From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7205086520363974656 X-Received: by 2002:a05:600c:a:b0:3df:97b0:bab5 with SMTP id g10-20020a05600c000a00b003df97b0bab5mr460918wmc.1.1677564932330; Mon, 27 Feb 2023 22:15:32 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:1c8b:b0:3dc:5674:6707 with SMTP id k11-20020a05600c1c8b00b003dc56746707ls8472515wms.2.-pod-canary-gmail; Mon, 27 Feb 2023 22:15:30 -0800 (PST) X-Google-Smtp-Source: AK7set/DGlSSrQ52SYeNL5/IkDxteTeOvRmCwHFzghhmQh+tBv6MxSHiXi85btQMfsfZpuptGyvH X-Received: by 2002:a05:600c:350f:b0:3eb:3945:d400 with SMTP id h15-20020a05600c350f00b003eb3945d400mr1212078wmq.6.1677564930660; Mon, 27 Feb 2023 22:15:30 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1677564930; cv=pass; d=google.com; s=arc-20160816; b=A0ko8NRtI+t8rBie1eW4iAruTqfi5y426ud8vOUw4HDj3NnClSRrdY52CnVr3bIacU BD3nt0LU0fJtEJrBxdHw/vL2gFueImtj+s8amVTRaslIRBZ69E7jSAYbq/mcMq/RX614 xh1df1q0/qsSJKiSzouZpXt7o9KfJfLUat3rh3czJFqFGAL+K5hhNiHK6A7rlVL6g7QJ O/9TcRlItLqnrqEJslatnE30XKagfSdyUXDoue+KJN6E85zRz5/N1pt3bISwxyjM6xGk 8uul1znkwU2DGgSkhC41la9RydOvdiUyf6eTgTBm1K0euBHI8Qf4TEIdZxjej3Tc5LYF M5uQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:in-reply-to:from:references :cc:to:content-language:subject:user-agent:date:message-id :dkim-signature; bh=nEnL0ignebYFuABhF6zca6lTnXmSwRlv1KSsX3OXGtw=; b=Rtgp/GPVQY+XlhghLm2tj9HzyuVEnrIFUf7hn+GyxcHedQ64LcTDTuPq+h1plPAzMi K9urmkG/Iawfc4eNWULp+e3NXdHUN64w2gf4bCOdAxn800gLz/5Gypp4crFHVkwaqLvc pj6YTWq0OmbE5g0cg6SfML1jDkTMeHj1I686aalR/NqG0lagT8tePLZosQUGAJFNg1zL fPsPoeu10w6kOkaFh8Q5xp+S2VqQLhIGfNfmY+mRdzBB+joSwQWmvlCyBegYsIJY2Uby nQIGgfEF+Cu4HCFFWlTAH9POchqG04/dKBRTpuETjAZQEL3FFfb1chXUXGe8O7iHa5GR CKng== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="OBW1iOX/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7eaf::61e as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2061e.outbound.protection.outlook.com. [2a01:111:f400:7eaf::61e]) by gmr-mx.google.com with ESMTPS id fl27-20020a05600c0b9b00b003eaedc7aa48si599656wmb.0.2023.02.27.22.15.30 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Feb 2023 22:15:30 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7eaf::61e as permitted sender) client-ip=2a01:111:f400:7eaf::61e; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="OBW1iOX/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7eaf::61e as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U0J8xKfMNizO/8Q2uzcwSmwM39HsRpWtuFv2L51gnAU+itxd7BqtrZThmsQWgDobYC2EdINr25eyJLBdKj9JzlA6QrJL8FxwlnFSGkLykNBDtSX20VKNYCQGL41XhKsu7d7IzVtMgaxCIcVSf4f2pImQAZ6zM2Wb2FerH85UFZ/2O4tz/IReiwrhZ5dwtAovPuKHS4sTcs77j523XG8qJ7/h9Y3eAn1lV3Lm2JQ7LHyhP0wN1a1c7Y2dwhz1FVVtHRHEQ98rMDkFXq/JnyBc/ClKx7ZqMizsYgTYbPKgyRADx0JQwNHlLZ30RGNhtsq9UwU5bTMTxspQkcLvJxMniw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nEnL0ignebYFuABhF6zca6lTnXmSwRlv1KSsX3OXGtw=; b=R7hjmPT2Wm1B9XhdNN52bCYIl60oAn+cj+Ib0h011TcxVk7qu7OH03FBl7IkKSyrGPgRoGvBnjGDaU+QazGkprQUsDSSjMvh/l0Oyll2heE1davCejkUpVFdjlkVuKpIFgzNlGT9kpg/wJVmE/dY/7EfFG/1afGVJdI8unUJWSbOCio2IvUErKSl6yBljwUOmS4B8bX09Dc88KpBhc7QYdYHzY2FkUEUPqUnxefncDBSdejgJm6QEl89i9sESEsPztddilw4q2e2Zuo+QrH3hOgWvn5Xz/iNcIaLi4G5zv59gefaB0Cv7m5t/AIzLelK5INx8rvmTwZPhU0b+AMItA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nEnL0ignebYFuABhF6zca6lTnXmSwRlv1KSsX3OXGtw=; b=OBW1iOX/E8I6ollfs1+8PivmoJ5qiNkfnIpan0GBsltpsXfyON6BZ6Nx0tnrZn4Iarq4Ns4u6R7FqkfWe/JmmysmidRiUBfQHsbypHiRSVaJtVgOQ+d+T0LC9gC4iZG+bWbM2igekVfxUgEaH/zDOtKIPLy4O+IzMRbdiS22kS15gCheDHO5FbB/LEqG7/Okg2lZmrurBszI8IBT29FfWDWFBbStlCCJCzy10zzpVO7x3HJ0lEs1cU4THkf3Gxm38u9SITqP8GD6n+D8Yx/XHhPBdxoPWD5lztZW6ROOIQNG3mzkKy6xTQ8Cqm3h6isIQ76chI90pxU2dhplAnBKzQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by GV1PR10MB6217.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:93::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.30; Tue, 28 Feb 2023 06:15:29 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::784b:e95b:b855:dcc5]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::784b:e95b:b855:dcc5%9]) with mapi id 15.20.6134.030; Tue, 28 Feb 2023 06:15:29 +0000 Message-ID: <513677c9-f06d-1a58-07e6-265864aac86a@siemens.com> Date: Tue, 28 Feb 2023 07:15:26 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Subject: Re: Isar-based projects using kas-container and podman-rootless Content-Language: en-US To: "Krishnakar, Srikanth" , "isar-users@googlegroups.com" Cc: "kas-devel@googlegroups.com" References: From: Jan Kiszka In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR3P281CA0034.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1c::20) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) Return-Path: jan.kiszka@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|GV1PR10MB6217:EE_ X-MS-Office365-Filtering-Correlation-Id: 9b34cea2-a178-4098-b772-08db19533093 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hOXg7F3dx0KxUPozhRTFpM65jXG3XQq3xpbPxTvgq3EY3PLiZLgBisnjmbbExKEyu4ESwCo+V79iB9xwCNB/CUYjnlMAa1sE+nl2FLPhsnfu+hJHZxN/ZQDj5YCXKzXRolwV/MAnOl3l7xcdceavNztDvhhERsSXeZjoiQE7exyT/MYitskiMQnZq8mSOmN6NUypH36rFqGa+zCF+iZ6pjT98iDJOkhw5W+q8T/nVEDSNizeC0agTtXzdrAVQvPeFBhdCOiZJAb0CKo1tQPP7766AWZx2zbGsXQDg+YOraPsU6pO7niI+vyyYJhamJUXTKuWIGgoxJ5RKh7pcFumwBFO5dPFGcPH79Qz6x/UhFMcMJgbPPEJMLdtnLVQM6t1a2xQRwjozAF1MTwvCW5c9s8tfPBZ5SBdhCYRrqX+bNXjNE58EtIN3uz1VrWeQDajVKEothX5XpqmmNpBCKsgn6iC4YdC1sq/YJrZjZIuij7btgW/3YSXsieI8L5fh4Jvq2H4Fd5TTISbFQUgCiXXdI1MzcLng10C4GpSITUDf5f1hi/LHU/wi1i4B6s4UY9cNtj4OhZw3rCsq8Ex32g03AZHBD9NZOwYva/+51v5ezX4Tuxaxj7VKDaUDwPdec+6wYTfOZ6wdtZGE0zH8FBIGKejNi+yMRBDee67OgJx7rHlwzzhYqvmOJFJRu9jiGTeZU1uYTLtXooUpzcn2Uo9KWJRuEMLPYM+PX6I2zXwDVg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230025)(4636009)(396003)(346002)(136003)(39860400002)(376002)(366004)(451199018)(8676002)(66476007)(66556008)(66946007)(450100002)(2616005)(4326008)(86362001)(83380400001)(82960400001)(38100700002)(316002)(110136005)(36756003)(31696002)(26005)(53546011)(6506007)(6512007)(6666004)(186003)(966005)(478600001)(6486002)(44832011)(8936002)(4744005)(41300700001)(2906002)(5660300002)(31686004)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NXowM0xoZjFoQzhmd3RYdHdvc2EybklNRlY3MkdvR1FqRW9vNjJEUlFJL0x2?= =?utf-8?B?STlJenVhVkZaVU5OaDBZQnVwbXUyZUQ5VFRSYkkzckpFWHBmL05acjlpalU0?= =?utf-8?B?VHNsV0VWcGoxTnRIc2JjckM2akM1WkY3YzhXYVYrQWQvVzBDUkVtMTY2RWZk?= =?utf-8?B?YzE3Z1lxTlUxenJHR0VMQkNKYk9DeENuYWpEK2JhcVZyQkN2VkNJMWVVamVH?= =?utf-8?B?QjcxVUV5TTQra0x4RmppSWROZW9EQ1VFalZpT3l3Q2JydVoyM0tTZnNrRHJu?= =?utf-8?B?QUZvWjI5eHZzZCtFSlM3SFhHTXU3K2NWZENuRlZDYTlydHQ3cDZOdEF4ZWpZ?= =?utf-8?B?WXFQYi9NZDh4TVVVN3lJdWhpcFJmd1dreElMc3YxMWVtSStCZVFqYUhHK3dI?= =?utf-8?B?S0liWURKcW1ab1B5RHB6dWtDT2grWC9sMUQrYjFNSTEzOEowdE9Ib25rc3k4?= =?utf-8?B?QldTOXNuSnBFbTBRZnI0OHliWVZ1OVl0djhOU3FPbitNU2krQ2t4U0RzbHlk?= =?utf-8?B?b1RXUHNIS2xlajJaVjBUcG93ajRzSFFCOWg2ZEcxaUIrQ1hvNE04RTk1bGgv?= =?utf-8?B?TGdtLy9jR3g2cDIvNkgzOTBCMmFhMmlPYUs3MVl6OWg4SG5EL3FHKzJwRGhq?= =?utf-8?B?Wm1zQzcydE5TeDNiM0U5M3ljdVBrdHZRZmlzUW5mVVB4bk9obDczTVF2RnBq?= =?utf-8?B?dTdqZS9QVEQvSjd3dGdEUnBkNWlvNFNiK1J1T05jSDVCanlpVkYrdi9hSk51?= =?utf-8?B?dGJFdjlaSXhHV0ZpeEdCck1iWkU0di9EeUoxZTBFV1dIZE9jNlBvakRDWFZw?= =?utf-8?B?VStVVHRCUGVBTzlEWktDTU9UWmdGa2JiQU4waXNZQkh3ZWl5Q09Qa3JUdWwv?= =?utf-8?B?WWg1V1YwbEpnTFNHQ2VjZUFyZVJLVWlLRkFWYy9XZ0F2TEcvWjNtVnBJNm9w?= =?utf-8?B?S1VuMnhyNjNnbEZCVkdQVUZEK3gzM0dqbStIRTdKc0xzTHhrL1RDR0NxOXF6?= =?utf-8?B?SWJ0Z1h2M3c4YzVIUjFKdUN1VE5OUHM4cm00dWFYYWlGMU5pWEdUbFB5M0RB?= =?utf-8?B?WGRhMWh2dDJ5YlVmNWtITTBKcHl1SWcxNStwWXpCYjFnR3ZNMTlXa3IwN3hy?= =?utf-8?B?eDFKazkrMjlyd2dJRkpoM2xjM3NCSU9zaFRWT2thVExNQU5EK01saUdueXFt?= =?utf-8?B?Sm5xSzBHdEJyR1hrR1RJZkY2Zjd2OFdLSFJEOS9wQXZKY1duM1hBZEVtYnFK?= =?utf-8?B?aTVQeUtwVXBId1IvZS84cFQxK1ZCMENyOG82ZGExbXdBMW8vUU5oRzJLam55?= =?utf-8?B?b09pNWQyVVErbHRQRWdGM1pJbTRrNm05TnFFbnVIV1drblBKOURJTzVXMEUw?= =?utf-8?B?L1RvRE5zQ0xOSlY4QlB0ZzAzWkZpQVhsOXRVRTVId0k1M0EvSkJxVUJod0ta?= =?utf-8?B?N3EyNUZROWVhWExJQ1gwMWtURnpQR0JaNCs2aUVYSWZDRGVmbXl6cnhVV3cw?= =?utf-8?B?a2hLZGtxb1JtWHFQanhGa0tUeXV6ZmN1aS82RW0xdDFvVFBBUlUreHB6TXE5?= =?utf-8?B?UWxUZFVhS2tIK1FIT0M5L0t0ZW9MRXREVUx2MWEzckNqQ1I1MnRIUVBiSWdQ?= =?utf-8?B?dWFKdjh1Z3lqWXVnaXFJcnNUelBwWE1FSzNZVFRHQ0pGZ3ViRzNPOE8vTzBQ?= =?utf-8?B?WnBsemd4cGowSVVJb2ZIYUFyZm9QVU5ZTzlkMHRMY3k5WTJVY1ZsdTY5dnVm?= =?utf-8?B?WW1NK1VBMHhYcDhQRkE2ektqNmNhSVNrUWNQdzcvN1JwaWZ0NUxQempVa3Ux?= =?utf-8?B?TDlDWllvcGJaOHpSNWk1b0M0bEZWQ1BoMzRSUFh2K0wwcDZSZ3JVbkVKajlo?= =?utf-8?B?cHVLRC80d1ZkNzYxOEoxL1hKK2NvaHU1NUk1dmdpUlBDQmxPZ3RPaUZWSnoy?= =?utf-8?B?MUg3WERKdlZFRTJsamNqNXN5TGxzTFdzenNOMDgzajVsb3N2ZXJLZEVWcnAx?= =?utf-8?B?YmVvK1h2RnJPZFZWU091TFZVSnRDWjQwTHlFRXh5ZGRQelZDN1J3ci9YRE0x?= =?utf-8?B?cnF0TWhzYllnK0xlS0QzL1dCOE5iRVdQcmczcm1pQ01JMng0VFR2bFlkK3d3?= =?utf-8?B?cFpac0JjWjlTMFgwNHlWUDV0R29uVndiQmFLZmJRRXZ4UnR5Y2ZNMTRhdk5S?= =?utf-8?B?eUE9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9b34cea2-a178-4098-b772-08db19533093 X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2023 06:15:29.2901 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ubfv0I+bYtPn24+EYty68MkUNIZ/cg3Tsrliy1g0r+oIpSR4u/vt/Zyu8qbhobl7tYj8y10C6k14JYQCMN77qw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR10MB6217 X-TUID: 0hRqDbzNBz6G On 28.02.23 06:58, Krishnakar, Srikanth wrote: > Hello, > > Can we build Isar-based projects using kas-container+podman but without > any privilege escalations of any sorts on the host (container may do > whatever it needs to as long as it is not running with --privileged) ? > Nope, already because of missing namespace support for binfmt_misc (stalled once again after https://lkml.org/lkml/2021/12/16/407). I'm no longer up-to-date regarding how sbuild / schroot improved the picture of going unprivileged inside podman one day, but there might be still other roadblocks left. Jan -- Siemens AG, Technology Competence Center Embedded Linux