Hi Henning,

1. the hook we have for when the build ends does handle nested mounts just 
fine. I will however post a new patch with 'umount -R' calls in places 
where we explicitly umount /dev, /proc and /sys
2. I don't think we have an issue here, the use-case is similar to e.g. 
lxc, they do have /sys mounted and packages may be installed at will within 
the container

Cedric

On Tuesday, November 13, 2018 at 11:44:57 PM UTC-8, Henning Schild wrote:
>
> Two more things to double-check. 
>
> 1. Do the umount hooks we have in place clean up all the recursiveness? 
> 2. Once we rbind mount sys the chroot will probably be allowed to mess 
> with cgroups, tracing etc. Does a debootstrap change anything there, 
> i.e. by installing systemd, libvirt, or perf? 
>
> Henning 
>
> Am Mon, 12 Nov 2018 20:59:33 -0800 
> schrieb Cedric Hombourger <Cedric_H...@mentor.com <javascript:>>: 
>
> > Some packages look for /sys when they configure, build or test 
> > themselves (for instance golang-google-grpc). 
> > 
> > Signed-off-by: Cedric Hombourger <Cedric_H...@mentor.com <javascript:>> 
> > --- 
> >  meta/classes/buildchroot.bbclass           | 2 ++ 
> >  meta/classes/image.bbclass                 | 1 + 
> >  meta/classes/isar-bootstrap-helper.bbclass | 3 +++ 
> >  meta/classes/isar-image.bbclass            | 1 + 
> >  4 files changed, 7 insertions(+) 
> > 
> > diff --git a/meta/classes/buildchroot.bbclass 
> > b/meta/classes/buildchroot.bbclass index 26d5e80..d2f138f 100644 
> > --- a/meta/classes/buildchroot.bbclass 
> > +++ b/meta/classes/buildchroot.bbclass 
> > @@ -31,5 +31,7 @@ buildchroot_do_mounts() { 
> >              mount --make-rslave ${BUILDCHROOT_DIR}/dev 
> >              mount --rbind /proc ${BUILDCHROOT_DIR}/proc 
> >              mount --make-rslave ${BUILDCHROOT_DIR}/proc 
> > +            mount --rbind /sys ${BUILDCHROOT_DIR}/sys 
> > +            mount --make-rslave ${BUILDCHROOT_DIR}/sys 
> >          fi' 
> >  } 
> > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass 
> > index d033cf5..5806a59 100644 
> > --- a/meta/classes/image.bbclass 
> > +++ b/meta/classes/image.bbclass 
> > @@ -110,6 +110,7 @@ do_populate_sdk() { 
> >   
> >      sudo umount ${SDKCHROOT_DIR}/rootfs/dev || true 
> >      sudo umount ${SDKCHROOT_DIR}/rootfs/proc || true 
> > +    sudo umount ${SDKCHROOT_DIR}/rootfs/sys || true 
> >   
> >      # Create SDK archive 
> >      sudo tar -C ${SDKCHROOT_DIR} 
> > --transform="s|^rootfs|sdk-${DISTRO}-${DISTRO_ARCH}|" \ diff --git 
> > a/meta/classes/isar-bootstrap-helper.bbclass 
> > b/meta/classes/isar-bootstrap-helper.bbclass index 62c0839..7b2ddf3 
> > 100644 --- a/meta/classes/isar-bootstrap-helper.bbclass +++ 
> > b/meta/classes/isar-bootstrap-helper.bbclass @@ -107,6 +107,9 @@ 
> > setup_root_file_system() { sudo mount --make-rslave ${ROOTFSDIR}/dev 
> >      sudo mount --rbind /proc ${ROOTFSDIR}/proc 
> >      sudo mount --make-rslave ${ROOTFSDIR}/proc 
> > +    sudo install -m 755 -d ${ROOTFSDIR}/sys 
> > +    sudo mount --rbind /sys ${ROOTFSDIR}/sys 
> > +    sudo mount --make-rslave ${ROOTFSDIR}/sys 
> >   
> >      # Install packages: 
> >      E="${@ bb.utils.export_proxies(d)}" 
> > diff --git a/meta/classes/isar-image.bbclass 
> > b/meta/classes/isar-image.bbclass index e0508be..356c97a 100644 
> > --- a/meta/classes/isar-image.bbclass 
> > +++ b/meta/classes/isar-image.bbclass 
> > @@ -61,6 +61,7 @@ isar_image_cleanup() { 
> >      sudo rmdir ${IMAGE_ROOTFS}/isar-apt 
> >      sudo umount -l ${IMAGE_ROOTFS}/dev 
> >      sudo umount -l ${IMAGE_ROOTFS}/proc 
> > +    sudo umount -l ${IMAGE_ROOTFS}/sys 
> >      sudo rm -f 
> > "${IMAGE_ROOTFS}/etc/apt/apt.conf.d/55isar-fallback.conf" } 
> >   
>
>