v2.0.0-rc1

* Load apparmor on boot also when booting from disk
* Rename system-dockerd to system-engine
* Do not cache service metadatas
* Do not cache Docker image to ISO file
* Disable system-docker bridge by default
* Remove deprecated --oom-score-adjust flag
* Update VMware tools to 12.2.5
* Update QEMU guest agent to 7.2
* Remove broken VirtualBox tools

.gitignore

@@ -22,3 +22,4 @@ __pycache__
 .trash-conf
 /Dockerfile.dapper*
 !/Dockerfile.dapper
+scripts/images/raspberry-pi-hypriot64/Dockerfile.dapper*

Dockerfile.dapper

@@ -84,7 +84,7 @@ ARG OS_BASE_URL_arm64=https://github.com/burmilla/os-base/releases/download/v202
 ARG OS_INITRD_BASE_URL_amd64=https://github.com/burmilla/os-initrd-base/releases/download/v2023.05-1/os-initrd-base-amd64.tar.gz
 ARG OS_INITRD_BASE_URL_arm64=https://github.com/burmilla/os-initrd-base/releases/download/v2023.05-1/os-initrd-base-arm64.tar.gz
 
-ARG SYSTEM_DOCKER_VERSION=17.06.108
+ARG SYSTEM_DOCKER_VERSION=17.06.109
 ARG SYSTEM_DOCKER_URL_amd64=https://github.com/burmilla/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
 ARG SYSTEM_DOCKER_URL_arm64=https://github.com/burmilla/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
 

cmd/control/install.go

@@ -426,7 +426,7 @@ func layDownOS(image, installType, cloudConfig, device, partition, statedir, kap
 	//cloudConfig := SCRIPTS_DIR + "/conf/empty.yml" //${cloudConfig:-"${SCRIPTS_DIR}/conf/empty.yml"}
 	CONSOLE := "tty0"
 	baseName := "/mnt/new_img"
-	kernelArgs := "printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.wait transparent_hugepage=never scsi_mod.use_blk_mq=1 panic=10" // console="+CONSOLE
+	kernelArgs := "printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.wait transparent_hugepage=never scsi_mod.use_blk_mq=1 apparmor=1 security=apparmor panic=10" // console="+CONSOLE
 	if statedir != "" {
 		kernelArgs = kernelArgs + " rancher.state.directory=" + statedir
 	}

cmd/control/user_docker.go

@@ -186,14 +186,14 @@ func startDocker(cfg *config.CloudConfig) error {
 		return err
 	}
 
-	cmd := []string{"system-docker-runc", "exec", "--", info.ID, "env"}
+	cmd := []string{"system-engine-rc", "exec", "--", info.ID, "env"}
 	log.Info(dockerCfg.AppendEnv())
 	cmd = append(cmd, dockerCfg.AppendEnv()...)
 	cmd = append(cmd, dockerCommand...)
 	cmd = append(cmd, args...)
 	log.Infof("Running %v", cmd)
 
-	return syscall.Exec("/usr/bin/system-docker-runc", cmd, os.Environ())
+	return syscall.Exec("/usr/bin/system-engine-rc", cmd, os.Environ())
 }
 
 func waitForPid(service string, project *project.Project) (int, error) {

config/docker_config.go

@@ -12,11 +12,6 @@ func (d *DockerConfig) FullArgs() []string {
 	args = append(args, generateEngineOptsSlice(d.EngineOpts)...)
 	args = append(args, d.ExtraArgs...)
 
-	// Make sure that OOM killer will kill containers before user docker
-	// https://github.com/burmilla/os/issues/33
-	args = append(args, "--oom-score-adjust")
-	args = append(args, "-250")
-
 	if d.TLS {
 		args = append(args, d.TLSArgs...)
 	}

config/docker_config_test.go

@@ -39,10 +39,10 @@ func TestGenerateEngineOptsString(t *testing.T) {
 
 	testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{
 		Host: []string{
-			"unix:///var/run/system-docker.sock",
+			"unix:///var/run/system-engine.sock",
 			"unix:///var/run/docker.sock",
 		},
-	})), "--host unix:///var/run/system-docker.sock", "--host unix:///var/run/docker.sock")
+	})), "--host unix:///var/run/system-engine.sock", "--host unix:///var/run/docker.sock")
 
 	testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{
 		LogOpts: map[string]string{

config/types.go

@@ -18,14 +18,14 @@ const (
 	StateDir         = "/state"
 	RosBin           = "/usr/bin/ros"
 	SysInitBin       = "/usr/bin/ros-sysinit"
-	SystemDockerHost = "unix:///var/run/system-docker.sock"
+	SystemDockerHost = "unix:///var/run/system-engine.sock"
 	DockerHost       = "unix:///var/run/docker.sock"
 	ImagesPath       = "/usr/share/ros"
 	InitImages       = "images-init.tar"
 	SystemImages     = "images-system.tar"
 	UserImages       = "images-user.tar"
 	Debug            = false
-	SystemDockerBin  = "/usr/bin/system-dockerd"
+	SystemDockerBin  = "/usr/bin/system-engine"
 	DefaultDind      = "burmilla/os-dind:17.12.1"
 
 	DetachLabel        = "io.rancher.os.detach"

os-config.tpl.yml

@@ -79,7 +79,7 @@ rancher:
     restart: false
     graph: /var/lib/system-docker
     group: root
-    host: ["unix:///var/run/system-docker.sock"]
+    host: ["unix:///var/run/system-engine.sock"]
     userland_proxy: false
   console: {{.OS_CONSOLE}}
   cloud_init:
@@ -123,7 +123,7 @@ rancher:
       volumes:
       - /usr/bin/ros:/usr/bin/ros:ro
       - /usr/bin/system-docker:/usr/bin/system-docker:ro
-      - /usr/bin/system-docker-runc:/usr/bin/system-docker-runc:ro
+      - /usr/bin/system-engine-rc:/usr/bin/system-engine-rc:ro
     system-volumes:
       image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}}
       command: echo
@@ -341,7 +341,7 @@ rancher:
       privileged: true
       restart: always
       volumes:
-      - /var/run/system-docker.sock:/var/run/docker.sock
+      - /var/run/system-engine.sock:/var/run/docker.sock
       environment:
         DOCKER_API_VERSION: "1.22"
     udev-cold:
@@ -398,11 +398,11 @@ rancher:
   system_docker:
     exec: true
     storage_driver: overlay2
-    bip: 172.18.42.1/16
+    bridge: none
     restart: false
     graph: /var/lib/system-docker
     group: root
-    host: ["unix:///var/run/system-docker.sock"]
+    host: ["unix:///var/run/system-engine.sock"]
     pid_file: /var/run/system-docker.pid
     exec_root: /var/run/system-docker
     config_file: /etc/docker/system-docker.json

pkg/init/recovery/recovery.go

@@ -77,7 +77,7 @@ func Recovery(initFailure error) {
 			Restart:       &[]bool{false}[0],
 			Graph:         "/var/lib/recovery-docker",
 			Group:         "root",
-			Host:          []string{"unix:///var/run/system-docker.sock"},
+			Host:          []string{"unix:///var/run/system-engine.sock"},
 			UserlandProxy: &[]bool{false}[0],
 		},
 	}

scripts/layout-initrd

@@ -32,10 +32,6 @@ ln -s bin                      ${INITRD_DIR}/usr/sbin
 ln -s usr/sbin                 ${INITRD_DIR}/sbin
 
 curl -SL ${!SYSTEM_DOCKER_URL} | tar --strip-components=1 -xzvf - -C ${INITRD_DIR}/usr/bin/
-# we have diabled the user-proxy so we get rid of system-docker-proxy
-rm -f ${INITRD_DIR}/usr/bin/system-docker-proxy
-# reduce size by removing debugging tool system-docker-containerd-ctr
-rm -f ${INITRD_DIR}/usr/bin/system-docker-containerd-ctr
 
 cat <<HERE > ${INITRD_DIR}/usr/share/ros/os-release
 NAME="BurmillaOS"
@@ -50,11 +46,6 @@ BUG_REPORT_URL="https://github.com/burmilla/os/issues"
 BUILD_ID=
 HERE
 
-# cache os-services yml file
-cache_services "h/hyperv-vm-tools.yml"
-cache_services "o/open-vm-tools.yml"
-cache_services "q/qemu-guest-agent.yml"
-
 pushd ${INITRD_DIR}/usr/etc
 ln -s ../share/ros/os-release .
 popd

scripts/release-amd64

@@ -3,11 +3,6 @@ set -ex
 
 cd $(dirname $0)/..
 
-# touch .make-azurebase
-touch .make-hyperv
-touch .make-proxmoxve
-touch .make-vmware
-
 source ./scripts/version
 ./scripts/release-build
 

scripts/tar-images

@@ -19,6 +19,11 @@ for i in ${APPEND_SYSTEM_IMAGES};do
 done
 
 for i in ${IMAGES}; do
+    # Reduce ISO file size by not caching Docker engine
+    if [[ ${i} == "burmilla/os-docker:"* ]]; then
+        continue
+    fi
+
     echo "tar-image: pull($i)"
     if ! docker inspect $i >/dev/null 2>&1; then
         docker pull ${i}