From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6517147827419742208
X-Received: by 10.28.231.9 with SMTP id e9mr3422695wmh.12.1517415205318;
        Wed, 31 Jan 2018 08:13:25 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.28.108.16 with SMTP id h16ls1189076wmc.1.gmail; Wed, 31 Jan
 2018 08:13:24 -0800 (PST)
X-Google-Smtp-Source: AH8x225GWXcs5LlGiKOv4NE/xKrgdUxeVjaw49lY1f/KTJOk2xHsNXctRwV5oA8Dcj5uZLfr9i3p
X-Received: by 10.28.124.24 with SMTP id x24mr3669315wmc.1.1517415204707;
        Wed, 31 Jan 2018 08:13:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517415204; cv=none;
        d=google.com; s=arc-20160816;
        b=LUfv5bafRMmZ0nwzdHlz0onOUrt2YFLRMlcUYvefYPlsYAdAcEFHoADzxHPKDbk/60
         Q5kfXurrKiCDM4ZI9if/NVeXdMnnw1D4j3AOWdDXL2lt+8Oj/9w+bMOhyvPwH+JIDsNo
         JFWu/cvVScZrGpWIitNpN/ieWO+4HsyDpXdf8n97Z/QdGInncewOob9P+j2sV0D4r+Rn
         1L7RVIhb0M9QeLpw38yp8cThL/AhbX7vD9+2Sfzlaj0j6qCWKNulu45QZdOolWsczlhM
         7+ITceIHaonvAVEH0JfAyuSvSNWNiCuKXsLPqUkWzX3yoftB1K7LVKLAUlVSm8oyPnjO
         KPlA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:to:subject
         :arc-authentication-results;
        bh=6MdL+Z9njrMUeS6mDlYeN20MCkneqG3xjrkK64pyDVk=;
        b=aROglFwHGG2C5GA5dj9GVkzbRBWC2bKa6J1shPl4ctBbf4JCP6vVB8Vgkb5CbSmnQJ
         JFyu05dPssC8P27F8iD97RAQIjGB2DDU1WOt3tBYObThUwTqPHgDZb9ipLuIrVK54jMa
         8mxW4y93g0SSxrB7PF2kiPiVFOFVXkZUTxs3KlZkllRftfUG8a0i7EY3Fj0+7xeJAmeP
         Q+qycWtu4ibdQPQVZ0rwi/EbNrIB7vLtb/Tx9ojea81knZTafwRuwX4PE/99VFMsfqYa
         3EhWTSrwlwYLmDh+Kf05ApynJcAl8L3JXHqR0Oh0gKUxIYKA+xeC9K46UOw1cZAHnLY9
         40nw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28])
        by gmr-mx.google.com with ESMTPS id f192si5782wmg.1.2018.01.31.08.13.24
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 31 Jan 2018 08:13:24 -0800 (PST)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id w0VGDOnk024693
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Wed, 31 Jan 2018 17:13:24 +0100
Received: from [139.25.68.37] (md1q0hnc.ad001.siemens.net [139.25.68.37] (may be forged))
	by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id w0VGDODH031997
	for <isar-users@googlegroups.com>; Wed, 31 Jan 2018 17:13:24 +0100
Subject: Re: [PATCH 0/9] first wic integration
To: isar-users@googlegroups.com
References: <cover.1517390790.git.henning.schild@siemens.com>
 <f302eb9b-9336-c94e-8c04-57809c2c8271@ilbers.de>
 <20180131111253.49011346@mmd1pvb1c.ad001.siemens.net>
 <20180131112421.GA6508@yssyq.radix50.net>
 <675eeef9-1e24-4784-b894-4ce665da26fb@siemens.com>
 <20180131120245.GC6508@yssyq.radix50.net>
 <1a55fba5-e089-5bbe-4f14-e1931dea38dd@siemens.com>
 <f31aedc8-4ccd-3d82-e0c8-71881b47a89e@siemens.com>
 <20180131134131.GG6508@yssyq.radix50.net>
 <26963944-16e9-cab4-15be-5dd2deff73f6@siemens.com>
 <20180131152118.GJ6508@yssyq.radix50.net>
From: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <2be83029-6274-2fc4-e9a5-9edf870566c1@siemens.com>
Date: Wed, 31 Jan 2018 17:13:23 +0100
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12)
 Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
In-Reply-To: <20180131152118.GJ6508@yssyq.radix50.net>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: ZRW6MD4S/U4X

On 2018-01-31 16:21, Baurzhan Ismagulov wrote:
> On Wed, Jan 31, 2018 at 03:01:48PM +0100, Jan Kiszka wrote:
>>>> BTW, we also need to address unprivileged or container-compatible
>>>> binfmt, or we won't be able to do cross stuff. Probably solvable, maybe
>>>> via namespace support for binfmt in the upstream kernel, but far from
>>>> reachable in the near future.
>>>
>>> That is another issue to fix, but it isn't related to hacking wic, is it?
>>
>> It is related to the question if we need to worry about sudo wic right
>> now or can do this when all the other issues that prevent unprivileged
>> Isar building are solved. I would say the latter applies here.
> 
> Unprivileged != container-compatible.

Unprivileged will imply container-compatible.

In turn, we might become container-compatible prior to becoming
unprivileged, which would be already be a big step forward, but nothing
I see soon either. Also because binfmt is a central, hard-to-share
privileged interface.

Jan