From: Andreas Naumann <anaumann@emlix.com>
To: "isar-users@googlegroups.com" <isar-users@googlegroups.com>,
"cedric.hombourger@siemens.com" <cedric.hombourger@siemens.com>
Cc: "Steiger, Christoph" <christoph.steiger@siemens.com>,
"MOESSBAUER, Felix" <felix.moessbauer@siemens.com>
Subject: Re: [PATCH v3 0/6] non-privileged commands in chroot
Date: Tue, 16 Sep 2025 17:53:16 +0200 [thread overview]
Message-ID: <c0d487bf-574f-476c-8ca8-cba4af1277ff@emlix.com> (raw)
In-Reply-To: <b83333b0c0a2e2ef05bc2e5ecb176fbc786d3273.camel@siemens.com>
Hi Cedric, all
Am 20.08.25 um 17:38 schrieb 'MOESSBAUER, Felix' via isar-users:
> On Thu, 2025-06-26 at 03:37 +0800, Cedric Hombourger wrote:
>> When building root filesystems for foreign architectures with package
>> source
>> caching enabled, apt operations are executed within the rootfs
>> through QEMU
>> emulation. This results in significantly degraded performance,
>> particularly
>> when downloading source packages sequentially.
>>
>> This patch series introduces a new wrapper function that enables
>> native
>> command execution against a rootfs while preserving special mount
>> points
>> (such as /isar-apt). The approach:
> Hi, are there any news on this series? Was there a follow up version?
I also find this series very interesting, but unfortunately I was not
the ML when you originally sent it, and getting a patch out of
googlegroups is a nightmare.
So I'd really appreciate a follow-up. Eg. the patch which touches the
deb-dl-lock could imho be merged as is. It would fix an issue we have in
on of our setups.
Other than that, I have played with various scenarios to run the build
in an unprivileged container and being able to use bwrap for
bind-mounting /dev and /proc without sudo or privileges would be a big
step forward.
So looking forward :-)
regards,
Andreas
>
> The upcoming SBOM feature from Christoph already wants to make use of
> bubblewrap. We also have the tool in kas 4.8.
>
> Some quick tests against amd64 and arm64 also did not show any issues.
>
> Best regards,
> Felix
>
--
Andreas Naumann
emlix GmbH
Headquarters: Berliner Str. 12, 37073 Goettingen, Germany
Phone +49 (0)551 30664-0, e-mail info@emlix.com
District Court of Goettingen, Registry Number HR B 3160
Managing Directors: Heike Jordan, Dr. Uwe Kracke
VAT ID No. DE 205 198 055
Office Berlin: Panoramastr. 1, 10178 Berlin, Germany
Office Bonn: Bachstr. 6, 53115 Bonn, Germany
http://www.emlix.com
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/c0d487bf-574f-476c-8ca8-cba4af1277ff%40emlix.com.
next prev parent reply other threads:[~2025-09-16 15:53 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-25 19:37 'Cedric Hombourger' via isar-users
2025-06-25 19:37 ` [PATCH v3 1/6] rootfs: introduce wrapper to run commands against a rootfs 'Cedric Hombourger' via isar-users
2025-09-15 8:28 ` 'Jan Kiszka' via isar-users
2025-09-15 8:57 ` 'cedric.hombourger@siemens.com' via isar-users
2025-09-15 10:04 ` 'Jan Kiszka' via isar-users
2025-09-15 13:04 ` 'cedric.hombourger@siemens.com' via isar-users
2025-06-25 19:37 ` [PATCH v3 2/6] deb-dl-dir: optimize caching of source packages using apt natively 'Cedric Hombourger' via isar-users
2025-06-25 19:37 ` [PATCH v3 3/6] image-postproc-extension: refactor systemd version checks 'Cedric Hombourger' via isar-users
2025-06-25 19:37 ` [PATCH v3 4/6] image-postproc-extension: extract systemd's version using rootfs_cmd 'Cedric Hombourger' via isar-users
2025-06-25 19:37 ` [PATCH v3 5/6] bootstrap: create lock for downloads/deb without sudo 'Cedric Hombourger' via isar-users
2025-06-25 19:37 ` [PATCH v3 6/6] rootfs: do not get elevated privileges when downloading packages 'Cedric Hombourger' via isar-users
2025-08-20 15:38 ` [PATCH v3 0/6] non-privileged commands in chroot 'MOESSBAUER, Felix' via isar-users
2025-09-16 15:53 ` Andreas Naumann [this message]
2025-09-16 16:45 ` 'Jan Kiszka' via isar-users
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c0d487bf-574f-476c-8ca8-cba4af1277ff@emlix.com \
--to=anaumann@emlix.com \
--cc=cedric.hombourger@siemens.com \
--cc=christoph.steiger@siemens.com \
--cc=felix.moessbauer@siemens.com \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox