From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 16 Sep 2025 17:53:28 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f60.google.com (mail-lf1-f60.google.com [209.85.167.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58GFrRSr019037 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 16 Sep 2025 17:53:28 +0200 Received: by mail-lf1-f60.google.com with SMTP id 2adb3069b0e04-55f697cc58dsf2724123e87.0 for ; Tue, 16 Sep 2025 08:53:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1758038002; cv=pass; d=google.com; s=arc-20240605; b=lsNFA1b8f8OO9k2EGXhfiPmd+x+RcPyGuDuXfTxYVcaWGdW+9UNi57bWnX2NiyFW01 LLFocq3jqtObZd84lk29F8SsFCFQuEYW0e7ORjoq2fYdcNcsskWwJLSriGFBisJPwTk2 +raXcwC9nwX0MVt7piYHpI9STlEjNVHHIjxyMCH/iUnDqdXb5PwlI9iC+zGSz9Qu5JsA A1/Zqfu7HKZnzZaDubvu1yUqFX0we5qFEY7w2eGutj8CbP8L5nSrdPUZfd4AHfQQ9dLk au+8aJZWYvbaSwPhypnEbTmbM366OjnRpzO3vxW0ds8MIdOUVdjhCvEhDPU/WudWJCas FwEQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :sender:dkim-signature; bh=hSsNWTbSlfRCU+XxhPjPTX2VEfKnp+Yn03NvyWcPQPI=; fh=/2E4yOS1gSLKrKEAHZm6lDwuJZ0EMe34sU4RzK08aQY=; b=gWb2sdGtevYnRDfMCs9i9jUXLmNM95XnSypKFtVaeDTQdDOf5zPw++qurJMd7b6crV FzITZ2KqD83rEox2Bj42LDvo/h46P7l1N22H19Fsl6j4V8D0ZS/K70XKQ1R2T7zs0wtK 36g+O0Z/gN8o8XcU/RncKqGjaKkkWMdpkSmQTso5ckOsCYr+QxQukROQnjs/W0d+l5dA in/eaVVh4s4gmhtHC1f0qJ32N14VqS2qEKHHnJ4GZFpef+GOZCe+sJpASIDUv2K6C+rA PcteCpNtmJQWYx8SEThFr+Kt1L39YoEAw0pkZBeSe/mfOPG1m4U//sw4Bs+VCSEfrPpv 6Ihg==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of anaumann@emlix.com designates 178.63.209.131 as permitted sender) smtp.mailfrom=anaumann@emlix.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1758038002; x=1758642802; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:from:content-language:references:cc :to:subject:user-agent:mime-version:date:message-id:sender:from:to :cc:subject:date:message-id:reply-to; bh=hSsNWTbSlfRCU+XxhPjPTX2VEfKnp+Yn03NvyWcPQPI=; b=Z286HFzsxsZS3DggOy9jc07VjyphG5uqo3j0uROo9r6o25mQPqQDgjE4f7mzPHzpuE imyOaX8eFbVgE6e+HF5hrGGjK9zrND8k90H6utxssgLu4oT1yLeCqpmrGDizWM6frgU6 1lZprtCPkkJx4+EYjWLfsXI/KBgQz4vUnb9/mYwaOPwnwQY0pPdxzlWUq26MavDicGp1 xGFHpt3+/Zr2KeuVtdu2bhhITZqB5U1bbzvA4M+p4QujY1HldWvuM1NMipU7QRB5+T5u fKrSmHtDo95Ol6DeDZQhjxkvkFlgxwnrrj8BPGv0Nyv/M9iFWoJ/DADExVmut2rNoBOi m8Iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758038002; x=1758642802; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:in-reply-to :from:content-language:references:cc:to:subject:user-agent :mime-version:date:message-id:x-beenthere:x-gm-message-state:sender :from:to:cc:subject:date:message-id:reply-to; bh=hSsNWTbSlfRCU+XxhPjPTX2VEfKnp+Yn03NvyWcPQPI=; b=kyhXkQfhpfXog9jDP7f6bx9em3sXJoZ4To3uGmDQybawF9bQ6j1UmBn5zQOE3isOFy ukul+GdSaXWuKgmq/xBbpT+y4adJLgHlfCzsbB2We6ePhEO9si4OJp9qLc5gTHiktnGt NiRdzEuQ4++JXvoDGawZ4PULZtnA38URMTi2WS55CWlUfgr+ukTs77LYUmWPI5JRSYRZ PcDn7WPldeUR2gJ/5F+pTf2oXLwjv7C2gjJLENYPncUQcC3U9VDaqb7eFWgSgnhgPvGj m0K1ad6zUH45K4vPUKDLgResWGxAKziGADyalc81IFZla/Hjgd60LRpN5+ybdot8dxGh 55lw== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCXho8o/uzids27GRlp1Kr4WYZIHuqDZkKiWNsy9sNaqUNEfP/CYf9QnvPw8cLNBtDzL/yiO@ilbers.de X-Gm-Message-State: AOJu0Yz/tJx3OKCogRTm4QJLodNvs5fTa86DuDuEVk1VAwQGSl0Bb0J9 tS94Rxr75BmfKEfYg37DhWFMq19ZEHOS2IyO8FU5Pu5nEI+qapccl62d X-Google-Smtp-Source: AGHT+IH+q/qDlj3xnAXFuDVxhFk74glY4uSUL5uZ/iPXZhw7ez+7INs+aHOe40Bx/T8JLC9jbEveXg== X-Received: by 2002:a05:6512:3192:b0:568:e61e:5c71 with SMTP id 2adb3069b0e04-57050828c4dmr5299921e87.46.1758038001727; Tue, 16 Sep 2025 08:53:21 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARHlJd405V4G9ZFuJDI3QkXsc2OU+C8HqVUk2JWqk7HOftOrtw== Received: by 2002:a05:6512:63c1:10b0:564:4dfe:5a4f with SMTP id 2adb3069b0e04-56ddde0e8d6ls1516970e87.1.-pod-prod-08-eu; Tue, 16 Sep 2025 08:53:19 -0700 (PDT) X-Received: by 2002:a05:6512:63d1:10b0:56b:92a1:387 with SMTP id 2adb3069b0e04-5704a105ea5mr5529185e87.7.1758037998891; Tue, 16 Sep 2025 08:53:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1758037998; cv=none; d=google.com; s=arc-20240605; b=By/VNxAT+2Yia2qklURonrS18oRkPwkf9G8jiwRPVxkF2C5dD2v+hl/XK4VPKeh6XD aUYLXj6olvIZfmM+7Tggy1k9/aoW/r+P7i0j++wh1j4GNCTMQJDmKmwdertVKmqEQPax cLDJZ2AmRcKsHDHelLGRcXE7c8Zfdlvja8QOy+zf7hz5Oxn4CYj/TlYCEygvAXnhkpS4 g3wZepDTJmc8jguhE0rfl/CjWLbH2MDQKQN6NQcyG39XDDN9ylafomZi9TwFHKVLNKUS 2bB4OzlmWIQ7PLfBhGJ/TcKDtWlMldp2iGP8H19dVGKuST3VNLChkXHVF6oQ/REfD9Sb BTuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id; bh=fEMpfpMA1wCHAA2ypcj/IDzIusbTyxqKw/EGNdHW6nI=; fh=8vXvwSbkTw/4QB1AZ9nsaWDsmFYZ271tKUuPSwHKFqQ=; b=CykJ8vM38ir3w1CbmQWsJ2pn+SXz+Q3SlJLvgNPkaDIKxOahVLUfl3oHx/TdBqvOVB jPT7vPaMOdM2hovr5jXs320IbmY3vY/dULLzCcy4SY7LW2RrTIcGavTGawTYPgVWd/qV UBBgq1vEnrayKv7qiBApwPmQdP8f8rsgRh+5ZPxzEon4KAwZzisgOoIF1e0hWer/HHLj K8qzhcbYazYpZe+GKpHnmw6Bz6qK5agyZHvsy4+ZXPn6KNYv9w3JhCdUVYgLvu1sl6lZ krYQHemCCAo3fiCERvnvtuV+EUX+shMv3jsLk+CJfbcvKO9je7hUK9lOMUVs4peYvt8x SA3w==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of anaumann@emlix.com designates 178.63.209.131 as permitted sender) smtp.mailfrom=anaumann@emlix.com Received: from mx1.emlix.com (mx1.emlix.com. [178.63.209.131]) by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-57076e579f8si235944e87.2.2025.09.16.08.53.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Sep 2025 08:53:18 -0700 (PDT) Received-SPF: pass (google.com: domain of anaumann@emlix.com designates 178.63.209.131 as permitted sender) client-ip=178.63.209.131; Received: from mailer.emlix.com (p5098be52.dip0.t-ipconnect.de [80.152.190.82]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.emlix.com (Postfix) with ESMTPS id 1ABFF5F80E; Tue, 16 Sep 2025 17:53:18 +0200 (CEST) Message-ID: Date: Tue, 16 Sep 2025 17:53:16 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 0/6] non-privileged commands in chroot To: "isar-users@googlegroups.com" , "cedric.hombourger@siemens.com" Cc: "Steiger, Christoph" , "MOESSBAUER, Felix" References: <20250625193748.2681-1-cedric.hombourger@siemens.com> Content-Language: en-US From: Andreas Naumann In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed X-Original-Sender: anaumann@emlix.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of anaumann@emlix.com designates 178.63.209.131 as permitted sender) smtp.mailfrom=anaumann@emlix.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 2n9oKLeOjjKe Hi Cedric, all Am 20.08.25 um 17:38 schrieb 'MOESSBAUER, Felix' via isar-users: > On Thu, 2025-06-26 at 03:37 +0800, Cedric Hombourger wrote: >> When building root filesystems for foreign architectures with package >> source >> caching enabled, apt operations are executed within the rootfs >> through QEMU >> emulation. This results in significantly degraded performance, >> particularly >> when downloading source packages sequentially. >> >> This patch series introduces a new wrapper function that enables >> native >> command execution against a rootfs while preserving special mount >> points >> (such as /isar-apt). The approach: > Hi, are there any news on this series? Was there a follow up version? I also find this series very interesting, but unfortunately I was not the ML when you originally sent it, and getting a patch out of googlegroups is a nightmare. So I'd really appreciate a follow-up. Eg. the patch which touches the deb-dl-lock could imho be merged as is. It would fix an issue we have in on of our setups. Other than that, I have played with various scenarios to run the build in an unprivileged container and being able to use bwrap for bind-mounting /dev and /proc without sudo or privileges would be a big step forward. So looking forward :-) regards, Andreas > > The upcoming SBOM feature from Christoph already wants to make use of > bubblewrap. We also have the tool in kas 4.8. > > Some quick tests against amd64 and arm64 also did not show any issues. > > Best regards, > Felix > -- Andreas Naumann emlix GmbH Headquarters: Berliner Str. 12, 37073 Goettingen, Germany Phone +49 (0)551 30664-0, e-mail info@emlix.com District Court of Goettingen, Registry Number HR B 3160 Managing Directors: Heike Jordan, Dr. Uwe Kracke VAT ID No. DE 205 198 055 Office Berlin: Panoramastr. 1, 10178 Berlin, Germany Office Bonn: Bachstr. 6, 53115 Bonn, Germany http://www.emlix.com -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/c0d487bf-574f-476c-8ca8-cba4af1277ff%40emlix.com.