From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 19:32:16 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f191.google.com (mail-qt1-f191.google.com [209.85.160.191]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IIWEve026542 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 19:32:15 +0100 Received: by mail-qt1-f191.google.com with SMTP id d75a77b69052e-50620483ff6sf4269131cf.0 for ; Wed, 18 Feb 2026 10:32:14 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771439529; cv=pass; d=google.com; s=arc-20240605; b=IoGrhVOAZGYG5QKM9C2yvFiZCx0ru6WIXV2o+KkBG2KJcRRaEislyumCaAyokkSEgh /rklZ+W61dVLn40oJM341GpcOfwHg1yByVKyWJAIENIZx8bv9ba/JosmyBvMWmm3/faN lf3e69QCFRYtUIKQ55yH+JG2DTvMujrj6HK8TpTaEJZhJNaEqInBG3hICKiSi6IEds+a hVkaaB3IYIy7simRhPI6huBP1PjobFxFHj+LbFkgcxiPtPLyoiINtoUOcbbNEfIq+AhJ XlhXugMTxgM8vk8dvu6wFLkzg2zwbPCf+1j+In682myX3wL23TUUBq1qSZzIc0wjkeK8 uEDw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:in-reply-to :autocrypt:content-language:references:cc:to:from:subject:user-agent :date:message-id:dkim-signature; bh=O/dqfa2HICjk++c52AydoFFFlJV6Y2O4LvmvQK3pT7o=; fh=87IwWB8qmd2Yhl5ExU1W5DAdO189D88398nr2LqXVPo=; b=jl+torm0Bp4aJTy++zPsC5vgrIIIrP7ZfryvwFtU4F3EwuJwpxnAzgye9z5vQOUwEJ +mBrgPfd8idR7UrnH3JDA/fgFz12YMMgUWBti1RCx3jxD7qetH+E7DAczxJw2CbYSjb6 5GOCjxFscPSlXxmvhYvL3svm2PPo4hgw3z52++1zetLlZ85UKcieTFq2rs4U5f3AZpok UhmHx4oWG/SdHZ7RxfkaL/VOBT/SVPXCX6wKC753nCJRFky5ICBLCbHqOyeJjKDAxLlo quUZXyvKeHanLr75f0fGWfT4cM0lvSxBuZCn61LxMmgaJfal/NzymoJLAxLk25qyKB+h 8VxQ==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=iDFrobLB; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771439529; x=1772044329; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:content-language:references:cc:to:from :subject:user-agent:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=O/dqfa2HICjk++c52AydoFFFlJV6Y2O4LvmvQK3pT7o=; b=qCxUDZE0fREuCVnxOtkL8/ec1vBgOQtAtcP+F+pU1FwXGEuA96pxaU9YcjPW7R3Z3K XlVA4um7FZ7f/9MNZbTXcna3m/TR3lvximcbJb7sAVaYOLJmV5W5QOjcv5PBSISh9KnD VwJ2cJFMMR2WSSwHzLRxx55Er0vbf9ds9icckoba4DmwHYMLHOX806YkCoG+JHTgo+Cd 3ZQg+rHHo6yhfh7hhnSeLtpyiU35yVQeVRCHjTYmuvLkDWRrBCsf7QSVnJYbmv/wkEYi 3+KkdfDwkF9HxSPxiFMZRSQgHrus+vc24WZtf7hgye4Flv0WzTDB0Fwzvtgc7X3/0/2a F96Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771439529; x=1772044329; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:content-language:references:cc:to:from :subject:user-agent:date:message-id:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=O/dqfa2HICjk++c52AydoFFFlJV6Y2O4LvmvQK3pT7o=; b=Tny951bjOk3baBW+/ChmTKWabo9wVbTmu8qGzauQTt3TB91l7hOu1GnRmQA/lJQXYe 7TP4KCdHljUCJmKqfB+yYa0+cwdv1IhYMjR2s2PTuMy8o2s9l67+QmA9L5lU+6aPqY6/ 5Plf4fDdMuErsoQst8+Tz9brFoA9f0N1JCb1t3ozSegG5vaJmZZ83WoU96dK6zM6opB/ /S/sFw7TUK+PKBnWy07GFipiibzzs4Hd+XHxU6T1rrZ9/C3C9iHzC3kow5YZXyxX69EL lqfdNRmkS4+ND93f2dW7ySapvyXCN+dGZri5Z5bBdBlbR2Wa7FJEkoINdY/oGGnicJah 32cw== X-Forwarded-Encrypted: i=3; AJvYcCUKCl1HQVnPJr5koiN/+Bxdq+KieVkhES48NDZjc6cR2Oz5MWd2R6UKdvczaJjop0zkQUul@ilbers.de X-Gm-Message-State: AOJu0Yx8IcczZ9zYGOiVry+oyofC5PcnVgBzGohU1gEKIeVam3AsQE49 FjZctHoRZMll0ACI/LEWXvztvl9MPHYHaNhSvoXUbRgTACaw6duWI0qP X-Received: by 2002:a05:622a:254:b0:4ee:191e:ade2 with SMTP id d75a77b69052e-506a6b40013mr234156281cf.67.1771439528700; Wed, 18 Feb 2026 10:32:08 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+EO5W3GJoRmSOBa1c/JqcyhYX6A4NM75cTjStC0uVegRQ==" Received: by 2002:ac8:738a:0:b0:506:a3ff:ffb7 with SMTP id d75a77b69052e-506a4000d47ls67720871cf.0.-pod-prod-03-us; Wed, 18 Feb 2026 10:32:07 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXbpMJ0JHbYCYa9xmAyJGlAPTi0rKcWhcWRG+Pl96hmk9m2qkZf1Z2a6Le50BF1zP7GkNvFEB4Y2kj4@googlegroups.com X-Received: by 2002:ac8:5a04:0:b0:506:9de1:6182 with SMTP id d75a77b69052e-506a6b358a8mr248313351cf.63.1771439527611; Wed, 18 Feb 2026 10:32:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771439527; cv=pass; d=google.com; s=arc-20240605; b=eQoBrpC8IpDla3nNLIW3wi1fVpNJZZmbv8ppEP7WZvemLuW7O0qb3om5fUxCogjm3/ +RELZQkufbqMQDy5znywiLkNkWC64RCko+mMkeYEkNr6LSj+s1Cr+7QcHzK5fe5v/Npl W7Z/L1O4ex+yyqO26GEY+s3CXTMzUMmmJw5ale/uGsSuky9lRuDPtfqpkP711f4J9e1C Wdz/Sbpt4No2yYYZzry1nsPDgKY5kjCyZBP4/5xZii3yCRvmW6KYm1amnD06GKOYEk4w 9NFfGTPgNgvsG++wzFfTsIo8iWiuaTFjEiafMRY9AaqddKOrOYmQtr4pP8zC0zOqmpPx G8Xg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:in-reply-to:autocrypt :content-language:references:cc:to:from:subject:user-agent:date :message-id:dkim-signature; bh=i3W3Wid2btRPQkBHZ8MHO6LG8Lnlf2j6JWADOw9hQjM=; fh=OPAseo6bwwFPu0Z/TgqZ37S26U8kSSi3ubVyFPIawCA=; b=ePXlhouWkl8hTOcgua65SV0FpWPihL7RFiJiSwMarvHhvjD5U5NdOVyASYKGkNGLVv md/LTgxNombCSN5Mo7snutZy7SszayrVNZcMBBl9jmjxn8URaY7YWo7E7KdiOrGWZNZ+ Tz7GM2h1hPhIXEb7MEHoJcs112+EKn66iO6kU1bmxXWz2HnCTIyTd/xi1/6EwksQBysS kFHB2UC02D4qa8aEUMxOHjGqV0H8Ja7ykqUfneKTLwIPt3HKqYUSuV3nzhBHsl/A4cKF 33kEs96nRwinJHIh9IL374RZIlfgDIEMiKOhZUHFP88HNzERmtiW+T0jCA/XbRQeb4+1 u0/Q==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=iDFrobLB; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-506a04b133dsi6683341cf.3.2026.02.18.10.32.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 10:32:07 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BSJp4vBCt93mWoU+XiNAes25bTj2eTZ3bZwlfIBs/NbOe6IyDLQCEfPPz9L4VdqX+tdJUDsDcax1vo1EfjZ9JIRXGSOlZATK+RVwvdMPUWTCG6OwlHs/9AYQV56v0ZpicynP6OXG0lCrtIfrBbkJni92oKZXa4yt9fkfsb4POLpo7iDATyymtM+pwONDD8j3x+9ynzUFPXHPWlwkD62WMtwYomWpURHqwMez4b7bf8QJCjDNiaqw6ZhTdBOoiT6g+cFr1Tb1s8jP4gzYh59EJOrrTI8vE9t9z+HQfLe1au/yVvFhbyBfbJpNp7/mpcf4eJbfF1V7TKB4i1N4iE5R1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i3W3Wid2btRPQkBHZ8MHO6LG8Lnlf2j6JWADOw9hQjM=; b=f/SHaEsK78x6w+8ufW3yMZCMIwwj5+eacf553/2RNKfkDya0qvL1CckcTIeKWM/OhHax+hNr3B3fbldQzO8/S3SlGk+c/vTDYMsp82oPCrGhbGktgCFnZhl5zV3hucWxgqptutSTrBPkSHKCxzwpRTLRuahNO4dsLTk17dPjZKn3Rm9nA1zy4/uvmCXQd0mWeX9mwBAOKvEph8eXYwbAsZdLSrVD06S84/FONydklby0uszcBycdoWBPga5QPect+fHxgqLIPakF/50cSwo0yB6k/JMccH3ywDAJwDR/B1yHFOVLEVtACpy2EavGzXthxlwoH3yUvjDTTHUyC1byJw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by AS8PR10MB6651.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:563::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.14; Wed, 18 Feb 2026 18:32:03 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::be9f:e8ca:ee9:83e1]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::be9f:e8ca:ee9:83e1%6]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 18:32:03 +0000 Message-ID: Date: Wed, 18 Feb 2026 19:31:59 +0100 User-Agent: Mozilla Thunderbird Subject: Re: [RFC 00/12] add support to build isar unprivileged From: "'Jan Kiszka' via isar-users" To: Felix Moessbauer , isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> Content-Language: en-US Autocrypt: addr=jan.kiszka@siemens.com; keydata= xsFNBGZY+hkBEACkdtFD81AUVtTVX+UEiUFs7ZQPQsdFpzVmr6R3D059f+lzr4Mlg6KKAcNZ uNUqthIkgLGWzKugodvkcCK8Wbyw+1vxcl4Lw56WezLsOTfu7oi7Z0vp1XkrLcM0tofTbClW xMA964mgUlBT2m/J/ybZd945D0wU57k/smGzDAxkpJgHBrYE/iJWcu46jkGZaLjK4xcMoBWB I6hW9Njxx3Ek0fpLO3876bszc8KjcHOulKreK+ezyJ01Hvbx85s68XWN6N2ulLGtk7E/sXlb 79hylHy5QuU9mZdsRjjRGJb0H9Buzfuz0XrcwOTMJq7e7fbN0QakjivAXsmXim+s5dlKlZjr L3ILWte4ah7cGgqc06nFb5jOhnGnZwnKJlpuod3pc/BFaFGtVHvyoRgxJ9tmDZnjzMfu8YrA +MVv6muwbHnEAeh/f8e9O+oeouqTBzgcaWTq81IyS56/UD6U5GHet9Pz1MB15nnzVcyZXIoC roIhgCUkcl+5m2Z9G56bkiUcFq0IcACzjcRPWvwA09ZbRHXAK/ao/+vPAIMnU6OTx3ejsbHn oh6VpHD3tucIt+xA4/l3LlkZMt5FZjFdkZUuAVU6kBAwElNBCYcrrLYZBRkSGPGDGYZmXAW/ VkNUVTJkRg6MGIeqZmpeoaV2xaIGHBSTDX8+b0c0hT/Bgzjv8QARAQABzSNKYW4gS2lzemth IDxqYW4ua2lzemthQHNpZW1lbnMuY29tPsLBlAQTAQoAPhYhBABMZH11cs99cr20+2mdhQqf QXvYBQJmWPvXAhsDBQkFo5qABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGmdhQqfQXvY zPAP/jGiVJ2VgPcRWt2P8FbByfrJJAPCsos+SZpncRi7tl9yTEpS+t57h7myEKPdB3L+kxzg K3dt1UhYp4FeIHA3jpJYaFvD7kNZJZ1cU55QXrJI3xu/xfB6VhCs+VAUlt7XhOsOmTQqCpH7 pRcZ5juxZCOxXG2fTQTQo0gfF5+PQwQYUp0NdTbVox5PTx5RK3KfPqmAJsBKdwEaIkuY9FbM 9lGg8XBNzD2R/13cCd4hRrZDtyegrtocpBAruVqOZhsMb/h7Wd0TGoJ/zJr3w3WnDM08c+RA 5LHMbiA29MXq1KxlnsYDfWB8ts3HIJ3ROBvagA20mbOm26ddeFjLdGcBTrzbHbzCReEtN++s gZneKsYiueFDTxXjUOJgp8JDdVPM+++axSMo2js8TwVefTfCYt0oWMEqlQqSqgQwIuzpRO6I ik7HAFq8fssy2cY8Imofbj77uKz0BNZC/1nGG1OI9cU2jHrqsn1i95KaS6fPu4EN6XP/Gi/O 0DxND+HEyzVqhUJkvXUhTsOzgzWAvW9BlkKRiVizKM6PLsVm/XmeapGs4ir/U8OzKI+SM3R8 VMW8eovWgXNUQ9F2vS1dHO8eRn2UqDKBZSo+qCRWLRtsqNzmU4N0zuGqZSaDCvkMwF6kIRkD ZkDjjYQtoftPGchLBTUzeUa2gfOr1T4xSQUHhPL8zsFNBGZY+hkBEADb5quW4M0eaWPIjqY6 aC/vHCmpELmS/HMa5zlA0dWlxCPEjkchN8W4PB+NMOXFEJuKLLFs6+s5/KlNok/kGKg4fITf Vcd+BQd/YRks3qFifckU+kxoXpTc2bksTtLuiPkcyFmjBph/BGms35mvOA0OaEO6fQbauiHa QnYrgUQM+YD4uFoQOLnWTPmBjccoPuiJDafzLxwj4r+JH4fA/4zzDa5OFbfVq3ieYGqiBrtj tBFv5epVvGK1zoQ+Rc+h5+dCWPwC2i3cXTUVf0woepF8mUXFcNhY+Eh8vvh1lxfD35z2CJeY txMcA44Lp06kArpWDjGJddd+OTmUkFWeYtAdaCpj/GItuJcQZkaaTeiHqPPrbvXM361rtvaw XFUzUlvoW1Sb7/SeE/BtWoxkeZOgsqouXPTjlFLapvLu5g9MPNimjkYqukASq/+e8MMKP+EE v3BAFVFGvNE3UlNRh+ppBqBUZiqkzg4q2hfeTjnivgChzXlvfTx9M6BJmuDnYAho4BA6vRh4 Dr7LYTLIwGjguIuuQcP2ENN+l32nidy154zCEp5/Rv4K8SYdVegrQ7rWiULgDz9VQWo2zAjo TgFKg3AE3ujDy4V2VndtkMRYpwwuilCDQ+Bpb5ixfbFyZ4oVGs6F3jhtWN5Uu43FhHSCqUv8 FCzl44AyGulVYU7hTQARAQABwsF8BBgBCgAmFiEEAExkfXVyz31yvbT7aZ2FCp9Be9gFAmZY +hkCGwwFCQWjmoAACgkQaZ2FCp9Be9hN3g/8CdNqlOfBZGCFNZ8Kf4tpRpeN3TGmekGRpohU bBMvHYiWW8SvmCgEuBokS+Lx3pyPJQCYZDXLCq47gsLdnhVcQ2ZKNCrr9yhrj6kHxe1Sqv1S MhxD8dBqW6CFe/mbiK9wEMDIqys7L0Xy/lgCFxZswlBW3eU2Zacdo0fDzLiJm9I0C9iPZzkJ gITjoqsiIi/5c3eCY2s2OENL9VPXiH1GPQfHZ23ouiMf+ojVZ7kycLjz+nFr5A14w/B7uHjz uL6tnA+AtGCredDne66LSK3HD0vC7569sZ/j8kGKjlUtC+zm0j03iPI6gi8YeCn9b4F8sLpB lBdlqo9BB+uqoM6F8zMfIfDsqjB0r/q7WeJaI8NKfFwNOGPuo93N+WUyBi2yYCXMOgBUifm0 T6Hbf3SHQpbA56wcKPWJqAC2iFaxNDowcJij9LtEqOlToCMtDBekDwchRvqrWN1mDXLg+av8 qH4kDzsqKX8zzTzfAWFxrkXA/kFpR3JsMzNmvextkN2kOLCCHkym0zz5Y3vxaYtbXG2wTrqJ 8WpkWIE8STUhQa9AkezgucXN7r6uSrzW8IQXxBInZwFIyBgM0f/fzyNqzThFT15QMrYUqhhW ZffO4PeNJOUYfXdH13A6rbU0y6xE7Okuoa01EqNi9yqyLA8gPgg/DhOpGtK8KokCsdYsTbk= In-Reply-To: Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: CH0PR03CA0006.namprd03.prod.outlook.com (2603:10b6:610:b0::11) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|AS8PR10MB6651:EE_ X-MS-Office365-Filtering-Correlation-Id: 5a10431c-16eb-4c54-7375-08de6f1c0332 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|7142099003; X-Microsoft-Antispam-Message-Info: =?utf-8?B?UzZFMS9QVjJlcjhUVVF1VUh5eWtBeUVwMngwTVVtNVMvZDBGRDdldlBaQTFT?= =?utf-8?B?VVF5bkg5K3RXU2kvRmRZK3ZvTUp6bDBHWjZFeUNCMWtrTlhoZnEyMGg1MzBE?= =?utf-8?B?ZWJCd0h5akxZNVFOVC9maTU2Ry9Mb0EzUTR0ZXZCZUJzUUN4OFpSRmNLNkhh?= =?utf-8?B?WGdhWmtybmJ2RjRBMlRwSVFaMkNpSG1DOEltbmtFQS95R2hRTzVXejBCNFpj?= =?utf-8?B?aWxiYXlxR0JzLzZnTWlPTEdhcVY3U1kyQ2JPUUFNR2lnVERKWk1zSFFhZzFn?= =?utf-8?B?SDIwVm1oL0RYYUtZSWdScXpockFnSVVNTjZ3ZUdBbTByRm9YbnpZNkhSMXBV?= =?utf-8?B?SlZyckZnaUVScTBhZEIrSlRlNnV5cVh1SHlaK1M4c1M5WmxnL0pJVFpPcTNH?= =?utf-8?B?dHlRZVkyMFlDRm5NRG1LcnpiVWJhN0tJZElMRWpod0pBT0J1WjRTUlNuaE9E?= =?utf-8?B?b3MvbUNydTBncGova2VIQ0oxdGErNjdCZ1hsUHZLenNHR1ZVeGQ4eHhZUnhM?= =?utf-8?B?RDV1N2ZEM0pGdkZ4K21IakJwcEpjRUFVZ1M1bmNTbUhUSWFsYTAzQTJoSThW?= =?utf-8?B?RzdqS0Q0R3R3TlBsQVFrUElveWtpZE1qRFJhSXlBN0pjR3J0OGFMOGdXcW01?= =?utf-8?B?cVE5TVRxbXRsSVBWVzErVWV3Lyt6d2UvYkVXdWZZOGhWQ2lxOXlETThreXRV?= =?utf-8?B?RVRnZkFXYW5zVENDNGhxb3B3emhOcU5TY2k4bHdNdHJCMS95b2VwK3BVaXFY?= =?utf-8?B?Q2JaeEpPWGJ1Wmp1NzljejZqUk43aUJuWm51cFNsR3A5YlQ1S1I2UFRwdTlX?= =?utf-8?B?eldTbExrc2U3NUlzdjZHUFNMSjJwYS9zZlZhVHFUblIybmxyN3VSU0pTemJY?= =?utf-8?B?RDgrNjlmRkt2S2NVaWZ4QzZLNmVxc25DQU85bWNEd0hHMjkrVU1uQ1JvSU5v?= =?utf-8?B?RjFHc05PRTJlUG1kc3JGNmVneU9WbFE5TEx1TnNqUzhNOXNkS01GSitaY3ZU?= =?utf-8?B?RllLK3dEVmp6SHRVNUVNNEVweGJJSEE5WGYreUVEVEkybzVLaFZiMm1HYWVj?= =?utf-8?B?cmNSZnJQKzI1WENPTURKbHB6VmZVTkZndFQzaWZaUHpXd0FFUHIwRjRnMVVi?= =?utf-8?B?RWlQUEU5YUpvTldwcGhySUlUR05aQXFnSHZVa25GbVlmUkpXdjNwOXRYOFVW?= =?utf-8?B?alNSbExQaUJ5R2Z0Z1RFZlZvd1hsa2pGSUpqWCs4c21ocmtnRW9KS2Nvc2Vz?= =?utf-8?B?RzlFeWJCU1Vqak81Mis1QnJoWWFDWU1OK1R1VEpjL09FeGFEeFFzQmJaOHdW?= =?utf-8?B?TEU2cWVxQ0RjdnlWUFlIOGdGSm1WbVE0MU5nQlVjMU5TY2dyRjZLYldvWTY3?= =?utf-8?B?bFh3UE1BZFAvMUwraFJFZ1QwVEZDankzUU9mVENnNWlZRFpYYnI2V1gvOEk0?= =?utf-8?B?d0JxV0QwMTdIak10K3p3NzM3Y3h4cVI1TXlOSWsycjhPZDNsYnVHZDNWbnJa?= =?utf-8?B?cnByTHk3K3A2RkFNWXIvRDl0VXFJVjFTOFgzT3VwQkREUWV6TWYwMHFpZ3Fi?= =?utf-8?B?QzB3YW5EVlpZNDFlcTZLL2hWVTF2SmZXblNnU2I4TzlNRkVxVGJnMGpDWHV2?= =?utf-8?B?SFpiSHNJMG9QaHlBZHBodmxqZmRuSXFuc1E0ejhmNFhuVk0zeXpiZkw3ZGhR?= =?utf-8?B?Tm9jWXovbFhIdVZ5USs2SzRoblhGSU9nakFtOFh5WGRFRlg1cHlOQ2trRGNw?= =?utf-8?B?Z21abWx0Q2JOU25tNGRscWx4ZFRKbk04LzNOeDVCNU1rUTdDUjJEMEEyUmdw?= =?utf-8?B?eE4vb1JuQTMzWGcybWt3U1R4R1BVaGMvWGNIdFBNV2U1elB1ZGxHNnpSb20r?= =?utf-8?B?RzUrNVJCK0xqd2ZCSXUrdVRkT2JKNnVKVENWaWhkdy84QlZuaUo4SHYvVkRi?= =?utf-8?B?WFlWdVBhZ1RJQTJBVVdCWnJsa0tUeElONitlL0tBeFhWK3IrUk5qWkdDc1E5?= =?utf-8?B?UjE5dTQ1bml3dDl1R3diS0FRR05CSUFBSlFFTExiY2lUb3A0QWxNd0hwRGJW?= =?utf-8?B?Q1lqditaUVowNS92L0JVd0lqVUhOangrZkJ6dkhiVTBCTmd3TkpRUmhOcDRs?= =?utf-8?Q?4Z6U=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(7142099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?amRVd0IrYlYybEY1YUFrKzJJaDhIV2VhUENaMDJQeU1SSlN3amRtellrZWtm?= =?utf-8?B?UWx2UDVPTWJDMnNtTFE4bFVseHVRM2dzSW9VeHZZbzR3ZEV0VFA5dnhSWEN6?= =?utf-8?B?UFMwQWtYV1B4Uk1XMjYxaUsvSk1nelFnSUkrWXA2Y1NVdDR6U2dPY1o1YWFK?= =?utf-8?B?ZEZFbXIxa2xYUUpaKzdZZHd0NXdQMFVRekpGc0NZVk12Y1hXL0lSaExHb1g4?= =?utf-8?B?SDdqckFsK3pKeWd0c2J3Y21wWFNhTk03M3VwbWcwUXpwZWhGNXRuWUY3KzN0?= =?utf-8?B?TGlMcm9mWll5ZkxsaHRrUVA0Uzgwb1BXVXhWSVpXOTFQblU0NmNDekF4aWN6?= =?utf-8?B?bzJVRm1VeG5BbGRDMmNsYnA5R1ZWYU9ISEZDazRIbzF1RlNvSDk4ZGl3N09z?= =?utf-8?B?a25VbjVFQkgrSXh4MEZSanZSY3ZVWHh5RmdaVU9iUUJiZzFLc3BXL1NpVWM5?= =?utf-8?B?U1pML3VnSk9FWTBqRW9RTWRBTDltdkhvcVdnNHFUVWRMTXFYbWpVN0JwWE1R?= =?utf-8?B?Q3dJSkF6QVY5TGUvckVIa2ZxUnArRS9BM1lUbiswamc5SGFiQi9IcWJselJv?= =?utf-8?B?cVVhUlJPZVdESjZ0c3I1a3JkVXMwaGU0REoycWd1TXFobmxRbG5XTE9ZT2o2?= =?utf-8?B?UktTNTNqSGMrSUQrUUtNUkhkWWlGTDV3UGo5K25oaWV2eHlUUWxLbVZQZnhx?= =?utf-8?B?Ti9uU3gwRXZRZC8yUGVOT3k3andRZmQ3eHBFdHR1bHhXRVdkUlJiaVhTKzhE?= =?utf-8?B?bzZyRE1Ic0xaTDA3SmJqTHE2cjA5VzhSd0FHUUZ4UDRCWjB3L1dPbExZWmtR?= =?utf-8?B?LytZdHJHcm9tMzI0Q3d6MnJNWUQ2U0NObUo0TDVicHBrL1l2L000OWlGZ3I5?= =?utf-8?B?TzI2Q0pJZVVNM1BLSWw2RU1rSm1SM0JxaHVyQ011KzBocGFrTE9YeEdpYmNq?= =?utf-8?B?L0pxOVY0dkVhZ2ovbTdsM2NPV0dDNnVnSzdWOU5HZGlPZG1BZENMeU5CWmgw?= =?utf-8?B?cnF2dnNpVjZhWWpBRHVtendLOGtzUTFpWWFUWWZhSHhCNDNVb0ZuM29tSDFk?= =?utf-8?B?c01VTVhTcUxOdFJyMkFURG9lSW1ISHBiTmE3UTUzWFJFMXBZTGR4c05wUkhp?= =?utf-8?B?OFV2ZjNmVWVlTGZlRm1WMzAzRHRLSmtpQWdHSHJvYXkxbGpMTGdRV2JKUHgw?= =?utf-8?B?QlpSVUl3QjVWbmRKZFBBZWtqS25CRU5ONm1Mak5seWVJa1o4S29nUTBRUHRY?= =?utf-8?B?T1lNekRZZkcvekdSbnNzeE0wb2VSZFhjS0lIaHZWZ2REUVd1MGQ4YVB1NTU1?= =?utf-8?B?eE14a2tnVER3dWR5Y3hXV2FZNloxOUdDVml2Q0c4U0VYZGxtZ0FkbnY2dWty?= =?utf-8?B?cHJSZ1lROFZudDFraDlyNDRjL1NLQW94UHZ2dCs3d3hKRG9kTEtNU0NLMDVC?= =?utf-8?B?T2lVRkZKR25ZbU1FNzFaS0RkdFdMNzJqZHRKYkE2NEllejZKK0tTTlZJb1U0?= =?utf-8?B?TDNmVXc1WWQ5dnIzcllSTmFhcXdtdE5KWFlVV3djSGZJWHZNRDFXUWFJaTJh?= =?utf-8?B?YnFTQ1B1M3MxRnNGWkxKZEVVRm0vM2cydlJuc1hBNllITG91S1dTeGVEN0FR?= =?utf-8?B?SlZ2ekl1OWtKMEZXMVR4STVTRlF5d1QvZTZXcVNoNEdkdzJRSHBqMDVscHpF?= =?utf-8?B?M1VQRUp0Vk14ZGFuRWY3U1hCMDJDMXNsamVBeHM3dGF6eEJ5bFcydkdhYzh6?= =?utf-8?B?cjE5Y0pWM2hJYVkvTThnOUgzSWcrVHUxZ2JIS084K1BkVGplWUdmVTh2YlVh?= =?utf-8?B?SEorZ1pTZ0k4ck12NWhiVVNWeGRHWi9iRFE1N3NlMXVJbjdjVHFRbElOVVZ1?= =?utf-8?B?bmZvQUVQb2tCdjM4L0VGeVlMTlh5TDBpN3pyWjB5RVRiZ3pKNHZ1Z3ZrWi9D?= =?utf-8?B?ZWwzN0ZpVng1T3E3UXlxVDRJSzA2aG56dVFmM0pwUTdaVjRObUpIeWljeXNm?= =?utf-8?B?YVBTdHlCZUovWHVjd0tvbU1RSDZIbmsrbnNxbW9MbUpkd2d2WnU0NE96QWox?= =?utf-8?B?MjNXTks0QWIxQjVwbzhqaERjMDdqWmJYYnpSRFdnYWF2UTBPZ3dnbXdpSGZz?= =?utf-8?B?ekF6MzByWWJmM0VOZXNUeHV3YmV3SXRwUzJGQ1RHS3Q1Q1h2VnA3ZUl0VXpB?= =?utf-8?B?NWdLcU4wQWx2Zmtyb0VNT29wQ1NDMmttZkM1WEhXMklxV0c1bTVVZ1gvUzJD?= =?utf-8?B?L2s4dmQwcUlYQjVyaGZiclNjcFZidHpmWitIREh6VHg4Rm9JQVFsa2lqaG9B?= =?utf-8?B?UWtDUjZNa2prK2RVK2o4czlHR3R1V3JnOWlFelV6Z0V2aFhCZm1UZz09?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5a10431c-16eb-4c54-7375-08de6f1c0332 X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 18:32:03.7597 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: is9+5jZA1VYw976bBJz6mGb37S2r+LKIb+eJjOFZGop50wNsVUrTxSwQDX+7DOkYpBPZJWZYzYsJ2vpMd321Gg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB6651 X-Original-Sender: jan.kiszka@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=iDFrobLB; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Jan Kiszka Reply-To: Jan Kiszka Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: kzF5vqYZt1yp On 18.02.26 19:20, Jan Kiszka wrote: > On 18.02.26 12:58, 'Felix Moessbauer' via isar-users wrote: >> Dear isar-users, >> >> currently isar requires password-less sudo and an environment >> where mounting file systems is possible. This has proven problematic >> for security reasons, both when running in a privileged container or >> locally. >> >> To solve this, we implement fully rootless builds that rely on the >> unshare syscall which allows us to avoid sudo and instead operate in >> temporary kernel namespaces as a user that is just privileged within >> that namespace. This comes with some challenges regarding the handling >> of mounts (they are cleared when leaving the namespace), as well as >> cross namespace deployments (the outer user might not be able to access >> the inner data). For that, we rework the handling of mounts and artifact >> passing to make it compatible with both chroot modes (schroot and >> unshare). >> >> The patches 1-10 align the file permissions of deployments and artifacts >> to avoid the use of chown (which will not work anymore across uid >> boundaries). In addition, helpers are introduced to perform privileged >> operations, which simplifies the migration of existing layers. >> >> The patches 11 and 12 introduce the unshare mode, which can be executed >> as a normal user and does not require root. To enable this mode, set >> ISAR_ROOTLESS = "1". >> >> While the series is by far not complete yet, it already passes the DevTest >> CI. Know issues are currently: >> >> - no support for VM and container images >> - unprivileged cleanup of the build/tmp dir is non trivial >> - sporadic issues on partial rebuilds on rootfs_install_sstate_finalize >> - interfaces between kas and isar need to be defined >> >> Note, that this series can be tested on a custom kas-container build >> provided in [1]. Hints how to migrate downstream layers are provided >> in the API changelog. >> >> [1] https://groups.google.com/g/kas-devel/c/NWQFCU2aUHg >> >> Best regards, >> Felix Moessbauer >> Siemens AG >> >> Felix Moessbauer (12): >> refactor bootstrap: store rootfs tar with user permissions >> deb-dl-dir: export without root privileges >> download debs without locking >> introduce wrappers for privileged execution >> bootstrap: move cleanup trap to function >> rootfs: rework sstate caching of rootfs artifact >> rootfs_generate_initramfs: rework deployment to avoid chowning >> wic: rework image deploy logic to deploy under correct user >> use bitbake function to generate mounting scripts >> apt-fetcher: prepare for chroot specific fetching >> add support for fully rootless builds >> apt-fetcher: implement support for unshare backend >> >> Kconfig | 2 +- >> RECIPE-API-CHANGELOG.md | 57 +++++ >> doc/user_manual.md | 2 + >> meta/classes-global/base.bbclass | 93 ++++++++ >> meta/classes-recipe/deb-dl-dir.bbclass | 20 +- >> meta/classes-recipe/dpkg-base.bbclass | 20 +- >> meta/classes-recipe/dpkg-source.bbclass | 2 +- >> meta/classes-recipe/dpkg.bbclass | 16 +- >> .../image-account-extension.bbclass | 4 +- >> .../image-locales-extension.bbclass | 13 +- >> .../image-postproc-extension.bbclass | 30 +-- >> .../image-tools-extension.bbclass | 96 +++++++- >> meta/classes-recipe/image.bbclass | 24 +- >> meta/classes-recipe/imagetypes.bbclass | 47 ++-- >> .../imagetypes_container.bbclass | 26 +-- >> meta/classes-recipe/imagetypes_wic.bbclass | 12 +- >> meta/classes-recipe/rootfs.bbclass | 221 ++++++++++-------- >> meta/classes-recipe/sbuild.bbclass | 37 ++- >> meta/classes-recipe/sdk.bbclass | 23 +- >> meta/classes-recipe/squashfs.bbclass | 2 +- >> meta/classes/sbom.bbclass | 2 +- >> meta/conf/bitbake.conf | 7 +- >> meta/lib/aptsrc_fetcher.py | 90 ++++++- >> .../isar-mmdebstrap/isar-mmdebstrap.inc | 47 ++-- >> .../sbuild-chroot/sbuild-chroot.inc | 24 +- >> .../unittests/test_image_account_extension.py | 9 +- >> 26 files changed, 691 insertions(+), 235 deletions(-) >> > > Hmm, just testing xenomai-images with this and minimal changes for > itself (buildsystem update). It seems to build the kernel - put only on > a single core. This part looks still fine: > > # $PARALLEL_MAKE > # set? /work/build/../isar/meta/conf/bitbake.conf:135 > # "-j ${@bb.utils.cpu_count()}" > PARALLEL_MAKE="-j 16" > > But the "-j 16" does not end up in the actually make call of the kernel > build. How could we possibly lose this? > FWIW, I'm no longer seeing that PARALLEL_MAKE is even defined inside sbuild (this is normally logged). Maybe the different sbuild mode needs a different way of passing env vars in? Jan > > I wanted to test if rootfull mode with your patches applied may answer > this, but: > > ... > ERROR: Unable to parse Var > Traceback (most recent call last): > File "Var ", line 1, in > File "/work/build/../isar/meta/classes-global/base.bbclass", line 396, in get_subid_range(idmap='/etc/subuid', d=): > user, base, cnt = e.split(':') > > if user == os.getuid() or user == os.getlogin(): > return base, cnt > bb.data_smart.ExpansionError: Failure expanding variable UNSHARE_SUBUID_BASE[:=], expression was ${@get_subid_range('/etc/subuid', d)[0]} which triggered exception OSError: [Errno -25] Unknown error -25 > The variable dependency chain for the failure is: UNSHARE_SUBUID_BASE[:=] > > 2026-02-18 19:18:28 - ERROR - Command "/work/isar/bitbake/bin/bitbake -c build linux-xenomai-3" failed with error 1 > > I bet you can reproduce with plane Isar and a linux-mailine build as > well. > > Jan > -- Siemens AG, Foundational Technologies Linux Expert Center -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/f95d77f4-423d-4161-ba99-11ffd65ca6db%40siemens.com.