From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 19:21:02 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f187.google.com (mail-qt1-f187.google.com [209.85.160.187]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IIL0xZ026424 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 19:21:01 +0100 Received: by mail-qt1-f187.google.com with SMTP id d75a77b69052e-506a1999e44sf2784451cf.1 for ; Wed, 18 Feb 2026 10:21:01 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771438855; cv=pass; d=google.com; s=arc-20240605; b=e1db3zW/a32DAla2GiTT78t3Xr11MoLxM8HRZo95mZZ/p7k0KI0dNKOjTX0qwL71u/ H3tcwAWyfMZdsSJQdCabRtbqSOuA+lEd1a1FZsEHafBOA1fNR/R+a+he5Ngp35q7YXV4 UT8ljTDsggZcr3AkDM0ADsxvx6OK7qjaQN9iOtDdZu6UaV4FJdWG4Sr3Bqt6iyiOmZPy DdYDX7N7W3FfR41kx5uPNoHeX1N8vSr7NaGKIEW5aaKgmEzbJpbm/zHqJOVi+rVqsLNo wz3V6TWd2hTQ0AOCQNUMBJCdhLuZiQ/nT0xtHXtJr4vqciy6Qg6dYupSbN32Kz5N86xc KB/w== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:in-reply-to :autocrypt:content-language:from:references:cc:to:subject:user-agent :date:message-id:dkim-signature; bh=pBQdBzqWth19NcnIxCfFbiTgqXFJHJB2YhIezcO4tj8=; fh=NLw25a27RMQtiWZvM/JUFj41gQe7SA8ZyTPo6mpW6I4=; b=Spk5ZG/lK1Zg7vmn/rjdvE07XTtjMnFHg8uNjLXO4EZBqC3xYEvt4fsoNsoIa+S0RZ xN+3xukKJBmAa+T5vx0LJwaj+Rn78KbChFrztHMjZF8CoQIFD2GC+jdYwm7Vr8WHsmHk Nr2PKnY2+tsiOp/pI9UqKtLGkAr962vzRHx6KTeKBI9XRv9qnx6jah4XZD0oG0HO24Bz wElhW8KPD19//D1V4JEYFehhXmZvcPizfrJRHQwdiPay58ycGWf1OWYcxv6lZlJtRJTs 20OgxxWpQnmFaInul5b0W6JSuZuWoimgnu2B7yUFfXPYe7nJ78TyGv/IqKme1aPi2Hut QaKA==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=nujBEYBv; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771438855; x=1772043655; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:content-language:from:references:cc:to :subject:user-agent:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=pBQdBzqWth19NcnIxCfFbiTgqXFJHJB2YhIezcO4tj8=; b=VPFR+vTVqvmWjHHNRHgwdsrzuERFelN/cQgbBZpgS7JQS2XJXTti2glA5/bHHhMgGz UbBDV1wdsmhcXFIKyA2bMlxvz94lGl5vp64qusYs3kI/1WvBFMr/6bR+kv6Vzz666FKw NhyKftTCaf5sknes7C21ZyLmDEKmVTFv/S3Oo35Uytdb7n9Uk7ItrwZSI4lk4Uc+sVDU jagrY5jnMt6MqzpRn/VT57qUp6WONKvs3hL9y+U44RkVeGXPYAOFCTvfucUiW3bOBZgN e9UD1LL4Iqwyqx9ZGqFYAVs3yqJ7wKh1xQ9WZ4jSvuNTWsvbXc23yOjedK79lrUmWRC9 PZEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771438855; x=1772043655; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:content-language:from:references:cc:to :subject:user-agent:date:message-id:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=pBQdBzqWth19NcnIxCfFbiTgqXFJHJB2YhIezcO4tj8=; b=tHt7G1L5IVEVRAsYPbA0DoKjoLVp0tXNdIsTxcJCybmaJklsT0G+ckTr/xktdsygH0 ARPxEKPdRf3dFmFpQr6ojsEDhQCvpPykofH8JAnKjKXTlb9nROMxFIgBr/l0i6EwpS1c xWiIFhUeTsRX0d5JEvFzsD+MEXKExOG/LUUYFXSAYOppe+KWjExTDn5hItJTFWaIzlrb l4+32Zvsm/CDcZbIeJjh7PrOV8AcAwlIAghLzjrHCsB2n+0d2/OoDGtRzrIf91aTkgkx Q/GHu93fS7Nw6X1lMN/JAgy8byMEsgeUNeQUcX+dXiuK95MG/ipgY+S/ObaWvUpdZU+R NF0A== X-Forwarded-Encrypted: i=3; AJvYcCWiKIdb907idDC5ABdsFeL/sSkDAeMbQ6xRrB29epmxwMOrDJp3YvqTvQPEDRTj2KndjZYp@ilbers.de X-Gm-Message-State: AOJu0Yy5qz+ZA2ozuDiOTPPXBoWir8HEns/ffbz4UqfqpKxPRGT+Prpw QPoHa8VLsiJqq1NcQoMcEMUvWvDAT/Dxr3koiEgtpqtv5AxabcSaVboo X-Received: by 2002:a05:622a:1394:b0:506:1c3b:c896 with SMTP id d75a77b69052e-506e916c1cemr30149031cf.11.1771438854717; Wed, 18 Feb 2026 10:20:54 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+GUkV7Y8hb5M4ZUYk87cTsxknElRg1G7x9tCqNzXmtw4Q==" Received: by 2002:a05:622a:1309:b0:501:4802:402e with SMTP id d75a77b69052e-5069465d82bls123487611cf.0.-pod-prod-09-us; Wed, 18 Feb 2026 10:20:52 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVQbpvNqbmpeI1wR+T2WFlVJSYmuB+jpT+9rOxgg6NVeEhB3+XcCNUVeOeaTIH7br9zxj+egksFMPdQ@googlegroups.com X-Received: by 2002:ac8:588d:0:b0:4ee:1ec9:f947 with SMTP id d75a77b69052e-506e916b5f0mr36295271cf.3.1771438852365; Wed, 18 Feb 2026 10:20:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771438852; cv=pass; d=google.com; s=arc-20240605; b=K7Mvfkx70z7XweRVMSgZXGf6YD2KfvKlvWPenIdHrGZTpiS8Di2TXfGWC0oJNh/ye2 zYfh17R6T1/BwurS11LSiL6RkUmeyOI9sERRmm+t/uzUe2iune7qMyCyCVBM5EuyK65c aWw2ZyUs0YGRqw/pJ43tvJz/Z76XnRvAMg2fVfzMnk2BqPMtqDv3ONvvPEbDG5BQihHa KlQr//Nr+TDhidpafoCgIE34szPXZveIqD52Q11EDywSBywk+M3ktdvC95ChkqxBnJdy a2Lqm+KZADQ1SXDvZZJopAvjogMy4Ekjf4bzsDa7orzHivG4HdJv35iLfd3ZLze/hftI MxXQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:in-reply-to:autocrypt :content-language:from:references:cc:to:subject:user-agent:date :message-id:dkim-signature; bh=CCnIe7r8Mqovk8qc0IA2gCuo13Wdqh2eL6xm7Yi96jg=; fh=OPAseo6bwwFPu0Z/TgqZ37S26U8kSSi3ubVyFPIawCA=; b=LvQM6GroqGqIeh9LyfDfQiJcMGmkIBAeB9pRVvhir+N59v0mbeFhrAG4v2ueiRG+Uv n5RwcUtanBAbOI3iDTdyFXlVECEn+MSaXXbCF3RXf4davV8P55nWWPAoj/HLGlblX1uz UThx2qY4lYZE8vS972H9LZ2/XjI020mOdSN5ooaC+XP55TbBm74m2f1R9SQTJfjFNlQd OAPuU5HzGTSKTLhnb9KotR4CiVQsR4NbYe1rrqNn+09EkPOo7r6nGhcjLAqBDXN66GLC xEXyClrQ8ESMkTkgghzXYmm+g4VIVYOmRt+zD7cCjOIRU9M1XAIkoGHZ5+kJeAyKoJLK 4auw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=nujBEYBv; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c200::3]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-506849eed48si9195141cf.1.2026.02.18.10.20.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 10:20:52 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) client-ip=2a01:111:f403:c200::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=imNnmNYn4drWgtkt1PvWm9+9I8yPPCmso1txmHCIefyzLkdH1FtQfCSNzeOn7vn/7h8fg/STLF16wNO9cxqr9XTev3LNJ3huACR6qxayvLRvmq09sQvNQXSBKZg3QiSWAg0MAmIukYabDDw9kT/6qSaOi/Wm+sR2bO+k0d4IMhfcADsb6FmaEbAyGmapnnniJdmxWgeCk8rGKmIaxKPp4fD67ng/mMe7NmZUtA2wvb7uiBwvMdw/I/r4Y/OYYXFNrn3z6TmLvxsE1Ag+WYCOIAesrsj90xSEWbP3VDmVVBcSJHq1GZLzgiznFJDurT2QpP7MnMn2BQevhUoB9tE12w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CCnIe7r8Mqovk8qc0IA2gCuo13Wdqh2eL6xm7Yi96jg=; b=xjodLdgcbj1eDsI7YtIBb+Ri70UCjPuulDXQeZtJTqG4R+dIHVIh9vXFqnrRWwxNGXj2Eq9PjUacFaBjwI6HanbuPT7IfPrpGbZQT//ZKCz3IGZWm+xLly29XwUrzybLkJz+lg/zXw1MhVtg5/wOUN7RPxfEzip5w8OrGmGd6x2DSz9Hbr2uZpq9ihSq2cW20nkVnON/kk/ZOGKPgwOewyOnEIqjfhvqHLylzY9yBt4b4Ut6zew5fAbPK1vr2u9LTadXPuRlC5S5MCLuAeMaE9lH/7F/CH4rHFbxxNiF65Z6O6JvRAKUbT9P87HfWIdp0fmH0ZtpK3No3xB7/ib+xg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by GV1PR10MB8996.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:1d1::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 18:20:47 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::be9f:e8ca:ee9:83e1]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::be9f:e8ca:ee9:83e1%6]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 18:20:47 +0000 Message-ID: Date: Wed, 18 Feb 2026 19:20:42 +0100 User-Agent: Mozilla Thunderbird Subject: Re: [RFC 00/12] add support to build isar unprivileged To: Felix Moessbauer , isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> From: "'Jan Kiszka' via isar-users" Content-Language: en-US Autocrypt: addr=jan.kiszka@siemens.com; keydata= xsFNBGZY+hkBEACkdtFD81AUVtTVX+UEiUFs7ZQPQsdFpzVmr6R3D059f+lzr4Mlg6KKAcNZ uNUqthIkgLGWzKugodvkcCK8Wbyw+1vxcl4Lw56WezLsOTfu7oi7Z0vp1XkrLcM0tofTbClW xMA964mgUlBT2m/J/ybZd945D0wU57k/smGzDAxkpJgHBrYE/iJWcu46jkGZaLjK4xcMoBWB I6hW9Njxx3Ek0fpLO3876bszc8KjcHOulKreK+ezyJ01Hvbx85s68XWN6N2ulLGtk7E/sXlb 79hylHy5QuU9mZdsRjjRGJb0H9Buzfuz0XrcwOTMJq7e7fbN0QakjivAXsmXim+s5dlKlZjr L3ILWte4ah7cGgqc06nFb5jOhnGnZwnKJlpuod3pc/BFaFGtVHvyoRgxJ9tmDZnjzMfu8YrA +MVv6muwbHnEAeh/f8e9O+oeouqTBzgcaWTq81IyS56/UD6U5GHet9Pz1MB15nnzVcyZXIoC roIhgCUkcl+5m2Z9G56bkiUcFq0IcACzjcRPWvwA09ZbRHXAK/ao/+vPAIMnU6OTx3ejsbHn oh6VpHD3tucIt+xA4/l3LlkZMt5FZjFdkZUuAVU6kBAwElNBCYcrrLYZBRkSGPGDGYZmXAW/ VkNUVTJkRg6MGIeqZmpeoaV2xaIGHBSTDX8+b0c0hT/Bgzjv8QARAQABzSNKYW4gS2lzemth IDxqYW4ua2lzemthQHNpZW1lbnMuY29tPsLBlAQTAQoAPhYhBABMZH11cs99cr20+2mdhQqf QXvYBQJmWPvXAhsDBQkFo5qABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGmdhQqfQXvY zPAP/jGiVJ2VgPcRWt2P8FbByfrJJAPCsos+SZpncRi7tl9yTEpS+t57h7myEKPdB3L+kxzg K3dt1UhYp4FeIHA3jpJYaFvD7kNZJZ1cU55QXrJI3xu/xfB6VhCs+VAUlt7XhOsOmTQqCpH7 pRcZ5juxZCOxXG2fTQTQo0gfF5+PQwQYUp0NdTbVox5PTx5RK3KfPqmAJsBKdwEaIkuY9FbM 9lGg8XBNzD2R/13cCd4hRrZDtyegrtocpBAruVqOZhsMb/h7Wd0TGoJ/zJr3w3WnDM08c+RA 5LHMbiA29MXq1KxlnsYDfWB8ts3HIJ3ROBvagA20mbOm26ddeFjLdGcBTrzbHbzCReEtN++s gZneKsYiueFDTxXjUOJgp8JDdVPM+++axSMo2js8TwVefTfCYt0oWMEqlQqSqgQwIuzpRO6I ik7HAFq8fssy2cY8Imofbj77uKz0BNZC/1nGG1OI9cU2jHrqsn1i95KaS6fPu4EN6XP/Gi/O 0DxND+HEyzVqhUJkvXUhTsOzgzWAvW9BlkKRiVizKM6PLsVm/XmeapGs4ir/U8OzKI+SM3R8 VMW8eovWgXNUQ9F2vS1dHO8eRn2UqDKBZSo+qCRWLRtsqNzmU4N0zuGqZSaDCvkMwF6kIRkD ZkDjjYQtoftPGchLBTUzeUa2gfOr1T4xSQUHhPL8zsFNBGZY+hkBEADb5quW4M0eaWPIjqY6 aC/vHCmpELmS/HMa5zlA0dWlxCPEjkchN8W4PB+NMOXFEJuKLLFs6+s5/KlNok/kGKg4fITf Vcd+BQd/YRks3qFifckU+kxoXpTc2bksTtLuiPkcyFmjBph/BGms35mvOA0OaEO6fQbauiHa QnYrgUQM+YD4uFoQOLnWTPmBjccoPuiJDafzLxwj4r+JH4fA/4zzDa5OFbfVq3ieYGqiBrtj tBFv5epVvGK1zoQ+Rc+h5+dCWPwC2i3cXTUVf0woepF8mUXFcNhY+Eh8vvh1lxfD35z2CJeY txMcA44Lp06kArpWDjGJddd+OTmUkFWeYtAdaCpj/GItuJcQZkaaTeiHqPPrbvXM361rtvaw XFUzUlvoW1Sb7/SeE/BtWoxkeZOgsqouXPTjlFLapvLu5g9MPNimjkYqukASq/+e8MMKP+EE v3BAFVFGvNE3UlNRh+ppBqBUZiqkzg4q2hfeTjnivgChzXlvfTx9M6BJmuDnYAho4BA6vRh4 Dr7LYTLIwGjguIuuQcP2ENN+l32nidy154zCEp5/Rv4K8SYdVegrQ7rWiULgDz9VQWo2zAjo TgFKg3AE3ujDy4V2VndtkMRYpwwuilCDQ+Bpb5ixfbFyZ4oVGs6F3jhtWN5Uu43FhHSCqUv8 FCzl44AyGulVYU7hTQARAQABwsF8BBgBCgAmFiEEAExkfXVyz31yvbT7aZ2FCp9Be9gFAmZY +hkCGwwFCQWjmoAACgkQaZ2FCp9Be9hN3g/8CdNqlOfBZGCFNZ8Kf4tpRpeN3TGmekGRpohU bBMvHYiWW8SvmCgEuBokS+Lx3pyPJQCYZDXLCq47gsLdnhVcQ2ZKNCrr9yhrj6kHxe1Sqv1S MhxD8dBqW6CFe/mbiK9wEMDIqys7L0Xy/lgCFxZswlBW3eU2Zacdo0fDzLiJm9I0C9iPZzkJ gITjoqsiIi/5c3eCY2s2OENL9VPXiH1GPQfHZ23ouiMf+ojVZ7kycLjz+nFr5A14w/B7uHjz uL6tnA+AtGCredDne66LSK3HD0vC7569sZ/j8kGKjlUtC+zm0j03iPI6gi8YeCn9b4F8sLpB lBdlqo9BB+uqoM6F8zMfIfDsqjB0r/q7WeJaI8NKfFwNOGPuo93N+WUyBi2yYCXMOgBUifm0 T6Hbf3SHQpbA56wcKPWJqAC2iFaxNDowcJij9LtEqOlToCMtDBekDwchRvqrWN1mDXLg+av8 qH4kDzsqKX8zzTzfAWFxrkXA/kFpR3JsMzNmvextkN2kOLCCHkym0zz5Y3vxaYtbXG2wTrqJ 8WpkWIE8STUhQa9AkezgucXN7r6uSrzW8IQXxBInZwFIyBgM0f/fzyNqzThFT15QMrYUqhhW ZffO4PeNJOUYfXdH13A6rbU0y6xE7Okuoa01EqNi9yqyLA8gPgg/DhOpGtK8KokCsdYsTbk= In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: CH0PR03CA0096.namprd03.prod.outlook.com (2603:10b6:610:cd::11) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|GV1PR10MB8996:EE_ X-MS-Office365-Filtering-Correlation-Id: 43bd0563-19a6-4de9-19d3-08de6f1a7010 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|7142099003; X-Microsoft-Antispam-Message-Info: =?utf-8?B?eEdrY0hlWmhoeTBEbDhNT2ZKdi9BektXWUdxYWEwZUxvWHp1aEEyU29Jcm45?= =?utf-8?B?Z3YzL1JQVWZjK1NmWHU5UmU5cmdKTHRzcFJ1RWo2b0h1dFVlQVloOHlhZVk3?= =?utf-8?B?WE9VcEF4ZnZnbmFoY29rbmZhbEFISEtPMUNpR3NFckZDZUNleEpOQnJRY2xp?= =?utf-8?B?aEVxZXNyYWhoUW1SVzlOcGhJVU5NTkdOQXBTcG5YRG9GM0pnZkNqU09rUWk4?= =?utf-8?B?b3lqWWYxTVgreElScUNxcFMrR21GQ2tpcEcvZFVjUkpMdnlTTitRS1Jzb1l6?= =?utf-8?B?ekZrc1Q0d0VpNjNBdG54Sk9vQU0wcFlZV1czdnp6MWQxTmlqT0Fac3AvQitn?= =?utf-8?B?MG9idGtSWGE3ZTdyalI5TWJzWEZYREFhcFc5MmhtcTM3ZHRNODRuWElHQTli?= =?utf-8?B?L1RBemRWQlBCaStMTC8xcXBQNHVZb2VaSDVPTmIvbXBKZDFmUmRXcWFQcmFl?= =?utf-8?B?SHRsbHlJQWFFZXV6UWJYWFdvWkYyRUNhd2xYK1l2N0JKTTZERU8yYW90Rmxj?= =?utf-8?B?UFlrMU5rdExnTnl2ZEc0YTVPbGlBcnBWSVhLcUxKaDVQVWZpMEdmN2syTlZU?= =?utf-8?B?WVUwMHZUWlN5L3l2eTZRcWJTSjhzTHMvd2dsdmhYeUd6ZzQwc3hpV2hqWEdS?= =?utf-8?B?U0E1VGVWampQUitLZDR1YWRsbnJ1M3htcmRONkpqR2xHT252UkRPdHcrVzNo?= =?utf-8?B?Z0pXcVdGaHUrdzlIbEQxMm8zZVVpODYyTHd5MG5UcmtQNC8xekJKRVZONnZM?= =?utf-8?B?YlpqUEJkUnlXa0M4Y1Z3NWc5QVdIQkNodGlyY01LaUUvSDR6cmtuckN0ejJq?= =?utf-8?B?em5Gb2lyVVNvbzJVRjFOOWQwLy9EMW0zdktwRnl3dVVPZk5uZHNTellvYWhD?= =?utf-8?B?enA4UXpqeUx6cFhrejZiUkFsS2RwZkdRN21uZ2YveDdSQkNIalM3T1BQamc4?= =?utf-8?B?VXUwWkhuNk1ZRXFSOFoyZ2RVVHB5UlhQVDZQY2VRdWxvYU42OXhtdEFpampD?= =?utf-8?B?YUNFbWtKclgzRThnbEtHT0dlYXJVVHRLOU42alJmckM4bVcwUDVzVXJBOUhS?= =?utf-8?B?YlkzWHBuWk5kY2F4cUxoSkpVdE5maWtsQ2xQMjk3M05VckxlSzlKMFB3dnN4?= =?utf-8?B?VTdFamV0VmxBa3dYbUt1RkZ1MXk0NDVZQmt2Q3NybUI1S1R1anBKMkJCZWhN?= =?utf-8?B?cCtCdGp5c05IQXRkRnVaU2lKZmhsVmEwZ2hreEkzTStBSk1GS1NJMXVpamFY?= =?utf-8?B?UE1PUzFzZmVxc2dZYjJzM1BZbkVnNmx4Y3BuNVBkamNVcHRYQkFEU09wSmUr?= =?utf-8?B?TWhGVlRvSXpqVTVIV21kd0gwV2xiRG15d2NzZ2lxVys1UnJGWlZCUnlLSUlh?= =?utf-8?B?UzVCNDhOQjVzOGNKTFJVSDBlcTM3cTcrdnFlNDdSYVE1VmMxRTFkL0ZRS1lT?= =?utf-8?B?eWRBR3FFd2FkYzZEd2R3cHRFV2dUczVYaWFYc1hhelZwMkM2ZGNBa1dJMjln?= =?utf-8?B?c2lPTXU0aGw2UmpJdUhhRzcwQUxNT1IrWm4yNW5oMGZrOVZXVSs4RVdETml0?= =?utf-8?B?bEtVd3dJeWhOWW1GcHR6WE9KM04wVm9QS01LZm9XNzhVQ3V5VGVxNzZhUVhx?= =?utf-8?B?RXV6TEFCakZrWFduSlFQZGJMSWZBTXRGYjJUS2lNYnpuOGFhWnVJd21RcFky?= =?utf-8?B?RWdIL3R4L3ZveFBQM3dHMSszZUN6dWtzWW9aOUxxYkFETi9aNXhHMnlaY0lz?= =?utf-8?B?cVgrYm5VWEI4Nk54M2ZEeG11MStYT0V6cXdVMnJEWi9xbXZsQjlqMnVGdU9E?= =?utf-8?B?a283MkpvMWw4NW1WcmNFS1F2WG90Zy9VNUMwMEhsZUJiNlpiTUZoV0ZENEZq?= =?utf-8?B?T1BEZ0ZWWWo1Zi81RGRUQWtsckNxQ0tsZWtoa1haQ2VJcWRFNEtzZTdURnZj?= =?utf-8?B?VUgyeVhoRGFaOWhIeU0yM1psWFl1M3k5MDNZOWdDZGZ3VXVLVmlyazdoek9J?= =?utf-8?B?aE1qN3d4VWNrVHhialB0bHBob3V5cmJjUkpGcDFpMGY3Q0VIaCtXWVFpbFY1?= =?utf-8?B?Z2VnbmtRekx5dnV6c3NyK2VvQTd2cGd4UHpNUXNUd1htd0I3YW1JY3NSTlh1?= =?utf-8?Q?0CJw=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(7142099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?enlOVjNRUitPTW1nTFlQTmoyMWpMQ3F4ZFZxQUlzbnQzWGRGS2hucEY4d2o0?= =?utf-8?B?ZkhLcWR0OUprRkVtVjV3ZUZBcW9oVWVSOUo3bGNQOS9VVkxQU2hOdFBXTFZ0?= =?utf-8?B?MGI2MGlTdW1QazBBWlhqamdXYXNrM29MZmxXUkZYVmQzNGVlQ0k1L3dhUmtH?= =?utf-8?B?VkxKTUpWamtFdElkK2l2NUh1c2VRNzNIQjdhMFJ1N3l5eHYvWnBDd2NHZmtt?= =?utf-8?B?b2NJTHFSZ0Y1dks3NzIvaW9icUpXMDBSUGxwQ0szL2FBZHVMRjA4MlFWblIw?= =?utf-8?B?V1BXT1EvaU5WM0o1NXczRTFPb2VVREd2QStvUU9zeWIzV0hDdjJENzQ5K0Yx?= =?utf-8?B?Q2lYOU9FSy9sQVdDNVBTSS9WVEVlK3hLRmpNUGh4Tlo5TCtWMkZsc050WDdK?= =?utf-8?B?dzhvU2xoRHlCakZWUDZ4ZFM4RElGWHdMQ2g0RGlJSlIrR2tWT1g3RzZzcWtp?= =?utf-8?B?SytLeXdXUXRLZlE4REl3azFERTJPb1FWMlY5ZXdmck1acW9CNUhCYjZNeVJw?= =?utf-8?B?T0hkT3JzU2xVSkczQWF1SWIrZzc0UVR3dm1ZRTF0ZktPTnJGM2NOTUwzNm1n?= =?utf-8?B?UnVWa1JzTnA2ckdrZEQwODN1VmdmWXI5Zml4RzZ2VTZmVys1UnEyeWV6T1Vs?= =?utf-8?B?WlRGNG5Mb3UzMEQ5U3I1Yi9jMmxNS2FqMjgwbTQ3cVpzZnVMcmJUNGtMSlBE?= =?utf-8?B?SUhQNk5zNy9zdUJxbVZBSHQrMS92NktvcW96WWVOTHlQZ2hNN0ttR25BME9T?= =?utf-8?B?THZFRlJZOXQyM1F1TUZuTEJDMzUyenNnbDcrUmt5Nm5lUkhUVmRmSkxxRkZG?= =?utf-8?B?dlJzSm5YcDFWSFVOUnBjY0oweFZBcGk2bVJMNE03OEE1TDNnVFliTS8wWHFq?= =?utf-8?B?QTJiZG5aWGpIZklKemc2T080aThZRGRaSTJaaXY3OW1CbmhpVkFwdVFNc1Uz?= =?utf-8?B?RmFjazR1RCtoclFVR1hScDYxbHNzenNxUDVvYTZlcyt1ZktjN0FYaFVWZ0Zh?= =?utf-8?B?RUFnWDFWdW1rQUREUGxDMkhWdEpaY2w3REtBUmh1M1pPVUx1SzhqTWQ0K1FT?= =?utf-8?B?ZnZrbjdMbEpBa1BIdUxQOWxlNUMwSWVqL0s3cGx0akVJYXFPdlNtY3p0Vk14?= =?utf-8?B?ZTFOOFVDd2ttSC9lNkNKb0JiNDl1d3dIQzhhZ3dlQ056QmN5K0x5VDF6SUpZ?= =?utf-8?B?OENEZ3JMVXFZRkJ5aGhlMUIzTUgzVTI5SDBTbEdiWG5qOTkrNEswTFBSOXRO?= =?utf-8?B?U1hiejhxdHRKQkIwVU5jdlJ2RGtZTUgrWFp6dFRQSml2WEpCNWZzUnpQWEdB?= =?utf-8?B?dGdwZjVuYTFqZUp4eUlMRzNDYm1YUDU4LzNDSzRGMFBOS1EyRU1sVGNiMERY?= =?utf-8?B?NFlSZCtpSDJVLzdENUZ4anFqdTdRa2xZeTErY0FDM2ltNWhSVEFjZGE2Sjkw?= =?utf-8?B?SXJFcXM3ZmVvTThtZ1ptVnZCaXVab0RIeXFKNHVXZzZJWEVWVG9JejhsN3dz?= =?utf-8?B?cEMzb0F1Qi90Z1gyNmhaOERTemYyVGdVRHBVeDNZWUFiMDNmMXVvbWxPTW9y?= =?utf-8?B?YzhnWXNHb3cwUzljbnFJaW5hMnFxdzVvVEJPellMcFZlVWtZSFlRaGdlMDlY?= =?utf-8?B?OXo5eXh5Wm00VngzZStUVGJNK1dTckMwSjFUQmlmdGVqNG5EMHI1SHgySklP?= =?utf-8?B?bW5ROVAzVlJNZ2pON1FkNUthVGh6YkFaMTBVWTRkZGhHZGZrVGVUcFZGQ3Yr?= =?utf-8?B?TVk3NWpGY2RIeTJXQzFpaWxYQjdMQXUxZ08vT3JEeGl1a0tHRm1jcitydE95?= =?utf-8?B?VDlEVUF6dEIwbENJREVTOTV3akpaSlcrNXIyWEY2cWZaWThTOGVvNCtjRWlO?= =?utf-8?B?N1dXQUZHMEFwV3F2bWREWXNhcEl1VWJWM1F2UHhoa1FlMnpWUmJjTVh1VnNZ?= =?utf-8?B?bTFaVUd1UGdVdTBVM0pEZjRJTjVKTlVJUUVsZjdzYzZQTXh3OE1rYkZQeFRl?= =?utf-8?B?bTIzMHBCaWt2Wjc0NkJSRXMxTXY3cktZSGpmdGF1UTRwWFNwNmZYZHdqNkZp?= =?utf-8?B?NzBuWUlxSlpkWmpFZ3B6UDl6cktFUnJuZTBLTlBuN2dxUmphdXlsQlY5V0JW?= =?utf-8?B?YktRdTNJM0dxSFlGNkR3Rm1IdDRKUXU5Mmd5RklraVhGUS9MSGJYRUloUmJR?= =?utf-8?B?NnV4OHhMMytYOUdtSUZxYWRjSEVpMmpmT1ZMSHVlNllUa0tIc2tUbmlwbnVO?= =?utf-8?B?SXIrUEt6QlZiWW5obWZYNDdYVzE0c2VGektXYkNQSkUvRDZvTUI3TEgxdmNI?= =?utf-8?B?TFVHTEZOQlVjaTNzb3FUbjAxeWV1S29KcHV2eHBjajcyYmd0eER5dz09?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 43bd0563-19a6-4de9-19d3-08de6f1a7010 X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 18:20:47.4743 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: paUrom9+Uxh5YzThmzCeBJ2koymSQkzA34Z33kEFLtjPJLCkzsuEP1rzYwrWa++0aRSPHDbAkCzEEFq3i8/Rkw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR10MB8996 X-Original-Sender: jan.kiszka@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=nujBEYBv; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Jan Kiszka Reply-To: Jan Kiszka Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 88z+3RYY/5vE On 18.02.26 12:58, 'Felix Moessbauer' via isar-users wrote: > Dear isar-users, > > currently isar requires password-less sudo and an environment > where mounting file systems is possible. This has proven problematic > for security reasons, both when running in a privileged container or > locally. > > To solve this, we implement fully rootless builds that rely on the > unshare syscall which allows us to avoid sudo and instead operate in > temporary kernel namespaces as a user that is just privileged within > that namespace. This comes with some challenges regarding the handling > of mounts (they are cleared when leaving the namespace), as well as > cross namespace deployments (the outer user might not be able to access > the inner data). For that, we rework the handling of mounts and artifact > passing to make it compatible with both chroot modes (schroot and > unshare). > > The patches 1-10 align the file permissions of deployments and artifacts > to avoid the use of chown (which will not work anymore across uid > boundaries). In addition, helpers are introduced to perform privileged > operations, which simplifies the migration of existing layers. > > The patches 11 and 12 introduce the unshare mode, which can be executed > as a normal user and does not require root. To enable this mode, set > ISAR_ROOTLESS = "1". > > While the series is by far not complete yet, it already passes the DevTest > CI. Know issues are currently: > > - no support for VM and container images > - unprivileged cleanup of the build/tmp dir is non trivial > - sporadic issues on partial rebuilds on rootfs_install_sstate_finalize > - interfaces between kas and isar need to be defined > > Note, that this series can be tested on a custom kas-container build > provided in [1]. Hints how to migrate downstream layers are provided > in the API changelog. > > [1] https://groups.google.com/g/kas-devel/c/NWQFCU2aUHg > > Best regards, > Felix Moessbauer > Siemens AG > > Felix Moessbauer (12): > refactor bootstrap: store rootfs tar with user permissions > deb-dl-dir: export without root privileges > download debs without locking > introduce wrappers for privileged execution > bootstrap: move cleanup trap to function > rootfs: rework sstate caching of rootfs artifact > rootfs_generate_initramfs: rework deployment to avoid chowning > wic: rework image deploy logic to deploy under correct user > use bitbake function to generate mounting scripts > apt-fetcher: prepare for chroot specific fetching > add support for fully rootless builds > apt-fetcher: implement support for unshare backend > > Kconfig | 2 +- > RECIPE-API-CHANGELOG.md | 57 +++++ > doc/user_manual.md | 2 + > meta/classes-global/base.bbclass | 93 ++++++++ > meta/classes-recipe/deb-dl-dir.bbclass | 20 +- > meta/classes-recipe/dpkg-base.bbclass | 20 +- > meta/classes-recipe/dpkg-source.bbclass | 2 +- > meta/classes-recipe/dpkg.bbclass | 16 +- > .../image-account-extension.bbclass | 4 +- > .../image-locales-extension.bbclass | 13 +- > .../image-postproc-extension.bbclass | 30 +-- > .../image-tools-extension.bbclass | 96 +++++++- > meta/classes-recipe/image.bbclass | 24 +- > meta/classes-recipe/imagetypes.bbclass | 47 ++-- > .../imagetypes_container.bbclass | 26 +-- > meta/classes-recipe/imagetypes_wic.bbclass | 12 +- > meta/classes-recipe/rootfs.bbclass | 221 ++++++++++-------- > meta/classes-recipe/sbuild.bbclass | 37 ++- > meta/classes-recipe/sdk.bbclass | 23 +- > meta/classes-recipe/squashfs.bbclass | 2 +- > meta/classes/sbom.bbclass | 2 +- > meta/conf/bitbake.conf | 7 +- > meta/lib/aptsrc_fetcher.py | 90 ++++++- > .../isar-mmdebstrap/isar-mmdebstrap.inc | 47 ++-- > .../sbuild-chroot/sbuild-chroot.inc | 24 +- > .../unittests/test_image_account_extension.py | 9 +- > 26 files changed, 691 insertions(+), 235 deletions(-) > Hmm, just testing xenomai-images with this and minimal changes for itself (buildsystem update). It seems to build the kernel - put only on a single core. This part looks still fine: # $PARALLEL_MAKE # set? /work/build/../isar/meta/conf/bitbake.conf:135 # "-j ${@bb.utils.cpu_count()}" PARALLEL_MAKE="-j 16" But the "-j 16" does not end up in the actually make call of the kernel build. How could we possibly lose this? I wanted to test if rootfull mode with your patches applied may answer this, but: ... ERROR: Unable to parse Var Traceback (most recent call last): File "Var ", line 1, in File "/work/build/../isar/meta/classes-global/base.bbclass", line 396, in get_subid_range(idmap='/etc/subuid', d=): user, base, cnt = e.split(':') > if user == os.getuid() or user == os.getlogin(): return base, cnt bb.data_smart.ExpansionError: Failure expanding variable UNSHARE_SUBUID_BASE[:=], expression was ${@get_subid_range('/etc/subuid', d)[0]} which triggered exception OSError: [Errno -25] Unknown error -25 The variable dependency chain for the failure is: UNSHARE_SUBUID_BASE[:=] 2026-02-18 19:18:28 - ERROR - Command "/work/isar/bitbake/bin/bitbake -c build linux-xenomai-3" failed with error 1 I bet you can reproduce with plane Isar and a linux-mailine build as well. Jan -- Siemens AG, Foundational Technologies Linux Expert Center -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/cda4b0c2-3296-43df-ba0d-8e51c17495ea%40siemens.com.