From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 17 Jun 2025 16:48:31 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-yw1-f191.google.com (mail-yw1-f191.google.com [209.85.128.191]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55HEmTrs030872 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 17 Jun 2025 16:48:30 +0200 Received: by mail-yw1-f191.google.com with SMTP id 00721157ae682-70e43123ec6sf71529087b3.3 for ; Tue, 17 Jun 2025 07:48:30 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1750171704; cv=pass; d=google.com; s=arc-20240605; b=JzcFRawTOCRx31ryzNVQDVapVx3CI7s5956xPcbrH2jZuX0o11IPzpWuqlxuKNM4rY fd4zuY+ff01y3swIvplo2eliuXFWWr/jd4q/qd7kloSMJ6awh93cwm3hcDS8fIM2r7au cnHWcbGz41LjYFie866CmgDgXuTtMX3JmnBlDYzxLqTW/iRgWnQs6Vv+bY8LItWnhP2Y doMKic+Kc0CMv8hBjIIjUv4t5I0fwucKDuxj9HN13IThQyBC9Wa+FuFxroo/1VaGSiF5 +dot2wx/A0pUUxskCkKYgNfPC/Kr64IU7uJQBphkEfGj8ceFv67edlBEwUcS/m0dCW87 sVaA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version :content-transfer-encoding:content-id:user-agent:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:dkim-signature; bh=yzov2yBzLt5/7VcC1nHyRW3oZfELNXJpnB6L1ibJPoo=; fh=sMO+GpIsoBVuzJbiJ7U4bkj4dCM3U2c03DiZmQPPp6Y=; b=cZz1nRhyi6TwHBUad3Zxn6pKKaxtQySFVp2gt2Eyu6oM3wRre85QorWAUuvKvMt7NK sE/j10L3LOYZ/iCxrkrrIh0v12wUWI54VBidaAUNT3CvU+iPR+1ym7+c80dAidHa62HC 9u6pzEe1JWS607WR9tRyPsORWCAdG+uszoUcWswdUyKGIDjyByzp+Wd0YtYWiLg/NVMM tkgqKumFHZuv+ETmfDTqxWnO3l0KxKslTm7LXKxzZgsBh1YQ9ARsbggLCGFIY4DFlB0b DccRTEWz65NoTBDF10rjC9g56Ll9+RRXOhiK59UUXZdrFahNOATsiOpiSs/41w87dxfd rPLw==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ycNPn8wu; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750171704; x=1750776504; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-transfer-encoding:content-id:user-agent:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yzov2yBzLt5/7VcC1nHyRW3oZfELNXJpnB6L1ibJPoo=; b=YTf2QW3PhSFboqNeJvQOUWKho7OuP/FN9m7P/QOKmsHdA/ThbMcw0HTDiH1LR4SYc5 QXzZiL+1TFbtwkXrG+o/bWPiW+clblnTd0gRohSfqHFuWhwovpX5Y1vRZF9i/K7t8h0m +CzXG6EPl2zE1GbO74x/ZyZjZLpjCYETFAt2lCSEf1l6Y+nvlynTaZSDO3gWWuLi2RXx M92Aj4irTFQmzhx087cVrOjei1kaRFq/58pirMITZ9QoaLaTB94A7M8Wk+YHH+UpcSJ3 tF7IaXfbw12uP8FqW72qJKZQITLGpCSqON3kZrypQZncWUSLGx4ZCCC899KyBNFtPLsK 08HQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750171704; x=1750776504; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-transfer-encoding:content-id:user-agent:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:x-beenthere:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=yzov2yBzLt5/7VcC1nHyRW3oZfELNXJpnB6L1ibJPoo=; b=vG9KSJGSkD3KgGfM9nmSobJLdSMzCdWWXg6ZSIzOPq5C7U6OUHSk57T1G+TX9EB+6s DxMsh08F2ho3qfbqz63MqHobO0GAbDEwpR/Z7Eg7DlFs3pIvHUxnwtOSQk5xQkuoBxKG X4Mf08deO5/O6P5KSn0GnysQ3h3ln6UwbzGZ0oJ+lMvYC1aSM6ng//gBNne/LJhyAZyJ e/NvogDx3pCPfg/hSobcKiDOJ44Jy+Di/58FVE4wECAQzQTtVs0YJLF7c0HRfHYTRpa3 VTMxzjDRWh5NkO+d0Ye3naLNpDCY9WAUAuiDz4ZF/MHSkcQqysE/Nkm2ZIp1eAvSoQvC zdCg== X-Forwarded-Encrypted: i=3; AJvYcCXHEDZPMESCqo+p2jowk5yMhzEzJHuOc1m8gAz4BIqWzbBnisfYP90U3Galn55Z4/sMxhGJ@ilbers.de X-Gm-Message-State: AOJu0YziqLjc+LXHcW0tP+h/BPK8x1Z0mUYxsiiJ3Mi4UR0iRH+GYlGw JVtkjmgFLTV2ttlbI38UR6Nb3XFD+D/ej5i6cj+BsPNgQKuUwdt8BkZn X-Google-Smtp-Source: AGHT+IHWJTdPkECVEw2qv6Yi1JXoOjV9HEBRf1JJ1ptq84MwlTFvfwqphKUZOYd0TfyotnloKvB/0w== X-Received: by 2002:a05:6902:10ca:b0:e81:e5c2:1967 with SMTP id 3f1490d57ef6-e822ac8e207mr18885509276.27.1750171703574; Tue, 17 Jun 2025 07:48:23 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZePmpoVBEyn7uafI8yUXzpNZcQut09RZrHPIjPZdfBnGQ== Received: by 2002:a25:c201:0:b0:e7d:c43d:b109 with SMTP id 3f1490d57ef6-e820daa50a1ls5393599276.1.-pod-prod-05-us; Tue, 17 Jun 2025 07:48:21 -0700 (PDT) X-Received: by 2002:a05:690c:f89:b0:70e:719e:75e with SMTP id 00721157ae682-7117538c83fmr178711797b3.9.1750171701763; Tue, 17 Jun 2025 07:48:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750171701; cv=pass; d=google.com; s=arc-20240605; b=CMtIYTABDnZeg1T7FfHTILQcjtE00K5DGgwrUJLTVGG20NxTz4AaCa+3oO9EXMxUxa 4l4aFIQQlnmqClK9Mlz0ZmU6r61ZNQYBY2q7NbLPcat8rq6pFcICBO9uxTfDGIQs700R FCDFZCV5RXhO4mrXCb8xiwc+DanuT97qpd6INLOg8vv25IukOhD9AVhzmhbMVyROrEVa VMXwoMvN99tX5lCAWRpQaaSmlv1w4+vatH2T0F5KDwfwVTKHeewr1Zk46zDo6OQEbfuC ClyIVN4TnQR3Ls1XMpAYNqetKs7XFZFdrLGWpr62GBxwJiJDDGmefMJHVqwlTMPzyiwS QEVQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:content-id:user-agent :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=YTzXeGvv7GAy0GwwyBW1yHCPTXszNJ+/0qmjquAmJ4A=; fh=SkZQiDlGlwJRwJaDYHY++hn3qS4GBM361FynDlSs5Mc=; b=G5dyPmEN5gqS+kQQR3TC0becV0EUWoz+1xrr4XMS1YUsVnzDr5HCFbbw/gaiSNg31m oooYIDWVIf6cjqaotvNmOT2t2SmeZ3k3rtp1zjKAGglDeL7dP9WXi4Qv0i3srEH7hMPK DSNQ/oYKza5sdZh/2AxZX7G/ZuEgcab+sWNXeoUe7+fJi2Mt/NRerhnd2s1o3zMU2wMV 5LCqj/Pq5T0kEiHg/rUCQ8Lt4ZXB7DfOXITG+YmDB452YInnVWwbZyT4zySRhDubehQW r1sNxkT9XAlPrmdwfKHhHUR8FlIx+aFSl1dxJcubdCC32E/xs6pUWLN7eqUePN9rOTJS rLVg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ycNPn8wu; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 00721157ae682-71156d43a09si5184247b3.0.2025.06.17.07.48.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Jun 2025 07:48:21 -0700 (PDT) Received-SPF: pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=iMF1jNuY2ChA/3qmgMqBaASqKbclqlZhkeErN1D/EaTElbx7X0RIX++u2pShvOGRTMbzWQAsbZ4ftvSFhylfLz9UZLS8bu1e3uXvBzPuDjJTY8K2CvlbglqwkgiblUjP9hpj6Eed0zOSZaxS9x0h2xjcvsb48tnMl0isd8nQw5W/COPNZLX8oRvMK06ZXgt4qcKnGeHpq/QWvsg+I20AWJMBhW2NJorh+LhOXTLaPdDBZi9VpsHxCOfS2NRG4WU8CI9MqDZXRVAiKC3E+wYEAXMAD0xagdsKEafb6zPNrJnm9u9UujIHPyCAFxwkDPRc/guxajU+YEolrlZ5PIR1eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YTzXeGvv7GAy0GwwyBW1yHCPTXszNJ+/0qmjquAmJ4A=; b=WMZ1Meek/Vz3c9i+FuYQNzNeyzCwoj9FaTSef5caN7A67+4KMBMWdSzvw9SCA/L9P3KXqrTxHWEKoRHRcgw9Nzm4dLKUr5X5t+9J+baTl9bIc4kuSknzxDBG3bANOFMGdgtcSaZkssGyz/ASnCOFPeO5wu3CEIuWeaAleE5QUu75uwgTDkfybqTG1i8okmnKHgYtzbUW2/WMpABqlRQNkeQKIAY+lQcvR3fXTTgPvQb5K7sXKyDb4F/q2l50wV/UHKGZ9TvTJ0de/M9+OF8ZPJcaa5hyqif3pZPWljbcLn4Hf5SZ5d/P+BLMAbDCpOyQtOR77KgwCr/wvmuKiD4vpw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:629::5) by DB4PR10MB7040.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3f0::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8835.26; Tue, 17 Jun 2025 14:48:19 +0000 Received: from AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM ([fe80::cd6d:2dce:458b:5321]) by AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM ([fe80::cd6d:2dce:458b:5321%3]) with mapi id 15.20.8835.027; Tue, 17 Jun 2025 14:48:19 +0000 From: "'cedric.hombourger@siemens.com' via isar-users" To: "isar-users@googlegroups.com" , "MOESSBAUER, Felix" CC: "Arjunan, Srinu" Subject: Re: [PATCH] rootfs: do not expose /sys/firmware while building root file-systems Thread-Topic: [PATCH] rootfs: do not expose /sys/firmware while building root file-systems Thread-Index: AQHb34RMWFsTL0w8x0SA8Ny2wmjOuLQHT/OAgAAetYA= Date: Tue, 17 Jun 2025 14:48:18 +0000 Message-ID: <3f8f2e81d38e66b4d2dc269903de7f39a9df280b.camel@siemens.com> References: <20250617123507.2245-1-cedric.hombourger@siemens.com> <23351a3bdc42f238a0b8341afd2d3611d5cbca03.camel@siemens.com> In-Reply-To: <23351a3bdc42f238a0b8341afd2d3611d5cbca03.camel@siemens.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Evolution 3.44.4-0ubuntu2+intune x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AS8PR10MB7875:EE_|DB4PR10MB7040:EE_ x-ms-office365-filtering-correlation-id: 9d471b8d-3d61-4339-9035-08ddadadffd7 x-ms-exchange-atpmessageproperties: SA x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?utf-8?B?dTF3NXBXb0oxUFc2enhVY2lER1dDdWN1RHNFbGxqSG9pd01RMWd6TXQzR1R4?= =?utf-8?B?VEh0ckNGQktGdlRUdW5UcTE1SGVmZE4zUnBhTXlNbSthVlc5Ly96WGk0eXcw?= =?utf-8?B?bmdqaXdRK1dVc2hDS1VWQkhXRUd5MktBVzZ2dEtkdVRXWUl2UVJSVTNYNWdk?= =?utf-8?B?RVhBaXZrMTJxYkZJN3dnZVJjcU9wancrbVdZRWd2Sk42Q2RsdzU4REgrZ2VL?= =?utf-8?B?cHpMbDBZSkVlNmNaZEJ3Wkw5dFNQbnlLMmVBS09xM1dGZ3JtQnBkRHdsREMx?= =?utf-8?B?RXFpd2h2THNmVHFHcDZNY0VqSzdOU29ZdHdBRUhJN2RNcUtFZ2xwSWpYTFRa?= =?utf-8?B?bFJ3Ukc2ZzQ4MHB4NXRNVUVaUFBrYjJFditrZ3pia0FZY0gxWDBQYm9IRzRi?= =?utf-8?B?a25hYVdCQThWVG5PMEF5Y3dTUTVQUjdDNTFqWEptVUM5amJNUThodjdiM2x4?= =?utf-8?B?aDJucit1YmxldnZjRW85Z3kyUVZma050SlBPVDJCczRCaU1WL25BT295ZW5w?= =?utf-8?B?bzE0a0hlVHc0a0NyaEVBdWdVanQvK3dFenVRSkNZaVJTNE9nTVk5and0MEg3?= =?utf-8?B?T0YxVlRjdmdsSlhCU2lvNll5YnhmNjh2RFZvSUd1ZHBkQ1R5T1RBYVNYV2Qz?= =?utf-8?B?Q0xPQVNHRnNVNms3WjEvdnQ5UEpzb2dsVE1qM3RrRjFyM0JzVWlkUlhFT0x6?= =?utf-8?B?ZTRLbGpTZ0hlYWZzb3NaekpLV2FKMHhHdGRaWnZlUGZjcnJyOC9rVmRRMXo5?= =?utf-8?B?blVZNGw5RWcwTWRuNDFmNlNuWUVnVEd3b05QM1hVZWpwektyakJFUEkwNllJ?= =?utf-8?B?RnRuMmNnMUxJSXluMmtGQ1ptMTc2R2VzODl1T29ISmNISmhENU9EWElnTTNV?= =?utf-8?B?dUdpUlNZVkZvZ0RMVkpJVkdyaVhqTXl0WXlpbmpBd0ZySHFRQmh5UWRRTnJO?= =?utf-8?B?cE9DM2VCcVRCN3VBNUViU29LZ2VCRDN3QnowZ3pTZ0xzaWM4SVV0Rm1tQWUy?= =?utf-8?B?bmc0NU5VMCt6c0pyV1FwNGJLNng4TWN1dmlnWXdhNUVZL3p4aFhHWjlad2xQ?= =?utf-8?B?RUZKb2NvQjRid2xqb05DL1pNSDg0NU9oQXVCMm9UWVBBMFRGdnRzTVV4TEUy?= =?utf-8?B?Y0xqZnhpNDlHMjZoa3hkNERacXNNcWxTUnVSS3E5djdUeUUzWGtMMFp0VWo4?= =?utf-8?B?UCt3bWUvdkp0MlFQMlF6OFk0ZzFjL1R3Z3BqZHB4L1l3NzcvK2xxNTNLRTA0?= =?utf-8?B?WndEa3JnOFZXeEl5YzNLUmRyVERZSnhmVGduVFFYTjNSVUJEOWtDOW5PTUZN?= =?utf-8?B?T2tBaUhRdzkxK05QV0lTS2hjTzRlM0Z1ZjN0bWcwdUJ5aXdMeWpaYXF6UkJG?= =?utf-8?B?b29SMFpSZXZKS0VVVS9weE9YYmoweTlxT2JSSUZGSUJ6NjJSUWdZcS9TdjFy?= =?utf-8?B?WE85L21udFFDY2FzVmd6WCtIZnNlR3o4ZGZuYVZPMTFrbDVtS0l2QVdlQSt6?= =?utf-8?B?WGV5Y3ZSV1FnYzBZY1Y3Y2pMdUozNVBma0IrUEZUWjR2MHQxSDlRbDVXWSt0?= =?utf-8?B?RUdlSGc5clQzU3F6UGk2WVRuQVBnR0lMVklLSVZZdkE0ZDh4clNudG5XSi9s?= =?utf-8?B?ci8zb1ZTdjBJUnI1aGtRaW5ZVzJYVTlqeER3ODFENkFVNzJxampOdWVaOUQ1?= =?utf-8?B?R1lkZDI0TEhid0NxcGZZQ053blJ5cGhKQ0Q4c3dKSFpjcXYrNU5sMzJxQVF5?= =?utf-8?B?eU12Tkp5SVMxeVdaMzJWWWxIek1Db0dlblFnQ3dZSTJ6ZXcya0xwUVhWTTJX?= =?utf-8?B?enZObXppVFlQY1dlbjNPNWFqSTRxUFUyejQ3VlIvQ25oTlh6ZG9pUFdrWUhC?= =?utf-8?B?aEI2UHNUZlZ4V3hMWlFIYWVWbm9CMkViSUF1ZnRGSnNiQzc3aXRuNHROQUQy?= =?utf-8?Q?TEF7JBsdVaPgtJWuIIrmTw7rGbw7fC9l?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?cGttTlRXbTdNUkFTZjkrd091TjhHdEsrMFdDSkUyYWtGZEYyNjBOTG5LZ3hy?= =?utf-8?B?aUNXQXVDSmlpbHQ3UDkvZUc5b1JWTmtVdHpUUnFtcFVGMTRuWDk5cVdFU3Vq?= =?utf-8?B?dFMybTl4MnlxU2hwZkN2VDJjNkxybkUxQWFpT2dINGYvcUN1UnF0QWFISXhi?= =?utf-8?B?TC9EQVhRY2ovS0VET210Z2JJaVlSOWd0UjNSZC9sazZqRUpPNmtidnI1Mjds?= =?utf-8?B?VkROMFZiRXFvcHRjZGhtNFB6UHRIWVUyRXhUcUtHeDJPclBFWnR0N21xQnpO?= =?utf-8?B?VmJMeS9vTEd1M3NTSVIrZFJmUzFacHN6VFBQUDcrUjdWdFMzN0IxYWNUVVZZ?= =?utf-8?B?YkpUUHpUWkNCK1V1WmMzM2FmNlpGTkxmYVZsaHBmcFhyYU9peVRpZG84ZXpZ?= =?utf-8?B?R3o1VWJiazZnS1oyQ2dUaFRIbDJrQzNGUUIzZWtGMk42S0VqSUx5Y1RFUmlK?= =?utf-8?B?Y0xYVjZXbG1IRjVxWXN0Ukhydk11UnNzYzV2TFFwd3o0L3U3OUVWQkNMWmxP?= =?utf-8?B?TGRDOHhOWHdQVUFudWdrc24wZGFTVDN6QXMwNzRHWURWdktxd1g0amdCcWFG?= =?utf-8?B?dnJ2WVZRYU1teXlsbGlPR2YxL09sQW9PMmtpb053UENmTjdHVkRmL0xxcmto?= =?utf-8?B?NTkxTXJtVDEraDBwUzM5UHloUlNyWEhubkZHcTJqaFk4WUp6T3JaMDZNUngr?= =?utf-8?B?L0s5U2hPWm5sTTZDdEM0a25TdzhHWldjMkdqcGZndSsyRC9Kb2dJdGEvOEY0?= =?utf-8?B?bURqUk9iY0ZKZ3RFeG9HajIyN1FOWjEzbFFHRlFRMDFIWHNnRlRDUDFNKzBy?= =?utf-8?B?ZVVtQWhReFFyRmFBa0toM1FCdmNPeEN2VnJNczJUSkhxQXN3clJqMW1sWFJx?= =?utf-8?B?NFh3TEF5aFRBNEpvRkExN1BqWkkrb1hvSHdCZzhJeVY5cFlrUnBNVUFqZThh?= =?utf-8?B?TVRHSE1GTTNjU0NUUC9OZW0yb2xVZE8rSEU0RGh1WmJJeGh6cUszRGZGUDNw?= =?utf-8?B?WlVSTFA5d2J6RzhwK0pGM3E5eWtqUUhJRVUxT1pkaEloeGcwanN2ek1UMlFs?= =?utf-8?B?RFhvYURVNzdXSDgxSmU0SGVwbmg1bkg4ditiaVVtMjRFd2dsSGNvdWtmSUtt?= =?utf-8?B?UnBOem5qSEhldzBTR1dacjFteUlCQVJ4UzVaQm1SMk9UOXFWRHkzQ3RkUURZ?= =?utf-8?B?eFRFRHlpNmNORFRSUE5tTVRnSGdpR0l6TkVLZGdnc1FuSy8vemtGR0pRWjhC?= =?utf-8?B?S292eUMyUzhTbHY4RFdaWE41MGF5dWhPMU1SSXBSd2xBdm9ISXdZTllBaHJK?= =?utf-8?B?WjhPR3FRWHk4MnpYREdBTVBmRmhlVWNzY09adlhzTmxKT0dvTXo3ZU4waDlP?= =?utf-8?B?a1hqN0JjWjQ4WVJvZHJDS1d6WWlFd3FlbTRZcHV4bWtXR0FOemE3UzVzaFZ2?= =?utf-8?B?bUE3M2ZxbVp1L1kyazNoWlp0QnhLb3VQZnV5alFYL2hFNkRNYm1scGo0VTV2?= =?utf-8?B?bDZlOWtOTEdiQnI4cmlOZTVzNUJtREhQTzJaYmRJeVhqeTJLajBWRTBINVp2?= =?utf-8?B?WFQxMWdQMTlSdGxnbEo3bGJINCt6RU93M1dNMXRjbWZKL2dDcWRLMFA5aHhH?= =?utf-8?B?V1R3RFNYOGRBWGtxVHhYZ05XZzIydXlmUUovZXM2VGNWNEw3NllVcERRUXNO?= =?utf-8?B?UGtoYWJTejFUVlBvMndhL1ZMazEvY1FldkQwUi9zdzlTYkZPWEZpU2pSUUVm?= =?utf-8?B?SHBkdmRYSjh2c25KZ0xWTjBLRTFtNVZiUEtMaHEreUJwTW15Q2liOVA3NzIx?= =?utf-8?B?SGJZS1RWRVJwbjRzMDRYRnR0cUtZT3B4TCtGc1FaR2R4STl1Si9uTER4ZFZ1?= =?utf-8?B?MlloSDJSTlR2alZKSC9GY2M4RTJWR1EwYjNwSDJMNnhiZm8wVzBLN0pSSUtm?= =?utf-8?B?V3c4ZTQ1U3J4b3pUb0IrZ3BrZm1JSUpMRFZRTHhFUTJGMkJNNHNiQTE4L293?= =?utf-8?B?U09pNnBWVUxweEIxdm5DS2QveGZPaXNaS3NSajFWVjBMdTdNcmQ2UDY3SEFk?= =?utf-8?B?QVJtdGZLOWVLSHB6cml0aUVyM3lRUmx0ZFM3VnA2bmd1R1huYkNQZjJZNlZ3?= =?utf-8?B?VUpFbVk0eWJmVktrUCtnS3dieG56d0N6YWRZWmdpVlVXTitkRVJJd2JoWUxy?= =?utf-8?Q?L6SWIVrhSBuD0qeUUtVnweg=3D?= Content-Type: text/plain; charset="UTF-8" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 9d471b8d-3d61-4339-9035-08ddadadffd7 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2025 14:48:18.9421 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: UuJZXmfdCGpGAiLNBeTsCCIxooHMwI7KIXE7NQz7Jp5KWT+hOcvxbCpcE5UFtcPnnCZDdSQzmzOo2ml2sp13MQJhi3c6Y1mPjf0O0YSIFAg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR10MB7040 X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ycNPn8wu; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: "cedric.hombourger@siemens.com" Reply-To: "cedric.hombourger@siemens.com" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 7ROpnU7cmF6p On Tue, 2025-06-17 at 12:58 +0000, Moessbauer, Felix (FT RPD CED OES- DE) wrote: > On Tue, 2025-06-17 at 14:35 +0200, 'Cedric Hombourger' via isar-users > wrote: > > We need /sys while assembling the target root file-system but it > > exposes > > more than the build really needs. Some maintainer scripts (e.g. > > mdmadm) > > check /sys/firmware/efi/efivars while configuring themselves. This > > would > > normally be fine but for Isar builds, any information extracted > > from > > there > > is for the host doing the build and not for the target we are > > building for. > > In addition, packages seeing /sys/firmware/efi will mount efivars > > there > > and will cause do_rootfs_umount to fail unmounting /sys (because of > > that > > extra mount). By mounting a (small) tmpfs as /sys/firmware in the > > root > > file-system, we hide host details from the build; that extra mount > > needs > > to be removed before we attempt to unmount /sys (but we are in > > control). >=20 > Good catch! Eventually all these mountpoints should be documented as > well. >=20 > >=20 > > Signed-off-by: Cedric Hombourger > > --- > > =C2=A0meta/classes/rootfs.bbclass | 9 +++++++++ > > =C2=A01 file changed, 9 insertions(+) > >=20 > > diff --git a/meta/classes/rootfs.bbclass > > b/meta/classes/rootfs.bbclass > > index 5f877962..7b7859b9 100644 > > --- a/meta/classes/rootfs.bbclass > > +++ b/meta/classes/rootfs.bbclass > > @@ -48,6 +48,12 @@ rootfs_do_mounts() { > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 mount -o bind,private /sys '${ROOTFSDIR}/sys' > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 mount --make-rslave '$= {ROOTFSDIR}/sys' > > =C2=A0 > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 # Mount a tmpfs on /sys/fir= mware to avoid host > > contamination > > problems > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 # (maintainer scripts shoul= dn't pull host data from there) > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if [ -d '${ROOTFSDIR}/sys/f= irmware' ]; then > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 mou= nt -t tmpfs -o size=3D1m,nosuid,nodev none > > '${ROOTFSDIR}/sys/firmware' > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 fi > > + >=20 > Would bubblewrap help in this case? I'm also wondering if we really > should bind-mount the devices from the host or better mknod them in > the > chroot. bwrap creates a minimal /dev (unless we use --dev-bind AFAICT), it does not mount /proc unless requested (--proc DEST) and happily leaves /sys unmounted (unless we explicitly --bind it from the host) bind-mounting was introduced in 2018 via 768908a33b3e8c375ca24cf59ec61c0a9dfa8661 it was found needed by some packages at least when building them as Felix suggested in [1], we could investigate doing the rootfs construction within a bwrap session and take that chance to revisit bind mounts we do (and document them somewhere so we may also note the why there) Cedric [1] https://lists.isar-build.org/isar-users/20250515150727.1764989-1-cedric.hom= bourger@siemens.com/T/#m2686bcfd0c11a7fd19f80a12491e3113340a9766 >=20 > Anyways, this discussion should not stop the patch from being merged. >=20 > Felix >=20 > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 # Mount isar-apt if th= e directory does not exist or if it > > is > > empty > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 # This prevents overwr= iting something that was copied > > there > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if [ ! -e '${ROOTFSDIR= }/isar-apt' ] || \ > > @@ -94,6 +100,9 @@ rootfs_do_umounts() { > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if mountpoint -q '${RO= OTFSDIR}/proc'; then > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 umount '${ROOTFSDIR}/proc' > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 fi > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if mountpoint -q '${ROOTFSD= IR}/sys/firmware'; then > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 umo= unt '${ROOTFSDIR}/sys/firmware' > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 fi > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if mountpoint -q '${RO= OTFSDIR}/sys'; then > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 umount '${ROOTFSDIR}/sys' > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 fi > > --=20 > > 2.39.5 >=20 > --=20 > Siemens AG > Linux Expert Center > Friedrich-Ludwig-Bauer-Str. 3 > 85748 Garching, Germany >=20 --=20 Cedric Hombourger Siemens AG www.siemens.com --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/= 3f8f2e81d38e66b4d2dc269903de7f39a9df280b.camel%40siemens.com.