJNnCs74csUBsikuz9DvHbQoY0Z+Ay+hGxLjyL?= =?us-ascii?Q?brVFygUK1zTdDhcPvzoT58VADGXWu3ONusWiWa51NN2IuVTWrE698R0aeYxA?= =?us-ascii?Q?PxfmPnyts3qkUHQVPibE8ek6brrP58gFVIQcqAWDJuX/jtWuBshRWUVCVLwa?= =?us-ascii?Q?E72j8tJvLumvhgC9VvUo+qk/7DJaQxFbCumZxnc3SGYLrnZFBWzSk3KjwwKp?= =?us-ascii?Q?CscrTG0jFT7QHEwyDptqaBdJTbntsFp31J4LAITwL+cOjyEafXAiopfiQsRg?= =?us-ascii?Q?xAoCmEZ23gqIDdeJaSiswAGTTKZ5D1G4Y3Xyyav5MwlOYPxxKL9fxX6LACm/?= =?us-ascii?Q?sdJS26i+1jRYK3AQRCsX+58oUagTTRPaPSCT/6+1fm5qI2aqzJdNbLc41NCV?= =?us-ascii?Q?JZ3W/MZ7/bq9BADu9TwW5j5Y5xuYX464d+Mn2I0Oy/5cX2BhZ+4cnvDBEuPw?= =?us-ascii?Q?zZOR27PsOLnEVj4EYsLCJGNmxg27/IWxLEMIUAKuDslWzRHW213h9mRhO03Z?= =?us-ascii?Q?Ugbf56cpbUO5VhO06Bl7G85ATYE7yEbrYd28MSG5b9Z2snLYk75A1ql2h7GI?= =?us-ascii?Q?5XMSll93EmOMVJ8WL2Wj4dDwV0AzFuDKNPhAqfd0Q9HUPitH/zbbXGRBT5+T?= =?us-ascii?Q?g5Wm7gyJoX6DPLdOegTzxdDeXWFoPuN2NSZ5MRzNB2aBlPRwoWqz01nXgihu?= =?us-ascii?Q?J2yrECIkaUrMV8AHZQGQ4rftifDBwSOzDyKjPwXlVLrHb5Od79RD8hhoh8Cp?= =?us-ascii?Q?aE/yOEuYmDId6h3hFo3Li3GwRl5uX4UYO2w8ebkg16Y1X42RW+OS1ss+rc8x?= =?us-ascii?Q?KZZ+aVX3q6DsxviaJpjNw5eTfL/PCzDF1c9nIGQZIgvu+dINFzKl47j4I22j?= =?us-ascii?Q?yzEch4nD9IzhXeeUff7n9iJqJPxnS3TYqpAsS8ddV2Qi3a/TfptVg7mIF/JB?= =?us-ascii?Q?hLLsD+b2B3SCv0tW/Btd2j09022YCGg3S1TmSEQ7SskvslDORTGcLpRibZvF?= =?us-ascii?Q?znyVIKdlvFO5Z9Bh6esGfz7/3znkMrY+UMGKElnBjK7Ks1GMHM4Mnf0FhIcp?= =?us-ascii?Q?HDjvxy3M3sF5XyGmKMI=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(7142099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?/0VyVhxW3u74VW6V1usF7RLXk+C0xSelpCl7IP73ZGMjAadD0K/uxqYVJQgY?= =?us-ascii?Q?bK5j93iafsXgwMJDEnqEoOY+z32AKNkpk7vO6/41ccqQQNdRIRl4/P3OlMNC?= =?us-ascii?Q?yzo9q77xnUGGfPnfm/UQqJES2S2yjG6E7u0uBy/XnIMNFuVL8bNgsP4Dy6n2?= =?us-ascii?Q?Lb3bKJZ30tf6wdzVDlY1u79kP/6LohwskaS4RC0KShv+EJCbhjRmpteaQEh4?= =?us-ascii?Q?RDAStG18GEwBlWTLvbUrAK32CIGyO6Hl2oP+bn0M7PnZEbFXekb/IEMNdjnw?= =?us-ascii?Q?oB+BMBKRRPniA3qrbrIq1Btqat2zV3522yZBAoXPAq84x+i9iJvBLwEXd4Ro?= =?us-ascii?Q?uSPgtH507lpmgJh2oFw4SXMpgMDcjARQn14dLvpDCtwTTwo+zCmRUdxs++qX?= =?us-ascii?Q?18ma3pJR44eckcMyILqzNouhcAqB0OLv1PFYMtYFZKbSHv3d7jfmMeCgNQ8Z?= =?us-ascii?Q?9gfmfv+430DqDoOHkdH28IfQH4IvBtDDVQYg834oS0vmqZLCfgJSHOv/WbLd?= =?us-ascii?Q?siYEd9z6NSEKmdUMHuqB/hOg/TsGp56rzDgMVDcaI2ua0gFIPxsCczYNjUXO?= =?us-ascii?Q?7I82Ig5PGnjaNe9HoNKfoopFCXuZKkcOeDPgMgJ2DlaykRLoRBsreWppN6bX?= =?us-ascii?Q?XSY+XvZKCvR+6aC2ZAAaacn5U6RqmaynwCNLdUEdPE31OJApoGkTRlNDBLOB?= =?us-ascii?Q?yDP6jUaZQ5nmuqdgOtikAiUPibaIH8lmmsu4E1k+lFhlXyzIv+2QaKcxZfcP?= =?us-ascii?Q?0d57TGglIdkIeS5AiCu1De9fwv/lXbuBBzbcjWnLh2ba/9GxLoAsvmo9We/5?= =?us-ascii?Q?oa0VydC5I5m7S8ANkGF8Q6X+GEDMMY99BKLsZ0sJyuOIN3EVbYqqt51Cj4og?= =?us-ascii?Q?ghhsXomOEdLg1JtALCPpw9VfIbJHblL6LU8IPel53vJiZonKSZqqjg5upz79?= =?us-ascii?Q?pgnvjo3ENHgiIY6erwe7/AtlfvwEKI8uTImPomfR8otLhOXsIpLNDXAgnf17?= =?us-ascii?Q?8s43HkC1CnacH8tegwE1fs1W63w69MWOtuhyAgZIRDXdSoL2ofDzi3SH/vgF?= =?us-ascii?Q?Cu4tLQhAsl+Mvz+NU9vfP7FKNjanG+6xlNVcQ2Tbj8csqFVhJ+JGZ7ZJbwJX?= =?us-ascii?Q?JsaGrhAli65RxRX942FDoGR2KJw2k8IyHXuYadtVn63vp9FxPNZDcPG7jTZK?= =?us-ascii?Q?QdJ8/iUcslo/bTegaIhESYojHzMJe4FDSrVmyaf3E6u2f8fv+Fvu3aW9sYap?= =?us-ascii?Q?LmYzZdFwtNnb3nnDLvmcJqel+nRXm1yDVMQ/V5OplIllB31zSBRtHF6he7ND?= =?us-ascii?Q?Cc9j7aNJ+pdcPXDRolIByw/FCW5Pq3stZ9EQBEkq3PgMJXdV+ILv5gn0n0O/?= =?us-ascii?Q?YlmitM4PhL53VJOpRY/6kCH+TF+bNFjYHxjBDAuW/kDSChO4dMzu2qvPOCVK?= =?us-ascii?Q?aZDlRGtHQZg6P1SGYzHunuSIKpHkniXRJ5hgF7Ubo8zZB+X4UzgOQPBYZFEU?= =?us-ascii?Q?zoJycbYSquhJRrnE6B21i4r+lieessUQ0Q1wtWjnqjnXH4hFFYU2SpNVPcGM?= =?us-ascii?Q?1j7CDyIDTcRA9WNHJIqrhtvm/q0YzDaSFMKYqDyG8iRmzjhPFfcj/4Kqy5w9?= =?us-ascii?Q?ZaDgE8Xda0iWlUP/me//3Sf/OHUo0Owc0O28wS76/S8hmKIIhZAbcyn1v8M4?= =?us-ascii?Q?2KrWiA1egvtrrRR4W9Gdxw/r3HmwXBkp8cWwT7Gjpn9TspaYglWeXy18yR7x?= =?us-ascii?Q?Uxe8+WNb+Xkqh/VfuCDVw2orCD+dcuQ=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 976ed9ae-3139-4fe6-418f-08de6ee50df0 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:39.7197 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qabXaAmJN9QGqzKciEgpIsdOf8FdgVjzxe5a1j9u0qyQEjHJwfHrSP1otoGdgdCC/nSXuw3QYgj+YxU1LqdG9fnqfSMFsq4nje+PunV+F9Y= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=OLR+bY2N; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: EKbh5N1pDwjk Dear isar-users, currently isar requires password-less sudo and an environment where mounting file systems is possible. This has proven problematic for security reasons, both when running in a privileged container or locally. To solve this, we implement fully rootless builds that rely on the unshare syscall which allows us to avoid sudo and instead operate in temporary kernel namespaces as a user that is just privileged within that namespace. This comes with some challenges regarding the handling of mounts (they are cleared when leaving the namespace), as well as cross namespace deployments (the outer user might not be able to access the inner data). For that, we rework the handling of mounts and artifact passing to make it compatible with both chroot modes (schroot and unshare). The patches 1-10 align the file permissions of deployments and artifacts to avoid the use of chown (which will not work anymore across uid boundaries). In addition, helpers are introduced to perform privileged operations, which simplifies the migration of existing layers. The patches 11 and 12 introduce the unshare mode, which can be executed as a normal user and does not require root. To enable this mode, set ISAR_ROOTLESS = "1". While the series is by far not complete yet, it already passes the DevTest CI. Know issues are currently: - no support for VM and container images - unprivileged cleanup of the build/tmp dir is non trivial - sporadic issues on partial rebuilds on rootfs_install_sstate_finalize - interfaces between kas and isar need to be defined Note, that this series can be tested on a custom kas-container build provided in [1]. Hints how to migrate downstream layers are provided in the API changelog. [1] https://groups.google.com/g/kas-devel/c/NWQFCU2aUHg Best regards, Felix Moessbauer Siemens AG Felix Moessbauer (12): refactor bootstrap: store rootfs tar with user permissions deb-dl-dir: export without root privileges download debs without locking introduce wrappers for privileged execution bootstrap: move cleanup trap to function rootfs: rework sstate caching of rootfs artifact rootfs_generate_initramfs: rework deployment to avoid chowning wic: rework image deploy logic to deploy under correct user use bitbake function to generate mounting scripts apt-fetcher: prepare for chroot specific fetching add support for fully rootless builds apt-fetcher: implement support for unshare backend Kconfig | 2 +- RECIPE-API-CHANGELOG.md | 57 +++++ doc/user_manual.md | 2 + meta/classes-global/base.bbclass | 93 ++++++++ meta/classes-recipe/deb-dl-dir.bbclass | 20 +- meta/classes-recipe/dpkg-base.bbclass | 20 +- meta/classes-recipe/dpkg-source.bbclass | 2 +- meta/classes-recipe/dpkg.bbclass | 16 +- .../image-account-extension.bbclass | 4 +- .../image-locales-extension.bbclass | 13 +- .../image-postproc-extension.bbclass | 30 +-- .../image-tools-extension.bbclass | 96 +++++++- meta/classes-recipe/image.bbclass | 24 +- meta/classes-recipe/imagetypes.bbclass | 47 ++-- .../imagetypes_container.bbclass | 26 +-- meta/classes-recipe/imagetypes_wic.bbclass | 12 +- meta/classes-recipe/rootfs.bbclass | 221 ++++++++++-------- meta/classes-recipe/sbuild.bbclass | 37 ++- meta/classes-recipe/sdk.bbclass | 23 +- meta/classes-recipe/squashfs.bbclass | 2 +- meta/classes/sbom.bbclass | 2 +- meta/conf/bitbake.conf | 7 +- meta/lib/aptsrc_fetcher.py | 90 ++++++- .../isar-mmdebstrap/isar-mmdebstrap.inc | 47 ++-- .../sbuild-chroot/sbuild-chroot.inc | 24 +- .../unittests/test_image_account_extension.py | 9 +- 26 files changed, 691 insertions(+), 235 deletions(-) -- 2.51.0 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20260218115827.3947145-1-felix.moessbauer%40siemens.com.