From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7076124590445953024
X-Received: by 2002:adf:e342:0:b0:1f0:648f:c32b with SMTP id n2-20020adfe342000000b001f0648fc32bmr5138780wrj.204.1647540320956;
        Thu, 17 Mar 2022 11:05:20 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a5d:6d8d:0:b0:203:dadb:4a0c with SMTP id l13-20020a5d6d8d000000b00203dadb4a0cls1153768wrs.1.gmail;
 Thu, 17 Mar 2022 11:05:20 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy6Bx4zC4s/ReoxtHucnGFnVidZMq9lBFAT1xUPrQLSz75REPU/Crvc6ykeYIkjyWmfNyUQ
X-Received: by 2002:a05:6000:120a:b0:203:d837:be76 with SMTP id e10-20020a056000120a00b00203d837be76mr5013382wrx.511.1647540319974;
        Thu, 17 Mar 2022 11:05:19 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1647540319; cv=pass;
        d=google.com; s=arc-20160816;
        b=wyQjrqwOuWh8UDb7XTt63ANtREmXUeoS3KjH+/fT1Vwy3YzqTcJVz2NEwTMr9H88wu
         bIjwOphWFKhlLi1mu4ICylExH5c8SwZpZKoyNUi2NI57FQPtG4KNrs7dmSJGD74PXjNx
         Ew7RY+49cDOhkQVnFDnVZL4LykajMqEgi2SPd0ehiuHNrvAfs/5iQxxY3oNQqt/7g6VA
         H4d3vHtkNqKkpYiOWd8R1T9TX8XR/THYErV76wlfvxNP0n6K81F415MX2Hm2Huv1D+ZV
         Xz5nm13gH+HPZ1/I1++SYBu0mRpNQnqjuLrDDicWA7WUkny9bB0es5RQH1ejH1FBTy35
         lsEQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:references:cc:to:from
         :content-language:subject:user-agent:mime-version:date:message-id
         :dkim-signature;
        bh=q/xFm4JXp6fSipgjeC3GJtH/ZHcSAX/1BU8MkTgK2kE=;
        b=siHt4k95BidQm6qI8y5fGIpDBt/kAa7o4dOuRKvbhwPppO3a3A4goXXCeAO+TExrHs
         RqwedUm6CWWxsEoV9fqKPiDRXIymYQGJjKbtLk8zTrW/fcmBj9anIyrbWtToCK7DM4gc
         +tu4x3LeAeEq5bhBzKe0lCEICEJIUcLl+vs7klM9mJ0KEEkwiE6CNWFs0Qnp1dlGXO4v
         wt1RhRAb3iI4TcZ+HYuMZrBDZCTldVre+c9+VT2eRhKWeC55qgTg6AtNOtMdBU1gp8JG
         h9WI0kh4MVEidU7QZqWLCYQxkCZWW2x0acI1ThrbVHxL+47fKNn0G/3fwk9GrmWJLsF6
         eP1Q==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=selector2 header.b=wmI5DW12;
       arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com);
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0a::61f as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-db5eur03on061f.outbound.protection.outlook.com. [2a01:111:f400:fe0a::61f])
        by gmr-mx.google.com with ESMTPS id r81-20020a1c4454000000b0038c1011d2e4si457641wma.3.2022.03.17.11.05.19
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 17 Mar 2022 11:05:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0a::61f as permitted sender) client-ip=2a01:111:f400:fe0a::61f;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=selector2 header.b=wmI5DW12;
       arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com);
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0a::61f as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=A8HSOVrzvMWcLPG7Qjgizo9JKw62+BUfi8agaMpCwcI96KJxjwykOtTHnqzXpgr836K45tIjdOuB8Ix4RjlUL+PtoAub9Ot9jeaGIvWaXcw5fqfxyeEDwem3KbNuyPucKaNZa5Cp6UCigpTKmL9Co8XyNud0s4p7LCQeEmEmTj+QAJl67RoXq8UeCzdmVv3HH5AHr9tQKhqjr5qOPtXqllykICeoAN6E89X3qmMqvWY5nBLaPj8IHAd48vLbFgC4/0Dd4OEey2vQli6HD9BdfXITNt76NnhR3yWynRxHx8QqwF15DiI/H7iTRVY78m6UX7MC/6UnpbUCC3IVa/0P9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=q/xFm4JXp6fSipgjeC3GJtH/ZHcSAX/1BU8MkTgK2kE=;
 b=HiJLOnnvopkYhAdFxJfSHS3uUN0rJ/jTmt1gPmKdwmPb1oo//S2/0tNBrilsf+irGeWjJ75YwEj86+2e/7dRjG1xs9b05b3SGrv4H5fOEMNHCYCo5r2znV8hm+wXOaKVBEuYVXKPsY+/+DMAOa4RT/MfPrpvx3v9AmB4GNCdLr0ZiZ1/hmKI+cxUXRES1gk7kg01f82HX9itveiOuQqnrupMOxwH/omLmVBvGIecKMpQh44T59RAZ3a9fwV0FNLkl/L93qKcvIP2f05IH0dEt/hXzdCVOimcfsJdO8G5YV+YQdGio8RPEG2b/XlZix6LFp6caH+WVea57Q4UgXLd5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 194.138.21.71) smtp.rcpttodomain=googlegroups.com smtp.mailfrom=siemens.com;
 dmarc=pass (p=none sp=none pct=100) action=none header.from=siemens.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=q/xFm4JXp6fSipgjeC3GJtH/ZHcSAX/1BU8MkTgK2kE=;
 b=wmI5DW12MrnnDtog2+0L1TynAtBmid6Khq/OYeslfcjQlD4KR75u4SWJHQiBq5+GxyHpnCH3K8v3VIW8cy2FYk0ncmDTMNt/4UHSGYtXg+278fqkd/hA1T2ccJcMNPJdEjvoB57bdb1K6W4SMMuBuulRKILQxYPOngHcM/BAitQUcEe0xlPTp2YwhiFjHZ6/aTiwjml+wCSKTcocrFrgBZWY60rnYowa8qGDntZuVH/I5kWLgiwAhs+LjzoqURCV7sQFTNyHPK/EStdobXOgt/RVGXXLFfHwMZ2It4rarlfc/XZwyb6j+nasqc6yP4NsD+sHF/pfGwYPKEwInoOk4g==
Received: from AM5PR0202CA0024.eurprd02.prod.outlook.com
 (2603:10a6:203:69::34) by DBAPR10MB4186.EURPRD10.PROD.OUTLOOK.COM
 (2603:10a6:10:1cc::19) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17; Thu, 17 Mar
 2022 18:05:19 +0000
Received: from VE1EUR01FT013.eop-EUR01.prod.protection.outlook.com
 (2603:10a6:203:69:cafe::cd) by AM5PR0202CA0024.outlook.office365.com
 (2603:10a6:203:69::34) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17 via Frontend
 Transport; Thu, 17 Mar 2022 18:05:19 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.71)
 smtp.mailfrom=siemens.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=siemens.com;
Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates
 194.138.21.71 as permitted sender) receiver=protection.outlook.com;
 client-ip=194.138.21.71; helo=hybrid.siemens.com;
Received: from hybrid.siemens.com (194.138.21.71) by
 VE1EUR01FT013.mail.protection.outlook.com (10.152.2.215) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.5081.15 via Frontend Transport; Thu, 17 Mar 2022 18:05:18 +0000
Received: from DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) by
 DEMCHDC9SKA.ad011.siemens.net (194.138.21.71) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.24; Thu, 17 Mar 2022 19:05:18 +0100
Received: from [167.87.72.239] (167.87.72.239) by
 DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.18; Thu, 17 Mar 2022 19:05:17 +0100
Message-ID: <b04eef07-bf56-cacf-0658-6641d89c8153@siemens.com>
Date: Thu, 17 Mar 2022 19:05:16 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.6.1
Subject: Re: [PATCH] Avoid sharing of /dev/shm from the build context
Content-Language: en-US
From: Jan Kiszka <jan.kiszka@siemens.com>
To: isar-users <isar-users@googlegroups.com>, Uladzimir Bely <ubely@ilbers.de>
CC: Guillaume Pais <guillaume.pais@siemens.com>, Florian Bezdeka
	<florian.bezdeka@siemens.com>
References: <a4a01ff5-1660-5e61-b119-283ffe124916@siemens.com>
In-Reply-To: <a4a01ff5-1660-5e61-b119-283ffe124916@siemens.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Return-Path: jan.kiszka@siemens.com
X-Originating-IP: [167.87.72.239]
X-ClientProxiedBy: DEMCHDC8A1A.ad011.siemens.net (139.25.226.107) To
 DEMCHDC8A0A.ad011.siemens.net (139.25.226.106)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 81f25ad9-b7ff-466d-9e32-08da0840b248
X-MS-TrafficTypeDiagnostic: DBAPR10MB4186:EE_
X-Microsoft-Antispam-PRVS:
	<DBAPR10MB4186861341AD026806C047E195129@DBAPR10MB4186.EURPRD10.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
	S0TIwGn7fVHqtQMKEwZRliY/Rw/X0th2jGkYi+l1Q4JxcO0YFXqJxvM/Rxkxo0i4D8Dx+Gw4av2JFdPBJVM3mSN8ije+1P+dKlUhtL6memLZbqJ0zmQIftExlB+dNT0UEAk/mf1cBpyWEjRSHoJtxkVx5RZ4vUeYjP2gAvLSzPNlO5A7OmdRic9uHMX+uh4OKC+3IhEbgaaiOguLbbT+N8TavgdndYyjpLgw0oEQ6e8eg8vwZMCm2QmzDe+5V1o7cIhEzrW4sZPbRzJ6Euyr8AUtFu3xsHLw0sxdOurXwHfcPgTLLcIvpj4eHL9Q3isAJRHaKUmBmiqGKaNOKv+KlnXFwrGUf5c5BLGWy+ilBkMdFMyQhEZfdRcpScPy5fnBlMknc4YofVKc5HGXOnqU1Xw1xwFkz/IQWvfkrgTsjgtrSVgbEW/S1FeFCPQDJbQvKJ2UMLQmntE/kMBqKylYGqjQpei1JmIz1fHWk7QekXNvtuSSTMJVEG1dS/NeQK0hziccadjPZOvnGGFQu4wjArH1clAv89JJ0DWLHygdMhaXDRaVB73e2s+WYG4Rd9swp8mNmrDk2R4zu+gPD/XELRz7vsjXHWa1/1MjyM0K3Tt2S789XVcvtepM9Tp3SgdG8xWp9w8X9s7Bs0uv9MomrZL7UeUDLg94l+LpoaTM1dBxMWKnlYXGLfCsp4DyJIeZTCKwfHCRwv/HqRqlrCYPJvoCg2hUDFkEKQoWdIoscHfP0i1V5JeiA4mTu9eP4ru88RDVDT7BlqMPotd6uEiYvw==
X-Forefront-Antispam-Report:
	CIP:194.138.21.71;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(356005)(498600001)(8936002)(81166007)(44832011)(82960400001)(2906002)(54906003)(5660300002)(6706004)(110136005)(53546011)(31686004)(40460700003)(16576012)(36756003)(70586007)(70206006)(956004)(4326008)(47076005)(82310400004)(83380400001)(16526019)(36860700001)(186003)(336012)(86362001)(8676002)(31696002)(107886003)(26005)(2616005)(3940600001)(36900700001)(43740500002);DIR:OUT;SFP:1101;
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Mar 2022 18:05:18.7865
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 81f25ad9-b7ff-466d-9e32-08da0840b248
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.71];Helo=[hybrid.siemens.com]
X-MS-Exchange-CrossTenant-AuthSource:
	VE1EUR01FT013.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR10MB4186
X-TUID: v+IilPkUTrHa

On 17.03.22 18:37, Jan Kiszka wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
> 
> By bind-mounting complete /dev into the various chroots, we also share
> the host instance of /dev/shm between them. If some package installation
> should actually make use of that tmpfs instance, it may find content of
> others there. That is at least not desirable, in few cases even
> problematic (sysrepo package uses it during postinst, and this causes
> troubles when multiple images are built in parallel).
> 
> This decouples all instances by mounting new instances over the
> bind-mounted ones.
> 
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
>  meta/classes/buildchroot.bbclass                    | 3 ++-
>  meta/classes/rootfs.bbclass                         | 3 ++-
>  meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 2 ++
>  3 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/meta/classes/buildchroot.bbclass b/meta/classes/buildchroot.bbclass
> index dd8f4206..3b214c6c 100644
> --- a/meta/classes/buildchroot.bbclass
> +++ b/meta/classes/buildchroot.bbclass
> @@ -42,7 +42,8 @@ buildchroot_do_mounts() {
>                  mount --bind '${CCACHE_DIR}' '${BUILDCHROOT_DIR}/ccache'
>          fi
>          mountpoint -q '${BUILDCHROOT_DIR}/dev' ||
> -            mount --rbind /dev '${BUILDCHROOT_DIR}/dev'
> +            ( mount --rbind /dev '${BUILDCHROOT_DIR}/dev';
> +              mount -t tmpfs none '${BUILDCHROOT_DIR}/dev/shm' )
>          mount --make-rslave '${BUILDCHROOT_DIR}/dev'
>          mountpoint -q '${BUILDCHROOT_DIR}/proc' ||
>              mount -t proc none '${BUILDCHROOT_DIR}/proc'
> diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass
> index 927af13f..5dd40d93 100644
> --- a/meta/classes/rootfs.bbclass
> +++ b/meta/classes/rootfs.bbclass
> @@ -34,7 +34,8 @@ rootfs_do_mounts() {
>      sudo -s <<'EOSUDO'
>          set -e
>          mountpoint -q '${ROOTFSDIR}/dev' || \
> -            mount --rbind /dev '${ROOTFSDIR}/dev'
> +            ( mount --rbind /dev '${ROOTFSDIR}/dev';
> +              mount -t tmpfs none '${ROOTFSDIR}/dev/shm' )
>          mount --make-rslave '${ROOTFSDIR}/dev'
>          mountpoint -q '${ROOTFSDIR}/proc' || \
>              mount -t proc none '${ROOTFSDIR}/proc'
> diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> index 1b16f874..7d94ede1 100644
> --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> @@ -361,6 +361,7 @@ do_bootstrap() {
>  
>          # update APT
>          mount --rbind /dev ${ROOTFSDIR}/dev
> +        mount -t tmpfs none "${ROOTFSDIR}/dev/shm"
>          mount --make-rslave ${ROOTFSDIR}/dev
>          mount -t proc none ${ROOTFSDIR}/proc
>          mount --rbind /sys ${ROOTFSDIR}/sys
> @@ -381,6 +382,7 @@ do_bootstrap() {
>          chroot "${ROOTFSDIR}" /usr/bin/apt-get dist-upgrade -y \
>                                  -o Debug::pkgProblemResolver=yes
>  
> +        umount -l "${ROOTFSDIR}/dev/shm"
>          umount -l "${ROOTFSDIR}/dev"
>          umount -l "${ROOTFSDIR}/proc"
>          umount -l "${ROOTFSDIR}/sys"

Uladzimir, didn't check if this is going to be completely obsoleted by
sbuild. If so, this can be ignored, and we will carry it locally until
sbuild is merged.

Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux