From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7184463356684664832
X-Received: by 2002:a5d:8144:0:b0:6e4:b7b8:c5db with SMTP id f4-20020a5d8144000000b006e4b7b8c5dbmr4202319ioo.189.1672940343151;
        Thu, 05 Jan 2023 09:39:03 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:6e02:ef0:b0:30c:1c4b:e185 with SMTP id
 j16-20020a056e020ef000b0030c1c4be185ls4627662ilk.11.-pod-prod-gmail; Thu, 05
 Jan 2023 09:39:02 -0800 (PST)
X-Google-Smtp-Source: AMrXdXvSd4ExtSRqefaq0e3A24lwbTTtGQt3XsSGU7x6X9Emnab34twyUTtYhSkNzDsYbNZKi2Q0
X-Received: by 2002:a92:c90b:0:b0:302:110a:35af with SMTP id t11-20020a92c90b000000b00302110a35afmr34227867ilp.16.1672940342687;
        Thu, 05 Jan 2023 09:39:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672940342; cv=none;
        d=google.com; s=arc-20160816;
        b=miY/6CANHbaQBNnEDuzXP1iuMKNC/+1Ax2VoIX3/oG/9ekH1RkN9GTgQ9MIljXVwbS
         ejkV1ZaVdg640abUitGuaFIcPTrygfkvSDH83a6DAoo7P/qokfsIW4XGiAq0EMHv73wz
         PH0ejKBCxoFm4dNlUxrjMIuJXpHTzJdWi+X6qXDUiWFmZL53mEjpMnDv8rMISEpYGRVa
         5cxBMM8+rWL5cplspgsIZp+79ZNNaSC2I+upX7Krx9/Hun/klsHqjpib/kzt+cColx5c
         VOnIzoM4VVMcN1M7BIFdie9wjn12fnaRUsenMPjl6WfXg2Co4zpjTVI0Bx/AAOyB2p0Q
         6dRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=0t4nro/gc6dLoOqy6C5jOfvObX8kN6+S0cMzzz4AfkA=;
        b=eAAqGHNsg230ldY9x9s+6PIm7vjPn538fEfLmUEl9yIeavsyPKxiEJZIxMk0tzFPOD
         uvIxepSbissCnvdt+oRN/0+S/Ih5K7Oy1HmNrA7kWP1dRorapQQ+vbzhPt6oFjGSKtdC
         EGrr/7PtdSCrPhwFL8OFA66Xuj28f0GgWNAAGFGIZDx/vfcwMeBp+K2WL9fet+sAw6TA
         jhKn2s4q2MrDRo+vwGvIH5RnVUy36bFEL1J4iZY9SOGHhjs4CUSSHAhnkUzUJ5DO7Ixa
         ibzplyHSMhW+B3fgwWaBpwbfZPl8F4sYRxIfJ1pv26iQKUIaOdINfPv31KpHJAPxyqe5
         0KBw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b="BbSg/ox5";
       spf=pass (google.com: domain of roberto.foglietta@gmail.com designates 2607:f8b0:4864:20::836 as permitted sender) smtp.mailfrom=roberto.foglietta@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <roberto.foglietta@gmail.com>
Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com. [2607:f8b0:4864:20::836])
        by gmr-mx.google.com with ESMTPS id c22-20020a02a616000000b0038a31b473acsi2398340jam.4.2023.01.05.09.39.02
        for <isar-users@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 05 Jan 2023 09:39:02 -0800 (PST)
Received-SPF: pass (google.com: domain of roberto.foglietta@gmail.com designates 2607:f8b0:4864:20::836 as permitted sender) client-ip=2607:f8b0:4864:20::836;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b="BbSg/ox5";
       spf=pass (google.com: domain of roberto.foglietta@gmail.com designates 2607:f8b0:4864:20::836 as permitted sender) smtp.mailfrom=roberto.foglietta@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: by mail-qt1-x836.google.com with SMTP id s9so30481846qtx.6
        for <isar-users@googlegroups.com>; Thu, 05 Jan 2023 09:39:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=0t4nro/gc6dLoOqy6C5jOfvObX8kN6+S0cMzzz4AfkA=;
        b=BbSg/ox5nw2jxMQ06lkZgamGIdrMBkmfyi+Yh3dM3ikPPjN8TIsMIQqa3N6fq8ueCG
         kBXtWpRBVy8KJvJFfUHO60CUsqIfWE2RfxEnn4dRR65RyYoAUdmn9RNApm/IvzZ7+V2v
         GWzhqMXoOnpPI9a+eZt+fF3xHzp7AtPPG4nuVbQyDM0s9ye7J0ZMS+mRRrE2TpMgi7iV
         K7p6J47S2CoUKUjvZRZR9hdRG4ePQUAriwT0TkGIPeY4dxvMjqsfhLjzrh0a8Zdjm1uo
         2ZNmu1pj3dDpEDtGlBMWIn6AMaJLCYAYnL4GZEs1niZe7OmoiniUv3EKhogTF3uMFTxU
         BM+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=0t4nro/gc6dLoOqy6C5jOfvObX8kN6+S0cMzzz4AfkA=;
        b=vnJPreuKbl+K09Q8qL7xXQ5l8K1sj0LZKxdW+KuGzaLbB5HtQbChrdOnl2VwRNOZlD
         E7HEayiXZ0fA/bW+2E9+p3npHyEAjldQ+ffuIZa0HQnAPFOe97T9Xl7a/8e7/zaB5u2R
         4V6kdMdurueqOmRwrzg9wyBIUlhrMFrTo8aawjn2cTKNw46iqb6Q8oyFLhVE/cf4ep0v
         22nDVnCXIfyEJIsII4LYQmwmarPASKXGMapWv/fghWHR7UeZD3PzXnUnXh+2UfNWHZzK
         X31Uwr7yeUAZtEx38040JdX3aSnTefolKpU4n8M2aLeAhisH8stVpzLzz4JnjB/Y7RCH
         ZLxQ==
X-Gm-Message-State: AFqh2kpr4tWcBWGNEVS3xy/BUUHuo/kaLLK1iahc+mJFVUsx/+msDfVX
	UCw+ohjmc9oSgOkqldFyE/XOh2PP+vIE/NKGtwEgctA=
X-Received: by 2002:a05:622a:1f97:b0:3a8:199d:48ee with SMTP id
 cb23-20020a05622a1f9700b003a8199d48eemr2366560qtb.461.1672940341945; Thu, 05
 Jan 2023 09:39:01 -0800 (PST)
MIME-Version: 1.0
References: <CAJGKYO5n=Y+nfg6WsjFkxaR-X5nuJYVBJXZ0987FYYGNwAn+UQ@mail.gmail.com>
 <20230103202151.206ac632@md1za8fc.ad001.siemens.net> <CAJGKYO6fYwzjgNzV0TFWXuF=uzDquJ1aoAduTMZYAk6EC3pE5A@mail.gmail.com>
 <20230104133100.7b0b1c4c@md1za8fc.ad001.siemens.net>
In-Reply-To: <20230104133100.7b0b1c4c@md1za8fc.ad001.siemens.net>
From: "Roberto A. Foglietta" <roberto.foglietta@gmail.com>
Date: Thu, 5 Jan 2023 18:38:25 +0100
Message-ID: <CAJGKYO5XCfLC=a3xUvE8g_YMaCSvjUSh6K_P=HAEKq1BvVwmaA@mail.gmail.com>
Subject: Re: question about builder and the container
To: Henning Schild <henning.schild@siemens.com>
Cc: isar-users@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
X-TUID: Ec4xRs794zIC

On Wed, 4 Jan 2023 at 13:31, Henning Schild <henning.schild@siemens.com> wrote:
>
> Am Wed, 4 Jan 2023 11:19:17 +0100
> schrieb "Roberto A. Foglietta" <roberto.foglietta@gmail.com>:
>
> > On Tue, 3 Jan 2023 at 20:21, Henning Schild
> > <henning.schild@siemens.com> wrote:
> > >
> > > Am Tue, 3 Jan 2023 17:26:29 +0100
> > > schrieb "Roberto A. Foglietta" <roberto.foglietta@gmail.com>:
> > >
> > > > Hi all,
> > > >
> > > > I have noticed the following and the mount are the same, could
> > > > someone explain this to me?
> > > >
> > > > do_generate_keyrings() {
> > > >     sudo works, rootfs belong to root, whoami = builder
> > > > }
> > > > addtask generate_keyrings before do_build after do_unpack
> > > >
> > > > do_sudo_test() {
> > > >    sudo does NOT work, roofs belongs to nobody, whoami = builder
> > > > }
> > > > addtask sudo_test before do_build after generate_keyrings
> > >
> > > You are using an isar fork with bb2 already in and did not mark the
> > > task as network?
> > >
> >
> > Thanks, I will give this a try to this:
> >
> > do_start_imager_session[network] = "${TASK_USE_SUDO}"
> >
> > but still I do not see why BB is using builder instead of root.
>
> builder is something coming from your kas container, i guess if you did
> native isar it would be your user on your machine
>

The problem obviously is not the builder user as default user but the
fact that rootfs belong to nobody:nogroup and thus sudo/su fail to
give the administrative privileges because of security reasons about
ownership. This is quite strange / uncommon and should have a specific
reason, suppose.

Best regards, R-