From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7076124590445953024 X-Received: by 2002:a2e:bd13:0:b0:246:1ff8:6da1 with SMTP id n19-20020a2ebd13000000b002461ff86da1mr3576257ljq.219.1647538642912; Thu, 17 Mar 2022 10:37:22 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6512:3f16:b0:449:f5bf:6f6a with SMTP id y22-20020a0565123f1600b00449f5bf6f6als2116200lfa.2.gmail; Thu, 17 Mar 2022 10:37:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzmx6Gi/LbOuYi9Y/T3dpGtUs1vytMzCPlhzTuACb/8fqdifrxSCDEwrsXIQD3sPycx9zKD X-Received: by 2002:ac2:550e:0:b0:449:fb62:6b50 with SMTP id j14-20020ac2550e000000b00449fb626b50mr2081817lfk.344.1647538641789; Thu, 17 Mar 2022 10:37:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1647538641; cv=pass; d=google.com; s=arc-20160816; b=qerr2iXAHFzcyV0rUIVldW/KyDr9rSyinLI+zn92SGLTdWrThxwSAH5L9BtbdZIDgb fozU6ZSMApMtUWI23DkiPV4X6L69VSP8k/ztWp9Gp/qGcA3e5tOmjGFmZGGTlxsXB1dZ PbCUnfkfuqW/5qldBtPK1gz0HXttQnZMTxzy0My7tkMIopfN2wMtJ9Se2+h7mx2hkXgD XqmGlsoe++7WAlG0VCMaHrGhLAa5kFKOZ3F5NrozNYPu/+vrb6ifyWW8exSwKml3IlG7 B8A2BiCvHsKcx+0KZEBt4lDNFfGzPDbSxpR8s+lngrvCQFylHco3qrqlGzmJ4CwBAvOA kGsw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:content-language:subject:from :user-agent:mime-version:date:message-id:dkim-signature; bh=gNrheL/AZgH8VElJWEMHeivTcgL1R1hBVbsDaxOtCXo=; b=a9MXI2fnVxnTl4Yj77hyAEBIFP1Zy2tBYOR7OhmW0uc5j490lCsc/BUX1lumuuGjp2 C3lMx8dX7m+v0IYSEkPdIlpRx4++bUANm7EjGf7MoFf1gZ3ETNM2xR2i0KV4Xpx43VzD mogBoG3JStH4IJxwMr3qCDleYd37XFYCvMqOUZRhsLkTnBMxH25u82rqdns4S9a5gej4 OUib7yhutm6fsQkVoZRKLaT3kkXyXWPWJ6TCoyx02tDaSd2UoJ0XkGEy4+5q81mjZ2fJ 10DoaMyFUH7tuIdoF6Pua6olg4EJYm67iElwKTz1WDS3k9FGVm6zlhd+mNWJ8BJMbqok yznA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=vX0M2Jxj; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0c::623 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0623.outbound.protection.outlook.com. [2a01:111:f400:fe0c::623]) by gmr-mx.google.com with ESMTPS id bt12-20020a056512260c00b0044899de4fc3si370393lfb.3.2022.03.17.10.37.21 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 17 Mar 2022 10:37:21 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0c::623 as permitted sender) client-ip=2a01:111:f400:fe0c::623; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=vX0M2Jxj; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0c::623 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LsU1qPygPiPhqjX3m9Asz18uDU6pFtFVB9AXfA6WJmq4h3Tm6yR50nOYvsaIuPDWbU9R9z7YLNHAZDwnMPui4VNvABPSR+/s+fj8g9NRnVEgqJuEsnt0HhS3cY9/VMSHfaIuwNqGlSwXcDU1ukcB5QBGEsCfNCrBCKwpTLNHoInEStRY+7d4ZGjy0Af49kaT1hK010nHKJxedh9bDN750XzcFtJT5GbN088xWGCXmakukye1N5NaxQEujoxLSOUxjD1ze/aKZMdXPPZVhZtwNonXZ0RS05hI4MhzXL/9bxCnd+9NQeJ7GYILPqtRjHl1ucwLzmDpNGCU45z8kY+v3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gNrheL/AZgH8VElJWEMHeivTcgL1R1hBVbsDaxOtCXo=; b=ES0NBQj49M9TePhaG3DCI1bKA73KqJ5IVN2Du65/pe04wwlBU1MNWCiHKEBJI4IJbqCym7FEnSosRiWIMd/qqaJsHorL5zceHW0oGB64MrugUY3omhASSLBg0TEDjJ/wqf6YK3J9HTNSyqHX4Hno/7P6XrhHeIErBrFMyDm4fdtJom6hXp2wON4088SMjOhkMrwtZzqSO7js2LFQtM/3JDczVknc8Vmxcc0EOwqT26nq6SgOcX93ny+tdWH0kiVaH28q8c/q1zU5r/UuuBEJmhiDK7IlXNf0whxZ0mHq/Bu5vWyJduOxn1n+9U3hj+O6/YknfXDvY8nTiI5b/B5orQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.138.21.70) smtp.rcpttodomain=googlegroups.com smtp.mailfrom=siemens.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=siemens.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gNrheL/AZgH8VElJWEMHeivTcgL1R1hBVbsDaxOtCXo=; b=vX0M2JxjqPiFgsLOhbP33+2EbCnRepPLnaHdN/p2uahwuBRafYAqmB8RcWpX8vO/pLaQ/mhOIK1tar039AOdznYBzB2O3K7KixDH9TwHm+YSQhPV4qXkIWabIA1IOgX0iWoH3awGlx/xCWnU/9XfdQ6saSncYH1aFXx9QpJeQHyfTVW98xP3jJGp5ZAkD5/zq/rp1oVPjcY5RUr3pQXnC5J1h/pkPd1Cr+JKsJaf6JWYNcpEKAYAcDUoWfoAbDBfkiNmcMgYt6g0TMV87zdVlACZNIuPNniPlLiDI+czF6WNalaJx1GkruRlo5mx+t2aBuCBikO39tyqupp+1uNRHw== Received: from SV0P279CA0062.NORP279.PROD.OUTLOOK.COM (2603:10a6:f10:14::13) by VE1PR10MB3024.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:803:109::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.14; Thu, 17 Mar 2022 17:37:18 +0000 Received: from HE1EUR01FT083.eop-EUR01.prod.protection.outlook.com (2603:10a6:f10:14:cafe::43) by SV0P279CA0062.outlook.office365.com (2603:10a6:f10:14::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.25 via Frontend Transport; Thu, 17 Mar 2022 17:37:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.70) smtp.mailfrom=siemens.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=siemens.com; Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates 194.138.21.70 as permitted sender) receiver=protection.outlook.com; client-ip=194.138.21.70; helo=hybrid.siemens.com; Received: from hybrid.siemens.com (194.138.21.70) by HE1EUR01FT083.mail.protection.outlook.com (10.152.1.53) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5081.10 via Frontend Transport; Thu, 17 Mar 2022 17:37:18 +0000 Received: from DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) by DEMCHDC9SJA.ad011.siemens.net (194.138.21.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 17 Mar 2022 18:37:17 +0100 Received: from [167.87.72.239] (167.87.72.239) by DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.18; Thu, 17 Mar 2022 18:37:17 +0100 Message-ID: Date: Thu, 17 Mar 2022 18:37:16 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 From: Jan Kiszka Subject: [PATCH] Avoid sharing of /dev/shm from the build context Content-Language: en-US To: isar-users CC: Guillaume Pais , Florian Bezdeka Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Return-Path: jan.kiszka@siemens.com X-Originating-IP: [167.87.72.239] X-ClientProxiedBy: DEMCHDC89XA.ad011.siemens.net (139.25.226.103) To DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b513ea49-18af-4e29-573a-08da083cc88f X-MS-TrafficTypeDiagnostic: VE1PR10MB3024:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MZ5904nrnmtlN4el9xLDLHk3hmJ/ojGxBpG/wSfreGu8+eSa1B1uhvci5YCE4oaZ2eY4w0BR+u3yryZ+aVo050Ii8YYa62ps65lq6T6hNxMLdKH4CJm0cHEod0L9pLveMSb3H2s+aQ2PKPgITGaC2Pno5mccTUFvj+FniUWbXJFlRWhrWR0R/RnVqlMsildxNjS4e5L7FQ1CYLuvCPjLnG5VJ11S523m8E+px1t38MzWzi1dBaSHgPA//vujI5hX3hHLtZJGse3IdvYdFzR+oAPzZUhAuSua4ppPVu4RYTE/xNXShT5K/L9/yeK+IjSAQMk8/3ZRoFn7Co29XGLSgIOaaxRsj9XTRH/CDIZvSZ+pULImzSYFPzcMzvhB6I+MAq/BTmPBpLuZ79XTQwc+VVLEgCte3JZZDm/IVOHMwo/FP2tnl+BeVkY6uTIrswxDB1fhNDa8ulSxaCTevEENRBnwESn23NSBAUJxWyQI0YzYseIzwjnlIH4jRme07wBNpNplDyFFVaEL1cDxhjpMmJ/vRu3fg2mkKAyFBTl3UEnOLRVVYZwFlgpdL7mMcgvcVFPnX8rYMrmSsT1EOmKEa8R/lezxshdOLqB8MXPZoN4Hu6JhuG+XUH2ovyX3ycVY6cjGYg+tZ00fTku+zQsuYz9ICzdsh6oVk1zXgBMHv+pXJR4gcVn117yEFxCxz8LTpNL0PEHl3wXf8iBn01XVhhOmatI3VB7YK2zTmmg1O5YNUb+LkuuXlzAgkcVtlj8O X-Forefront-Antispam-Report: CIP:194.138.21.70;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:hybrid.siemens.com;CAT:NONE;SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(82310400004)(54906003)(83380400001)(6916009)(6706004)(44832011)(47076005)(36860700001)(16576012)(2906002)(498600001)(36756003)(186003)(26005)(16526019)(336012)(956004)(2616005)(107886003)(70586007)(70206006)(40460700003)(31696002)(8936002)(8676002)(5660300002)(4326008)(31686004)(86362001)(7636003)(82960400001)(7596003)(356005)(3940600001)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Mar 2022 17:37:18.1435 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b513ea49-18af-4e29-573a-08da083cc88f X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.70];Helo=[hybrid.siemens.com] X-MS-Exchange-CrossTenant-AuthSource: HE1EUR01FT083.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR10MB3024 X-TUID: XFEny4KDQfLe From: Jan Kiszka By bind-mounting complete /dev into the various chroots, we also share the host instance of /dev/shm between them. If some package installation should actually make use of that tmpfs instance, it may find content of others there. That is at least not desirable, in few cases even problematic (sysrepo package uses it during postinst, and this causes troubles when multiple images are built in parallel). This decouples all instances by mounting new instances over the bind-mounted ones. Signed-off-by: Jan Kiszka --- meta/classes/buildchroot.bbclass | 3 ++- meta/classes/rootfs.bbclass | 3 ++- meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/meta/classes/buildchroot.bbclass b/meta/classes/buildchroot.bbclass index dd8f4206..3b214c6c 100644 --- a/meta/classes/buildchroot.bbclass +++ b/meta/classes/buildchroot.bbclass @@ -42,7 +42,8 @@ buildchroot_do_mounts() { mount --bind '${CCACHE_DIR}' '${BUILDCHROOT_DIR}/ccache' fi mountpoint -q '${BUILDCHROOT_DIR}/dev' || - mount --rbind /dev '${BUILDCHROOT_DIR}/dev' + ( mount --rbind /dev '${BUILDCHROOT_DIR}/dev'; + mount -t tmpfs none '${BUILDCHROOT_DIR}/dev/shm' ) mount --make-rslave '${BUILDCHROOT_DIR}/dev' mountpoint -q '${BUILDCHROOT_DIR}/proc' || mount -t proc none '${BUILDCHROOT_DIR}/proc' diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index 927af13f..5dd40d93 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -34,7 +34,8 @@ rootfs_do_mounts() { sudo -s <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ - mount --rbind /dev '${ROOTFSDIR}/dev' + ( mount --rbind /dev '${ROOTFSDIR}/dev'; + mount -t tmpfs none '${ROOTFSDIR}/dev/shm' ) mount --make-rslave '${ROOTFSDIR}/dev' mountpoint -q '${ROOTFSDIR}/proc' || \ mount -t proc none '${ROOTFSDIR}/proc' diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index 1b16f874..7d94ede1 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -361,6 +361,7 @@ do_bootstrap() { # update APT mount --rbind /dev ${ROOTFSDIR}/dev + mount -t tmpfs none "${ROOTFSDIR}/dev/shm" mount --make-rslave ${ROOTFSDIR}/dev mount -t proc none ${ROOTFSDIR}/proc mount --rbind /sys ${ROOTFSDIR}/sys @@ -381,6 +382,7 @@ do_bootstrap() { chroot "${ROOTFSDIR}" /usr/bin/apt-get dist-upgrade -y \ -o Debug::pkgProblemResolver=yes + umount -l "${ROOTFSDIR}/dev/shm" umount -l "${ROOTFSDIR}/dev" umount -l "${ROOTFSDIR}/proc" umount -l "${ROOTFSDIR}/sys" -- 2.34.1