On Tuesday, June 17, 2025 at 6:05:26 PM UTC+5:30 Cedric Hombourger wrote: We need /sys while assembling the target root file-system but it exposes more than the build really needs. Some maintainer scripts (e.g. mdmadm) check /sys/firmware/efi/efivars while configuring themselves. This would normally be fine but for Isar builds, any information extracted from there is for the host doing the build and not for the target we are building for. In addition, packages seeing /sys/firmware/efi will mount efivars there and will cause do_rootfs_umount to fail unmounting /sys (because of that extra mount). By mounting a (small) tmpfs as /sys/firmware in the root file-system, we hide host details from the build; that extra mount needs to be removed before we attempt to unmount /sys (but we are in control). Signed-off-by: Cedric Hombourger --- meta/classes/rootfs.bbclass | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index 5f877962..7b7859b9 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -48,6 +48,12 @@ rootfs_do_mounts() { mount -o bind,private /sys '${ROOTFSDIR}/sys' mount --make-rslave '${ROOTFSDIR}/sys' + # Mount a tmpfs on /sys/firmware to avoid host contamination problems + # (maintainer scripts shouldn't pull host data from there) + if [ -d '${ROOTFSDIR}/sys/firmware' ]; then + mount -t tmpfs -o size=1m,nosuid,nodev none '${ROOTFSDIR}/sys/firmware' + fi + # Mount isar-apt if the directory does not exist or if it is empty # This prevents overwriting something that was copied there if [ ! -e '${ROOTFSDIR}/isar-apt' ] || \ @@ -94,6 +100,9 @@ rootfs_do_umounts() { if mountpoint -q '${ROOTFSDIR}/proc'; then umount '${ROOTFSDIR}/proc' fi + if mountpoint -q '${ROOTFSDIR}/sys/firmware'; then + umount '${ROOTFSDIR}/sys/firmware' + fi if mountpoint -q '${ROOTFSDIR}/sys'; then umount '${ROOTFSDIR}/sys' fi -- 2.39.5 Looks Good To Me. Many thanks, Srinu -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/a823da0e-da6b-48d7-9b97-78180a508117n%40googlegroups.com.