From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Sep 2025 15:04:55 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pl1-f183.google.com (mail-pl1-f183.google.com [209.85.214.183]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58FD4rpp011184 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Sep 2025 15:04:54 +0200 Received: by mail-pl1-f183.google.com with SMTP id d9443c01a7336-24ced7cfa07sf44431265ad.1 for ; Mon, 15 Sep 2025 06:04:54 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1757941487; cv=pass; d=google.com; s=arc-20240605; b=leGgW8elK3xtw3k9wcTteNROyttvqHPTE9qAiZVA8fGR/xlJf1ulihE5US91QDvD2C I6d1EgicBR0UGRJ53pSNNtTsgkz7jmhcZZHhO75kAZTqJHgpAoKyv6E8kC3WxLgvTkGc OgOwoNHaRYJY753vJXHWyRoKkmlOxV+Nk21SsvXwKNKJSwXWRGwhfelXq8v0huy4v85B NWVPYAFyl4NJ3dSTqVz7XhCg6f4+NBRUngmuO4ve10K3GlxLQ1lfuPIa9OhseJU+DmrJ v9wY8hux3gnxc0x9JV+ytLSTJevG0fYo2ZmRbANbkPDi7FLzoMhDxFa7OUpLlfHZBsLT 1hgA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:content-id :user-agent:content-language:accept-language:in-reply-to:references :message-id:date:thread-index:thread-topic:subject:cc:to:from :dkim-signature; bh=R6KURAs70jydR48F5jsI/inApEkJlf/1e0hT9bs1Als=; fh=qlyZOOlk5hj5ZXStdykxxuPS+YPu4ULZHkFOyaurHs8=; b=Oa3YNJzbf1wz0DH0UyTahxAwyWv1b4T3avzbAkRosp+vJ3RDiHz6YrGbfYKlG71+Ix wk8Oe9ZY/aaY81eJ1hpN3g/KcmKPCBQ2JXyFjTpsxz3s0D5b+JqyKBOKATk2Hqisn04L RbUEU5uVax8QwHdfEJyjnmCvAkYQGbA2WSqOlyzajmfnLRCaLFPZD8jX+eR6Bc2dOXlK Qr7Dm9KXxoN/xdE+PFV4jmsMD+VTKqcAqz15XzUM5LXO6irYZel4xegyMGuONGpXeLLo RA9am+4hS71CTb7+2cFtpyXLf+L+ir5i4ZKdxzmBd1FQu7BF0qts3UKGfISxanyyKzNM IePg==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=v85KoBoC; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1757941487; x=1758546287; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-id:user-agent:content-language:accept-language:in-reply-to :references:message-id:date:thread-index:thread-topic:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=R6KURAs70jydR48F5jsI/inApEkJlf/1e0hT9bs1Als=; b=MHDGAuTROY+kkA0+QN80GeraJnRKq1neMupMqaFdtGpzwIJac0SzKlq1xMW5/q2PZv 8EiLK9jc0I636NZmjXWbe08sYNx+IPfV5mY3nKPzu/RbXXkYZqJT1I1UXirroV4rlqhk kTZqFVTVra0dcYVDBAX6EAchyJ4CRXqSigTiaDw0p5QYZBzqhAu2uAMWjH5g5posnZAP uhG6t/rGTccLJxJlaJXCh2o1qU2/p8JI35WVipglxSXOMZR62KknJjyZ7wvYQpis3yWK LwgpUXraLmDlzeWkBt/hqfdB4UtS3GF0RQcWPOqWHwy1DYU65RM1z0LZZRhUghJqqVvW rxHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757941487; x=1758546287; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-id:user-agent:content-language:accept-language:in-reply-to :references:message-id:date:thread-index:thread-topic:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=R6KURAs70jydR48F5jsI/inApEkJlf/1e0hT9bs1Als=; b=fonimV4UVWLhTBTWcHNtgzVSEOtyCirLlW93lpJ6noSl3P31VlSoFIXSz5EmfIpbYM 3yBVdIXcv69Q/UGBenEFygx2AvjDRKx5yi6rxTVEA3Y7++VyRfZY7eFlaCwyKEK6/DN1 iW5PnIGZzMZ6xUZewCJc3nWR8kkX/T6iMODxxcVKAHYlHO9EQZnPwHmvojyIn959vFCO 5CGGboD3/K1AoSQ10hFh34knxebY4f3wm8tqU4j5br5G+NNsk9Uv86gLPBTaXVWDboOP jdMeckntJmEj0yTzIlLI/KMpWDaDz4BSCLUbAgM5W/TvT6yC2oLirF5mq0WdmNUpV0L3 z1Ug== X-Forwarded-Encrypted: i=3; AJvYcCV8Rs7Q2jk4bRyJbCVJwQ4egnHPT/fHnk1jak1x/Hh43UEQITD3N1jk3vVb1x1Ep+y034Kh@ilbers.de X-Gm-Message-State: AOJu0YwyDrnCRNtOTR3JAZezQ5l2jqFnnd0HRKkr7NXDnVV+DtwwLqqI ZrJR3OgmwzazGq7Zgi7LRBMVvgeEOcc1cBT2A+/fDVAJvwPK+w3J0VNL X-Google-Smtp-Source: AGHT+IGksY/e3Q/YgKRvagoYcSSYyyburc9mLR8lT+KWuOd6xuE4yAUTaEBD2E1ivg9yekQxoUPK5A== X-Received: by 2002:a17:903:249:b0:25d:199:802b with SMTP id d9443c01a7336-25d243e7a79mr147917705ad.5.1757941486895; Mon, 15 Sep 2025 06:04:46 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARHlJd6pW+7voxcbArWSF8u/8WPc4BotUopvObh8+nccm0IStA== Received: by 2002:a17:903:2b8e:b0:266:35c8:88a with SMTP id d9443c01a7336-26635c80f37ls5103345ad.0.-pod-prod-04-us; Mon, 15 Sep 2025 06:04:45 -0700 (PDT) X-Received: by 2002:a17:903:2a8e:b0:264:befb:828e with SMTP id d9443c01a7336-264befb8490mr67490835ad.11.1757941485353; Mon, 15 Sep 2025 06:04:45 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1757941485; cv=pass; d=google.com; s=arc-20240605; b=OFxqF40KRlz6dVw4xped3fIQjsBFCFYfa/ZJX+vuGcTWsxUrDatSIlnCXVP03wnu9m LlwJbiEPcKYLp36jGbuwZ8HsH2+6V/S+u3zuJss4Qro4dkkjt1AwaGWn+cxw73WVsjPj OcMtptn1vZ7SYl6ILkF2hzPJJxRfvmqZiCKbInqyxffJOmuQKp2yCIrF+HjZHIDxnfVN QeacnegixWbFOY2fyGpzK3mDyYw+vZ9qXJ8aUDbpYjXacPpQ/4fXpQGDSNlwl1l3SpU9 uFXLolR5wDAM2ZB3kyliGAPu9AtkMKp+bxGgFUFbo/CJOeK4FreLgbnk4nydXhn9eFwu jkzg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:content-id:user-agent :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=H1Ms2BycQmunCw39FGbcVGj0UDx+9noFVdY9lSUYbR4=; fh=u8HcUOoLGB1/T9FtB/Es1B2TsnrkCMkMR0jkqRlvapk=; b=FsNdTIAOfm5s5kk7ze7RnMA/AS9OFSd22GDn0ZBADLOvGcKOVg/AhXCLSakFvsABgm 39lFKkufNuZGEv5qfky9cgBs5hK2wQIRFJCxucScpS2aGQdSBbGwumFMJD47lQ5CfI4w 2coedeB0t7Rb7+CxGhqESNnkZUOkd1Du6JlylifvIsvB9yKEgi6+r50/l6r3/rkzJztO 5ACZLEumaztPd0iIEUX3g9rJCbv+RwFWq4PYszNdKaupm+MABppjifx2KTf5WiudbGpK ZIIzUbiDspAXooFGblWx/kVXSzW0fYkx4peounNDE2N9bQOO3n6PmU8/iueHO3eBsoZT DoGw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=v85KoBoC; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id d9443c01a7336-25c370a4ccdsi4974655ad.1.2025.09.15.06.04.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Sep 2025 06:04:45 -0700 (PDT) Received-SPF: pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=RW1PGTAjgkEjn00N2haEV2Q0gDfFdePqX81Dm5Gvq4jZE0lhYFjUF6XRrzniv+2nCRgkLRH8u35HJDmfG9K3hoH+30h6hYTCrztA1tzgDIF5Yp3qCeYXYhKygHIvtl2arEP6MQuQFvH6nHLLSCD15cdLSW3i60eL1DjQVaxVw/OSCa4z1SnoKTPtXc3tbjgCZEVlR8KclVJXVcS1W5BBhAqhP+w6GCUO0ZLlPRTxOlo1AZyGjqNlZ9qB2RubgJPwCAEb3VBDn/+91kHPW/FV0HRDJBkeFmGybJG5zVveNTyvDBh7OfNWBawxFOYC8B3dtAVr0q6S8RXVbOveWMBgPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H1Ms2BycQmunCw39FGbcVGj0UDx+9noFVdY9lSUYbR4=; b=bYLz6XiD3hHGS0akNke+3Z//9uHpzxXpEV/+Il0L9tzw5WpNkeiu4ow++6kXzBssTuvBUGYI2QBnZwPJ1Q8HpKAd3FTkUI35eQ8P53HjKEYMKna0M7unfnyDJwgtrjK4+AfLJen6oIt7K0ap2ZvzznkKXPuKDUNR7oy/EeFpS9qOXt2EG4dVHPup56PmfXjOe5JO27teUufjWFU/lrLeJS02jpcBiDON212vX8Jm0GMgSAgCAuGGBGvpiZRJu4VxgTnmLSnM5fkKZw35sJGg3fTnEpbjsS9toNlB/eExOO9rIb3rbhCjBLgUV+iUvY4qGj7x2kN3kFuuzM7GaBM/yA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:629::5) by AS4PR10MB5522.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:4cc::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.19; Mon, 15 Sep 2025 13:04:39 +0000 Received: from AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM ([fe80::b0ad:e93d:d30d:b90]) by AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM ([fe80::b0ad:e93d:d30d:b90%4]) with mapi id 15.20.9094.021; Mon, 15 Sep 2025 13:04:39 +0000 From: "'cedric.hombourger@siemens.com' via isar-users" To: "isar-users@googlegroups.com" , "Kiszka, Jan" CC: "MOESSBAUER, Felix" Subject: Re: [PATCH v3 1/6] rootfs: introduce wrapper to run commands against a rootfs Thread-Topic: [PATCH v3 1/6] rootfs: introduce wrapper to run commands against a rootfs Thread-Index: AQHb5gjP1/KNtfAzRkywPQYgNpAOhrSUaVAAgAAIEoCAABKrAIAAMnWA Date: Mon, 15 Sep 2025 13:04:39 +0000 Message-ID: <98bd6b37a64eb32f1e42488625e9fd944d1e10ff.camel@siemens.com> References: <20250625193748.2681-1-cedric.hombourger@siemens.com> <20250625193748.2681-2-cedric.hombourger@siemens.com> <161b6da4-e7d1-4668-87aa-a0ae041fb8c6@siemens.com> <40ffc532715cbb285f2e41ec11909a7ff145da05.camel@siemens.com> <6c970587-5544-4be4-bd57-ec81847dd8aa@siemens.com> In-Reply-To: <6c970587-5544-4be4-bd57-ec81847dd8aa@siemens.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Evolution 3.52.3-0ubuntu1+intune x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AS8PR10MB7875:EE_|AS4PR10MB5522:EE_ x-ms-office365-filtering-correlation-id: c924d62f-231b-4161-1caa-08ddf4586db2 x-ms-exchange-atpmessageproperties: SA x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700021; x-microsoft-antispam-message-info: =?utf-8?B?NitONGFEODFQR1gwc0Fld1ptZllBanBuSy9mbWkyNkNKa3U1QWV1amtrRkpK?= =?utf-8?B?TElnREp0TzhWN0xxamJhMStxYkJ3Rjl1bms3cTkzM21YYVJGMTI0RnlWVHlv?= =?utf-8?B?UXpvYVl1ZGpwY1NPR2dCU3M4QmgvenhrRmVTNkxqYS9IdHB3RmJVQzB1bS9s?= =?utf-8?B?OVpJSHhMeUNJTWs0blljM0VXd2pJbncvb0o1NUFCL0NyWjEwM2d4OE9LbUpi?= =?utf-8?B?cjArWnZjZTQ5V0h1TUd2dkZQRjNVOStpcTJDUWtscHFnclUrNFZaY0JXN3Vn?= =?utf-8?B?UXhXblRYd3p3eWtpOVgyZDJmMHYrcUFvQVVTREhHcVlpaC9WcHB0a29hWk5o?= =?utf-8?B?T0txdHZiWUNzK2NlQklGUmVKdHU5RnExdnlPVjRFWjZrcWUrZGZVdkZ4L0ln?= =?utf-8?B?dWRPQUorL1ZXMlg4bE5abXJUYnV4R0tUQjJvOW9pNG9ZNnJRa1QrampqajJ3?= =?utf-8?B?dVVyR1VXdm1GZWtxRmhVY1RZbktxT3dpUitFVy9MYm04Q2Q1QWFndkVheUFG?= =?utf-8?B?Z2JjcW0zZzU5TjExVGNpaXVybEdmWU4rYVR4N25hUlowMDlqb1RvdjAyMXZK?= =?utf-8?B?a05tQ0ZyekJLZUpuYzd0R1ozVldzdHZnUWE3dU9scVVwMm5tY3FmdlFSN3c5?= =?utf-8?B?TXhaa2R5VENOVG5QbDlySG1aTnFmUzVjR2N1S0dhVUt1T0xVMkVtYm9YL3ZD?= =?utf-8?B?SDVoSlBob3R1UkNsOHU1VmlZeVpmVXBXV3VoU25mK0swd3hSS0g5dWtFaWhI?= =?utf-8?B?aUZrSmROd3BFMUkvcnNjNEUvWThIeWVjaGJPYXB3VVUvYlRjem9vMmJ1Qjh6?= =?utf-8?B?R2ZIK2p1VHVkbjRWbVl5SHNyaEVtaTlFdnhoUHZRS0ZiT0hyU3puckF0RTdn?= =?utf-8?B?U0xyV2Q5MDBvYkRIaXBlZ2w3Z1NBbkVMNlMyZWVJMWVjZFFrSzZZUU5wbHVs?= =?utf-8?B?WUQ1OWtFckMwNUVQWjdLRHZrVFcxUHhjaWNjbWFZTnpUU0FxQmNUdWNmbElU?= =?utf-8?B?ZFVuYUtzQjNMWkhTcWVpZW51VEk4SkhaRENEanVCNndEM1NVRHVRZTJXQmFy?= =?utf-8?B?YmlxTmxBZXBXbnVFWVVZams5Z3AzV1VNcHZDbVRCNCtOcndhL1l0Mjkyb0Nq?= =?utf-8?B?UGdpeE5WdmdDelk0L0E2cDR6ZXBFNks3YWRNVittMm40N243Yk5wN2pCYUhG?= =?utf-8?B?QTFRSUtwcW1WcWFiMlVDZi9seCthcmtYYWY0ZzZHR2F5UHVSYXdzaG5GSGMz?= =?utf-8?B?WlBqM05tSmsyS0ZaaUo1dzRTRkhuU00wdWV2YStFSERXNktpTXQ0OGtteUk2?= =?utf-8?B?M1dnaXpoRC8wQjg3eTBhN3lzMktuSFQ2bkthMnpSU2dQSnhhZVJoT3pVYW1J?= =?utf-8?B?U05GS3pGa1JEenNLYkZTSjN1WjEvVDJTTmxTd2FGeFhJa2UyT1hKQWxaK3VT?= =?utf-8?B?N1VsZk5USHR1Q01nNEl0ak5qdUc0a2wxWHNyUDJleDlOTUMwNDhFVzN2UGZi?= =?utf-8?B?ZkxzdGM2ZlYzdmF6YlRCSXVuWnMxVm1OcmZwcW8raTZ5d290WjVzUzhYei9z?= =?utf-8?B?WU5tVVVpdmM0NlZpSkFYNXhhemduQXFjaENMQ3NtVXU0UDZ2cHZ5VHRQL09l?= =?utf-8?B?aVBSMmR2NzBaS0x2b3VNaGE5VDlTVHNjbTdRenRHWVZDZ3ZiTFlMdit3eTBj?= =?utf-8?B?V2V5SCtVbUEyZmdlb2VnNVhRYUxmSWhxZGZrMklqaDNvR3kzUnF2dW1UOTJY?= =?utf-8?B?WEUwUHNSVGkrWitnQXQ3L0VLWkx4QlV0RU9iZXhkbk9nQkVPM0NTeEwxd0VQ?= =?utf-8?B?emdhOHdIby9Qc3Q4TUhhNHVCcDRJT2J0NWFLS0ozaFhSN0JRWlR0MTl6bnhE?= =?utf-8?B?cGhEVTFWTzFpaEFTNEVXR3dvYlJqZnhvVU9LRDhNWVFrWUVaVnBYU3VrWUMx?= =?utf-8?Q?G8R+21jQEHU=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700021);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?dThxR2RUYlhjeDJrQ1AyNUFlRE5oelpXM3VzR2U4WE5qWGNDNmNaUlA3SlN2?= =?utf-8?B?ci8zd3U1VytVQnY5aWZ6b0lYKzFwbHVpZHNLa2g1NlhmSW1sNnFxQWNxN1BN?= =?utf-8?B?dG9UQTRoQWJnWG4rS1NaWlE0Zk5UeVZrRm5WbEI5SmVWYWl3NFp2N0dwTEJx?= =?utf-8?B?SWUzSjZlY1gyek8yUGZXTWdaZlQwUnQ3VWNKK2Vtb3ROWmJhd3BwZUZkWE9r?= =?utf-8?B?VjFvUHRvMnFVU0cwam5yR3ZVcEZFK3VPOU8veXF5elJRWUlCRk81ODdUS05P?= =?utf-8?B?amkwNm15b3ByUGV2bDA1aXNYdStzcWo2UUM2cW9wdWlpM1BjbitNWUhnalpO?= =?utf-8?B?TTE5NUVvMjNlVGxrT2tReE4xNFIxQWhUY0dRUXgzaFJKYmMvV0dUTnJENytE?= =?utf-8?B?VG4vS0NudEcxL1FGNG5EeElvNjJCM3l6a0ozN0pJYjRYMlJaYW1xMTFkbGwx?= =?utf-8?B?WTllcDgvS1RoQUFHbUlPTEhkWG5sdjR6RnJTYU84RGpVVUt2UXdVcWFrMmh4?= =?utf-8?B?S212d0w5c3Q5RHdGTXE4VEJhMXdLcDJpcHZUNVNaRFVCVVNSb3czVmNaSi9H?= =?utf-8?B?Z0JKdmk3TjU4UVMxb3hXVFVmamIySVpJQzdvMk5xU3ZScnQzSzFTdUZVR0Nz?= =?utf-8?B?R2JhMG8yOEN5VG9Od3l3bTQ4SlR2R1lPbk1KaTdZcUxVRWxvVmJNTlNIQTF4?= =?utf-8?B?dVdieldaYWVtQTlHRGo4VGlBaGc2dGxDMnNvZ1ZUd2trVStIMGJEKzJwNGRG?= =?utf-8?B?OUhzZWNnV3BlaUNDZjc1NDJLV1drQ0tJc2NKMFprQVplUG92VnJlcEVuanBt?= =?utf-8?B?M08xeGFhaWpsejhGS0Jyc3NQMFZjUkorSVVTdXAxYUdyM1dIdCtsTk45QUZr?= =?utf-8?B?aDZoeU9tUWlGbE94S0d6ZVl2RFpHNHVERTFtSDV1VTljU1BiMGxtV1lreWFI?= =?utf-8?B?RzVVY1NvdGRVSVBLM043MGc0TmJlK01xcjFNaXc5Q2JEbEdicmN5aWE2cWFW?= =?utf-8?B?ZWxWLzExa3dGM0ZGUHl1RUs4ZnZNRkNpcGhSVUhvRzNsaWNQN2ptblN6OWhk?= =?utf-8?B?NVJjR1RtVm1GNnBzY0c3WkkwUmZYUFphYnVLczhLdGtBSVhkdmg0cmovbHFy?= =?utf-8?B?Y3RjWEtJei9XSTM4ZUtCMFQ0dmZmK0V0RXVvSkVvUWJ5K2VMUFBCK1pIdXRQ?= =?utf-8?B?amRPaCtoVXUzZ0UyWjhSWjQxZ1ovT3BGeTk0c25NTmhwWWJRaWJHYS92Y3Yr?= =?utf-8?B?RDZrN3J4dklIRzBjQWI0NXlKbGw1V1hHQ1VZMVUzRlNqRFNUbkhidlhqZTJi?= =?utf-8?B?cDY4WXVsbm9aWnVHSW14TE1Qb01HOU05WmJtMW45NkdrMm1iOEwvODF6ZHJN?= =?utf-8?B?Yi9sMWowKzhtTGlPN3h2QW5Wd2lXTndyYlNnYm0rSEd1alNERFBHVFR0T09u?= =?utf-8?B?cEZNTWVaS1pGMmo0WnJRN3NHNFk4MWl6d0YyTVA3dkR2elh3Zmc2QW4vc1Q1?= =?utf-8?B?UGxVQ3JDSzBtcENDT3p6b2tZSndGeGliZXY2cmNqdVF3RTNkV1p4Vm5MYVF6?= =?utf-8?B?ZVUwYnFZWW1XcnJPV3pVcjQ2NWtaZVVGVXF0SEhwejBnZUZtK2kvN0lNNitu?= =?utf-8?B?OHJRazRDSTdlVXNLdUl4ZE9xZmdYMWZTREFPeGxBUEE1Y1RZRitKbW5rREhx?= =?utf-8?B?K25PeDdnKzFoWVhodjFhb1VYSUVoakNxY0hISWhUaVByclNmT1VHbkNZVU96?= =?utf-8?B?bm1qbXhXY0MwY1pGb2RSM1dMeXd6L3NMeGY5aTFybjU3aGZTNkRVL1J2Ylo5?= =?utf-8?B?c2xkYjlsZVFyUG5CWkRuVGxpOGk5OGFNZExwaW0rYkVoVWErZ3lMZzBZZXBm?= =?utf-8?B?VThOYktnZ3pXT3VBcjNhaklRamhkL2FwNkM3RzQ4eXVsMkQzMUtvUVpBdEt3?= =?utf-8?B?OGFaSkM3WUZiQkJSNGx0bWtpYzNpblRUYmEyTStoRUM2SlRTQmg5SUhKNGJY?= =?utf-8?B?WklXTk5QRDVOLzU5VUdxaCtnTmxZODlnZW1ZWHBIMzZ6UmpTVGhUUGx3dkVu?= =?utf-8?B?RlJiQmliR0h3ZnBCMlhwbU01eGY4dVZjRSsxR3BjUE9RZzg1RWdyUjAyTHJM?= =?utf-8?B?Y1BUNTN0NnMxeDBjU0M0c3A5aUZpWGpNUC8wUTlvQzFHRUE0dmFvcFF6U2Vq?= =?utf-8?Q?uMWmFm31x/UkNEtS/dhZ97s=3D?= Content-Type: text/plain; charset="UTF-8" Content-ID: <6EC653CC3D158B4EBA780B4AF01CC323@EURPRD10.PROD.OUTLOOK.COM> MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: c924d62f-231b-4161-1caa-08ddf4586db2 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2025 13:04:39.0989 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jNZXLOQq/alg+/z61N+7BmErUxyYvMgZsaHjoCQGsIyJDna/lY40Pdlco17W5jRwDgn7qPwRWa/GBeEmBcsxLgxVXswMWojw7hFPnZ+CZ2U= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR10MB5522 X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=v85KoBoC; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: "cedric.hombourger@siemens.com" Reply-To: "cedric.hombourger@siemens.com" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: XJ5BTexieaTc On Mon, 2025-09-15 at 12:04 +0200, Jan Kiszka wrote: > On 15.09.25 10:57, Hombourger, Cedric (FT FDS CES LX) wrote: > > On Mon, 2025-09-15 at 10:28 +0200, Jan Kiszka wrote: > > > On 25.06.25 21:37, 'Cedric Hombourger' via isar-users wrote: > > > > "sudo chroot" is used in several places to run commands inside > > > > rootfs > > > > directories constructed by Isar. There are cases where a > > > > command > > > > could > > > > be used without elevated privileges as long as special folders > > > > such > > > > as > > > > /isar-apt are mounted (they are often referenced as /isar-apt > > > > in > > > > configuration files found in the target rootfs). For such > > > > cases, > > > > bubblewrap may be used to create a non-privileged namespace > > > > (either > > > > in a bare/native environment or within a docker/podman > > > > container) > > > > where the command will be executed as if chroot had been used. > > > > The > > > > rootfs may also be the host root file-system: this should > > > > however > > > > be used with care to avoid host contamination problems (note: > > > > Isar > > > > already relies on a number of host tools). > > > > > > Where does this take the commands from then, the host env or some > > > better > > > defined rootfs that is aligned with the target rootfs release- > > > wise? > > > Is > > > that controlled by the caller or implicitly by the wrapper. > > > > rootfs_cmd is a general-purpose helper and does not select a rootfs > > of > > its own where it will run commands from. This is left to the caller > > to > > decide. given a rootfs, it will let bubblewrap create a namespace > > with > > relevant mappings, optionally chdir to a specified directory and > > run > > the user-specified command. > > So none of the patches 2..6 changes the source rootfs for the command > to > run? patch #2: rootfs_cmd will use / as rootfs (to be discussed/decided if we would prefer to use an Isar host rootfs instead). Use limited to "apt-get s--download-only source" patch #3: does not use rootfs_cmd. this is a preparation step patch #4: rootfs_cmd will use ${IMAGE_ROOTFS} to query the dpkg database of the image patch #5: does introduce/use rootfs_cmd. creating a folder and file as a regular user before we "sudo mmdebstrap" so that the created files are owned by our calling user and not root patch #6: a somewhat similar story than #5. This patch does not use rootfs_cmd but addresses some file ownership "problems" in summary, only #2 and #4 are using rootfs_cmd the whole series is an attempt to require less elevated privileges than we currently are > > > > > > > > > I have to remind that we cannot blindly use host-side tools on > > > the > > > target rootfs (except for the very basic ones) as the latter may > > > be > > > newer than the former and not necessarily compatible. > > > > Agreed. if we agree on introducing rootfs_cmd then uses shall be > > audited. Reliance on host-tools shall be kept to a minimum to avoid > > host-contamination problems but also avoid incompatibilities as you > > have correctly noted. > > > > We can debate whether the 1st user of rootfs_cmd from this patch > > series > > (using apt to download source packages from a target rootfs) should > > have used apt from / (hopefully a kas-container but not guaranteed) > > or > > from Isar's host rootfs. With mmdebstrap (used from /) using apt > > (also > > from /), I felt that it was ok. > > Really? mmdebstrap builds an maintains a sid rootfs via a bookworm or > even older toolset? strace on a (manual) mmdebstrap run on trixie to create a bookworm rootfs suggests that it *does* use apt from the host (trixie): [pid 2055141] execve("/usr/bin/apt-get", ["apt-get", "-o", "Dir::Bin::dpkg=env", "-o", "DPkg::Options::=--unset=TMPDIR", "-o", "DPkg::Options::=dpkg", "--yes", "install", "-oAPT::Status-Fd=7", "- oDpkg::Use-Pty=false", "apt", "?narrow(?or(?archive(^bookworm$)"...], 0x5cf908e87f60 /* 20 vars */) = 0 It appears to use chroot to run some (selected) dpkg --install commands but not to run apt > > > > > If you prefer that I switch to have rootfs_cmd call apt from an > > Isar > > host rootfs then I can rework the patch series to do so. We may > > have > > other cases where we need a host tool (pulled into an Isar's host > > rootfs) to operate on a target rootfs. > > See my question above: If this series does not change the behavior in > step 1, we can move forward and change the tooling source later on. > If > it does already, we should address that in the same run. I hope the above answers clarify. Do let me know if the above findings give us a new direction to work towards. > > Jan > -- Cedric Hombourger Siemens AG www.siemens.com -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/98bd6b37a64eb32f1e42488625e9fd944d1e10ff.camel%40siemens.com.