v2.0.0-beta7

- Docker 24.0.5
- Kernel 5.10.188
- System-docker 17.06.108
- System container images compresses with zstd instead of xz
- Added WSL2 support
- Include Hyper-V, ProxmoxVE and VMware tools to ISO
- Include apparmor tools to console
- Enable apparmor by default
- Remove experimental selinux support
- Include chroot command to initrd

.github/workflows/add-platform-specific.yml

@@ -1,44 +0,0 @@
-name: add-platform-spefific
-
-on:
-  workflow_dispatch:
-    inputs:
-      platform:
-        description: 'Platform'
-        default: 'vmware'
-        required: true
-
-jobs:
-  build:
-    runs-on: ubuntu-20.04
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        fetch-depth: '0'
-
-    - name: Install github-release
-      run: |
-        sudo wget https://github.com/github-release/github-release/releases/download/v0.9.0/linux-amd64-github-release.bz2 -O /usr/local/bin/github-release.bz2
-        sudo bunzip2 /usr/local/bin/github-release.bz2
-        sudo chmod 0755 /usr/local/bin/github-release
-
-    - name: Build OS
-      run: |
-        export VERSION=$(git describe --exact-match --tags $(git log -n1 --pretty='%h'))
-        if [ -z "$VERSION" ]; then
-          echo "Build is not started from tag. Will exit..."
-          exit 1
-        fi
-        export ARCH=amd64
-        make ${{ github.event.inputs.platform }}
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v1
-      with:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-
-    - name: Publish release
-      run: ${PWD}/dist/publish.sh
-      env:
-        GITHUB_TOKEN: ${{ secrets.OS_RELEASE_TOKEN }}

.github/workflows/create-release.yml

@@ -2,11 +2,6 @@ name: release
 
 on:
   workflow_dispatch:
-    inputs:
-      firmware:
-        description: 'Include firmwares'
-        default: 'true'
-        required: true
 
 jobs:
   build:

Dockerfile.dapper

@@ -39,6 +39,7 @@ RUN echo "Acquire::http { Proxy \"$APTPROXY\"; };" >> /etc/apt/apt.conf.d/01prox
         wget \
         xorriso \
         xz-utils \
+        zstd \
         telnet
 
 ########## Dapper Configuration #####################
@@ -61,9 +62,7 @@ ARG OS_REPO=burmilla
 ARG HOSTNAME_DEFAULT=burmilla
 ARG DISTRIB_ID=BurmillaOS
 
-ARG SELINUX_POLICY_URL=https://github.com/burmilla/refpolicy/releases/download/v0.0.3/policy.29
-
-ARG KERNEL_VERSION=5.10.162-burmilla
+ARG KERNEL_VERSION=5.10.188-burmilla
 ARG KERNEL_URL_amd64=https://github.com/burmilla/os-kernel/releases/download/v${KERNEL_VERSION}/linux-${KERNEL_VERSION}-x86.tar.gz
 ARG KERNEL_URL_arm64=https://github.com/burmilla/os-kernel/releases/download/v${KERNEL_VERSION}/linux-${KERNEL_VERSION}-arm64.tar.gz
 
@@ -79,17 +78,17 @@ ARG OS_CONSOLE=default
 ARG OS_AUTOFORMAT=false
 ARG OS_FIRMWARE=true
 
-ARG OS_BASE_URL_amd64=https://github.com/burmilla/os-base/releases/download/v2022.02.8-2/os-base_amd64.tar.xz
-ARG OS_BASE_URL_arm64=https://github.com/burmilla/os-base/releases/download/v2022.02.8-2/os-base_arm64.tar.xz
+ARG OS_BASE_URL_amd64=https://github.com/burmilla/os-base/releases/download/v2023.05-1/os-base_amd64.tar.xz
+ARG OS_BASE_URL_arm64=https://github.com/burmilla/os-base/releases/download/v2023.05-1/os-base_arm64.tar.xz
 
-ARG OS_INITRD_BASE_URL_amd64=https://github.com/burmilla/os-initrd-base/releases/download/v2022.02.8-2/os-initrd-base-amd64.tar.gz
-ARG OS_INITRD_BASE_URL_arm64=https://github.com/burmilla/os-initrd-base/releases/download/v2022.02.8-2/os-initrd-base-arm64.tar.gz
+ARG OS_INITRD_BASE_URL_amd64=https://github.com/burmilla/os-initrd-base/releases/download/v2023.05-1/os-initrd-base-amd64.tar.gz
+ARG OS_INITRD_BASE_URL_arm64=https://github.com/burmilla/os-initrd-base/releases/download/v2023.05-1/os-initrd-base-arm64.tar.gz
 
-ARG SYSTEM_DOCKER_VERSION=17.06.107
+ARG SYSTEM_DOCKER_VERSION=17.06.108
 ARG SYSTEM_DOCKER_URL_amd64=https://github.com/burmilla/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
 ARG SYSTEM_DOCKER_URL_arm64=https://github.com/burmilla/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
 
-ARG USER_DOCKER_VERSION=23.0.0rc3
+ARG USER_DOCKER_VERSION=24.0.5
 ARG USER_DOCKER_ENGINE_VERSION=docker-${USER_DOCKER_VERSION}
 
 ARG AZURE_SERVICE=false
@@ -131,7 +130,6 @@ ENV BUILD_DOCKER_URL=BUILD_DOCKER_URL_${ARCH} \
     OS_AUTOFORMAT=${OS_AUTOFORMAT} \
     OS_FIRMWARE=${OS_FIRMWARE} \
     REPO_VERSION=master \
-    SELINUX_POLICY_URL=${SELINUX_POLICY_URL} \
     SYSTEM_DOCKER_URL=SYSTEM_DOCKER_URL_${ARCH} \
     SYSTEM_DOCKER_URL_amd64=${SYSTEM_DOCKER_URL_amd64} \
     SYSTEM_DOCKER_URL_arm64=${SYSTEM_DOCKER_URL_arm64} \
@@ -152,9 +150,6 @@ RUN echo "... Downloading  ${!KERNEL_URL}"; \
         curl -fL ${!KERNEL_URL} > ${DOWNLOADS}/kernel.tar.gz \
     ;fi
 
-# Download SELinux Policy
-RUN curl -pfL ${SELINUX_POLICY_URL} > ${DOWNLOADS}/$(basename ${SELINUX_POLICY_URL})
-
 # Install Go
 RUN curl -L https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${HOST_ARCH}.tar.gz | tar -xzf - -C /usr/local && \
     go get github.com/burmilla/trash

assets/selinux/config

@@ -1,2 +0,0 @@
-SELINUX=permissive
-SELINUXTYPE=ros

assets/selinux/ros/contexts/failsafe_context

@@ -1 +0,0 @@
-unconfined_r:unconfined_t:s0

assets/selinux/ros/contexts/lxc_contexts

@@ -1,3 +0,0 @@
-process = "system_u:system_r:svirt_lxc_net_t:s0"
-content = "system_u:object_r:virt_var_lib_t:s0"
-file = "system_u:object_r:svirt_lxc_file_t:s0"

assets/selinux/ros/seusers

@@ -1 +0,0 @@
-__default__:unconfined_u:s0-s0:c0.c1023

cmd/control/cli.go

@@ -136,7 +136,6 @@ func Main() {
 			Action:          userDockerAction,
 		},
 		installCommand,
-		selinuxCommand(),
 	}
 
 	app.Run(os.Args)

cmd/control/console_init.go

@@ -277,6 +277,10 @@ sudo ros service up docker-compose
 		log.Error(err)
 	}
 
+	if err := util.RunScript("/etc/init.d/apparmor", "start"); err != nil {
+		log.Error(err)
+	}
+
 	// Enable Bash colors
 	enableBashRC("/root", 0, 0)
 	enableBashRC(rancherHome, 1100, 1100)

cmd/control/selinux.go

@@ -1,59 +0,0 @@
-package control
-
-import (
-	"fmt"
-	"syscall"
-
-	"github.com/burmilla/os/config"
-
-	"github.com/codegangsta/cli"
-)
-
-func selinuxCommand() cli.Command {
-	app := cli.Command{}
-	app.Hidden = true
-	app.Name = "selinux"
-	app.Action = func(c *cli.Context) error {
-		argv := []string{"system-docker", "run", "-it", "--privileged", "--rm",
-			"--net", "host", "--pid", "host", "--ipc", "host",
-			"-v", "/usr/bin/docker:/usr/bin/docker.dist:ro",
-			"-v", "/usr/bin/ros:/usr/bin/dockerlaunch:ro",
-			"-v", "/usr/bin/ros:/usr/bin/system-docker:ro",
-			"-v", "/usr/bin/ros:/sbin/poweroff:ro",
-			"-v", "/usr/bin/ros:/sbin/reboot:ro",
-			"-v", "/usr/bin/ros:/sbin/halt:ro",
-			"-v", "/usr/bin/ros:/sbin/shutdown:ro",
-			"-v", "/usr/bin/ros:/usr/bin/respawn:ro",
-			"-v", "/usr/bin/ros:/usr/bin/ros:ro",
-			"-v", "/usr/bin/ros:/usr/bin/cloud-init:ro",
-			"-v", "/usr/bin/ros:/usr/sbin/netconf:ro",
-			"-v", "/usr/bin/ros:/usr/sbin/wait-for-network:ro",
-			"-v", "/usr/bin/ros:/usr/sbin/wait-for-docker:ro",
-			"-v", "/var/lib/docker:/var/lib/docker",
-			"-v", "/var/lib/rkt:/var/lib/rkt",
-			"-v", "/dev:/host/dev",
-			"-v", "/etc/docker:/etc/docker",
-			"-v", "/etc/hosts:/etc/hosts",
-			"-v", "/etc/resolv.conf:/etc/resolv.conf",
-			"-v", "/etc/rkt:/etc/rkt",
-			"-v", "/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt.rancher",
-			"-v", "/lib/firmware:/lib/firmware",
-			"-v", "/lib/modules:/lib/modules",
-			"-v", "/run:/run",
-			"-v", "/usr/share/ros:/usr/share/ros",
-			"-v", "/var/lib/rancher/conf:/var/lib/rancher/conf",
-			"-v", "/var/lib/rancher:/var/lib/rancher",
-			"-v", "/var/log:/var/log",
-			"-v", "/var/run:/var/run",
-			"-v", "/home:/home",
-			"-v", "/opt:/opt",
-			"-v", "/etc/selinux:/etc/selinux",
-			"-v", "/var/lib/selinux:/var/lib/selinux",
-			"-v", "/usr/share/selinux:/usr/share/selinux",
-			fmt.Sprintf("%s/os-selinuxtools:%s%s", config.OsRepo, config.Version, config.Suffix), "bash"}
-		syscall.Exec("/bin/system-docker", argv, []string{})
-		return nil
-	}
-
-	return app
-}

cmd/init/init.go

@@ -20,7 +20,6 @@ import (
 	"github.com/burmilla/os/pkg/init/one"
 	"github.com/burmilla/os/pkg/init/prepare"
 	"github.com/burmilla/os/pkg/init/recovery"
-	"github.com/burmilla/os/pkg/init/selinux"
 	"github.com/burmilla/os/pkg/init/sharedroot"
 	"github.com/burmilla/os/pkg/init/switchroot"
 	"github.com/burmilla/os/pkg/log"
@@ -64,7 +63,6 @@ func RunInit() error {
 		{Name: "preparefs2", Func: prepare.FS},
 		{Name: "load modules2", Func: modules.LoadModules},
 		{Name: "set proxy env", Func: env.Proxy},
-		{Name: "init SELinux", Func: selinux.Initialize},
 		{Name: "setupSharedRoot", Func: sharedroot.Setup},
 		{Name: "sysinit", Func: sysinit.RunSysInit},
 	}

config/cloudinit/Documentation/cloud-config.md

@@ -387,7 +387,6 @@ The following fields are not yet implemented:
 - **inactive**: Deactivate the user upon creation
 - **lock-passwd**: Boolean. Disable password login for user
 - **sudo**: Entry to add to /etc/sudoers for user. By default, no sudo access is authorized.
-- **selinux-user**: Corresponding SELinux user
 - **ssh-import-id**: Import SSH keys by ID from Launchpad.
 
 ```yaml

config/docker_config_test.go

@@ -37,13 +37,6 @@ func TestGenerateEngineOptsString(t *testing.T) {
 		Bridge: "bridge",
 	})), "--bridge bridge")
 
-	testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{
-		SelinuxEnabled: &[]bool{true}[0],
-	})), "--selinux-enabled")
-	testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{
-		SelinuxEnabled: &[]bool{false}[0],
-	})), "--selinux-enabled=false")
-
 	testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{
 		Host: []string{
 			"unix:///var/run/system-docker.sock",
@@ -59,11 +52,10 @@ func TestGenerateEngineOptsString(t *testing.T) {
 	})), "--log-opt max-size=25m", "--log-opt max-file=2")
 
 	testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{
-		Bridge:         "bridge",
-		SelinuxEnabled: &[]bool{true}[0],
+		Bridge: "bridge",
 		LogOpts: map[string]string{
 			"max-size": "25m",
 			"max-file": "2",
 		},
-	})), "--bridge bridge", "--selinux-enabled", "--log-opt max-size=25m", "--log-opt max-file=2")
+	})), "--bridge bridge", "--log-opt max-size=25m", "--log-opt max-file=2")
 }

config/schema.go

@@ -140,7 +140,6 @@ var schema = `{
 				"pid_file": {"type": "string"},
 				"registry_mirror": {"type": "string"},
 				"restart": {"type": ["boolean", "null"]},
-				"selinux_enabled": {"type": ["boolean", "null"]},
 				"storage_driver": {"type": "string"},
 				"userland_proxy": {"type": ["boolean", "null"]},
 				"userns_enabled": {"type": ["boolean", "null"]},

config/types.go

@@ -180,7 +180,6 @@ type EngineOpts struct {
 	PidFile          string            `yaml:"pid_file,omitempty" opt:"pidfile"`
 	RegistryMirror   string            `yaml:"registry_mirror,omitempty" opt:"registry-mirror"`
 	Restart          *bool             `yaml:"restart,omitempty" opt:"restart"`
-	SelinuxEnabled   *bool             `yaml:"selinux_enabled,omitempty" opt:"selinux-enabled"`
 	StorageDriver    string            `yaml:"storage_driver,omitempty" opt:"storage-driver"`
 	UserlandProxy    *bool             `yaml:"userland_proxy,omitempty" opt:"userland-proxy"`
 }

images/02-console/Dockerfile

@@ -8,6 +8,7 @@ RUN apt-get update \
                            sudo less curl ca-certificates psmisc htop kmod iproute2 \
                            net-tools bash-completion wget \
                            nano open-iscsi iputils-ping nvi \
+                           apparmor \
     && update-alternatives --set iptables /usr/sbin/iptables-legacy \
     && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \
     && rm -rf /var/lib/apt/lists/* \

os-config.tpl.yml

@@ -141,7 +141,6 @@ rancher:
       - /etc/logrotate.d:/etc/logrotate.d
       - /etc/resolv.conf:/etc/resolv.conf
       - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt.rancher
-      - /etc/selinux:/etc/selinux
       - /lib/firmware:/lib/firmware
       - /lib/modules:/lib/modules
       - /run:/run

pkg/dfs/scratch.go

@@ -15,7 +15,6 @@ import (
 	"github.com/burmilla/os/pkg/init/one"
 	"github.com/burmilla/os/pkg/log"
 	"github.com/burmilla/os/pkg/netconf"
-	"github.com/burmilla/os/pkg/selinux"
 	"github.com/burmilla/os/pkg/util"
 
 	"github.com/docker/libnetwork/resolvconf"
@@ -38,9 +37,7 @@ var (
 		{"none", "/run", "tmpfs", ""},
 		{"none", "/sys", "sysfs", ""},
 		{"none", "/sys/fs/cgroup", "tmpfs", ""},
-	}
-	optionalMounts = [][]string{
-		{"none", "/sys/fs/selinux", "selinuxfs", "ro"},
+		{"debugfs", "/sys/kernel/debug", "debugfs", ""},
 	}
 )
 
@@ -73,16 +70,6 @@ func createMounts(mounts ...[]string) error {
 	return nil
 }
 
-func createOptionalMounts(mounts ...[]string) {
-	for _, mount := range mounts {
-		log.Debugf("Mounting %s %s %s %s", mount[0], mount[1], mount[2], mount[3])
-		err := util.Mount(mount[0], mount[1], mount[2], mount[3])
-		if err != nil {
-			log.Debugf("Unable to mount %s %s %s %s: %v", mount[0], mount[1], mount[2], mount[3], err)
-		}
-	}
-}
-
 func createDirs(dirs ...string) error {
 	for _, dir := range dirs {
 		if _, err := os.Stat(dir); os.IsNotExist(err) {
@@ -448,10 +435,10 @@ func PrepareFs(config *Config) error {
 		return err
 	}
 
-	createOptionalMounts(optionalMounts...)
-
-	if err := mountCgroups(config.CgroupHierarchy); err != nil {
-		return err
+	if util.GetHypervisor() != "wsl2" {
+		if err := mountCgroups(config.CgroupHierarchy); err != nil {
+			return err
+		}
 	}
 
 	if err := createLayout(config); err != nil {
@@ -547,8 +534,6 @@ func createLayout(config *Config) error {
 
 	cleanupFiles(graphDirectory)
 
-	selinux.SetFileContext(graphDirectory, "system_u:object_r:var_lib_t:s0")
-
 	symlinks := [][]string{
 		{"usr/lib", "/lib"},
 		{"usr/sbin", "/sbin"},
@@ -579,10 +564,6 @@ func firstPrepare() error {
 
 	if err := defaultFolders(
 		"/etc/docker",
-		"/etc/selinux",
-		"/etc/selinux/ros",
-		"/etc/selinux/ros/policy",
-		"/etc/selinux/ros/contexts",
 	); err != nil {
 		return err
 	}

pkg/init/selinux/selinux.go

@@ -1,34 +0,0 @@
-//go:build linux
-// +build linux
-
-package selinux
-
-import (
-	"io/ioutil"
-
-	"github.com/burmilla/os/config"
-	"github.com/burmilla/os/pkg/log"
-	"github.com/burmilla/os/pkg/selinux"
-)
-
-func Initialize(c *config.CloudConfig) (*config.CloudConfig, error) {
-	ret, _ := selinux.InitializeSelinux()
-
-	if ret != 0 {
-		log.Debug("Unable to initialize SELinux")
-		return c, nil
-	}
-
-	// Set allow_execstack boolean to true
-	if err := ioutil.WriteFile("/sys/fs/selinux/booleans/allow_execstack", []byte("1"), 0644); err != nil {
-		log.Debug(err)
-		return c, nil
-	}
-
-	if err := ioutil.WriteFile("/sys/fs/selinux/commit_pending_bools", []byte("1"), 0644); err != nil {
-		log.Debug(err)
-		return c, nil
-	}
-
-	return c, nil
-}

pkg/selinux/selinux_linux.go

@@ -1,16 +0,0 @@
-package selinux
-
-// #cgo pkg-config: libselinux libsepol
-// #include <selinux/selinux.h>
-import "C"
-
-func InitializeSelinux() (int, error) {
-	enforce := C.int(0)
-	ret, err := C.selinux_init_load_policy(&enforce)
-	return int(ret), err
-}
-
-func SetFileContext(path string, context string) (int, error) {
-	ret, err := C.setfilecon(C.CString(path), C.CString(context))
-	return int(ret), err
-}

pkg/util/cutil.go

@@ -8,12 +8,13 @@ package util
 #include<blkid/blkid.h>
 #include<libmount/libmount.h>
 #include<stdlib.h>
+#cgo pkg-config: libselinux libsepol
+#include <selinux/selinux.h>
 */
 import "C"
-import "unsafe"
-
 import (
 	"errors"
+	"unsafe"
 )
 
 // ResolveDevice this isn't reliable - blkid -L LABEL works more often :(

pkg/util/util_linux.go

@@ -144,5 +144,15 @@ func BlkidType(deviceType string) (deviceNames []string, err error) {
 
 // GetHypervisor tries to detect if we're running in a VM, and returns a string for its type
 func GetHypervisor() string {
-	return cpuid.CPU.HypervisorName
+	hv := cpuid.CPU.HypervisorName
+	if hv == "hyperv" {
+		data, err := os.ReadFile("/proc/sys/kernel/osrelease")
+		if err != nil {
+			return hv
+		}
+		if strings.Contains(string(data), "microsoft-standard-WSL2") {
+			hv = "wsl2"
+		}
+	}
+	return hv
 }

scripts/global.cfg

@@ -1 +1 @@
-APPEND rancher.autologin=tty1 rancher.autologin=ttyS0 rancher.autologin=ttyS1 console=tty1 console=ttyS0 console=ttyS1 printk.devkmsg=on transparent_hugepage=never scsi_mod.use_blk_mq=1 ${APPEND}
+APPEND rancher.autologin=tty1 rancher.autologin=ttyS0 rancher.autologin=ttyS1 console=tty1 console=ttyS0 console=ttyS1 printk.devkmsg=on transparent_hugepage=never scsi_mod.use_blk_mq=1 apparmor=1 security=apparmor ${APPEND}

scripts/layout-initrd

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 function cache_services() {
+    echo "Caching service: $1"
     local SERVICE_YMLFILE=$1
 
     local SERVICE_URL=${OS_SERVICES_REPO}/${REPO_VERSION}
@@ -22,10 +23,11 @@ mkdir -p ${INITRD_DIR}/usr/{etc,lib,bin,share/ros}
 
 ./scripts/template
 
-cp -rf assets/selinux          ${INITRD_DIR}/usr/etc
 cp build/images*.tar           ${INITRD_DIR}/usr/share/ros/
 cp bin/ros                     ${INITRD_DIR}/usr/bin/
 ln -s usr/bin/ros              ${INITRD_DIR}/init
+# cp ${INITRD_DIR}/usr/bin/sh    ${INITRD_DIR}/usr/bin
+ln -s ros                      ${INITRD_DIR}/usr/bin/init
 ln -s bin                      ${INITRD_DIR}/usr/sbin
 ln -s usr/sbin                 ${INITRD_DIR}/sbin
 
@@ -49,44 +51,9 @@ BUILD_ID=
 HERE
 
 # cache os-services yml file
-for file in $(find . -type f -name ".make-*"); do
-    f_file=$(basename ${file})
-    case $f_file in
-        ".make-vmware")
-            cache_services "o/open-vm-tools.yml"
-            ;;
-        ".make-4glte")
-            cache_services "m/modem-manager.yml"
-            ;;
-        ".make-hyperv")
-            cache_services "h/hyperv-vm-tools.yml"
-            ;;
-        ".make-azurebase")
-            cache_services "h/hyperv-vm-tools.yml"
-            cache_services "w/waagent.yml"
-            ;;
-        ".make-proxmoxve")
-            cache_services "q/qemu-guest-agent.yml"
-            ;;
-    esac
-done
-case ${OS_CONSOLE} in
-    "alpine")
-        cache_services "a/alpine.yml"
-        ;;
-    "centos")
-        cache_services "c/centos.yml"
-        ;;
-    "debian")
-        cache_services "d/debian.yml"
-        ;;
-    "fedora")
-        cache_services "f/fedora.yml"
-        ;;
-    "ubuntu")
-        cache_services "u/ubuntu.yml"
-        ;;
-esac
+cache_services "h/hyperv-vm-tools.yml"
+cache_services "o/open-vm-tools.yml"
+cache_services "q/qemu-guest-agent.yml"
 
 pushd ${INITRD_DIR}/usr/etc
 ln -s ../share/ros/os-release .
@@ -97,11 +64,6 @@ touch ${INITRD_DIR}/usr/bin/docker-containerd
 touch ${INITRD_DIR}/usr/bin/docker-containerd-shim
 touch ${INITRD_DIR}/usr/bin/docker
 
-if [ -e ${DOWNLOADS}/policy.29 ]; then
-    mkdir -p ${INITRD_DIR}/usr/etc/selinux/ros/policy/
-    cp ${DOWNLOADS}/policy.29 ${INITRD_DIR}/usr/etc/selinux/ros/policy/
-fi
-
 # make burmilla/os-initrd image
 cat <<HERE > ${INITRD_DIR}/../Dockerfile.initrd
 FROM scratch

scripts/release-amd64

@@ -3,6 +3,11 @@ set -ex
 
 cd $(dirname $0)/..
 
+# touch .make-azurebase
+touch .make-hyperv
+touch .make-proxmoxve
+touch .make-vmware
+
 source ./scripts/version
 ./scripts/release-build
 

scripts/release-azurebase

@@ -1,9 +0,0 @@
-#!/bin/bash
-set -ex
-
-cd $(dirname $0)/..
-
-touch .make-azurebase
-
-source ./scripts/version
-./scripts/release-build

scripts/release-hyperv

@@ -1,14 +0,0 @@
-#!/bin/bash
-set -ex
-
-cd $(dirname $0)/..
-
-touch .make-hyperv
-
-source ./scripts/version
-./scripts/release-build
-
-touch dist/publish.sh
-chmod 755 dist/publish.sh
-
-echo "github-release upload --user burmilla --repo os --tag ${VERSION} --file dist/artifacts/burmillaos.iso --name burmillaos-${VERSION}-hyperv.iso" > dist/publish.sh

scripts/release-proxmoxve

@@ -1,14 +0,0 @@
-#!/bin/bash
-set -ex
-
-cd $(dirname $0)/..
-
-touch .make-proxmoxve
-
-source ./scripts/version
-./scripts/release-build
-
-touch dist/publish.sh
-chmod 755 dist/publish.sh
-
-echo "github-release upload --user burmilla --repo os --tag ${VERSION} --file dist/artifacts/burmillaos.iso --name burmillaos-${VERSION}-proxmoxve.iso" > dist/publish.sh

scripts/release-vmware

@@ -1,14 +0,0 @@
-#!/bin/bash
-set -ex
-
-cd $(dirname $0)/..
-
-touch .make-vmware
-
-source ./scripts/version
-./scripts/release-build
-
-touch dist/publish.sh
-chmod 755 dist/publish.sh
-
-echo "github-release upload --user burmilla --repo os --tag ${VERSION} --file dist/artifacts/burmillaos.iso --name burmillaos-${VERSION}-vmware.iso" >> dist/publish.sh

scripts/schema.json

@@ -133,7 +133,6 @@
         "pid_file": {"type": "string"},
         "registry_mirror": {"type": "string"},
         "restart": {"type": ["boolean", "null"]},
-        "selinux_enabled": {"type": ["boolean", "null"]},
         "storage_driver": {"type": "string"},
         "userland_proxy": {"type": ["boolean", "null"]},
         "userns_enabled": {"type": ["boolean", "null"]},

scripts/tar-images

@@ -44,14 +44,7 @@ echo "tar-image: SYSTEM_IMAGES=$SYSTEM_IMAGES"
 echo "tar-image: INIT_IMAGES=$INIT_IMAGES"
 echo "tar-image: USER_IMAGES=$USER_IMAGES"
 
-if [ "$COMPRESS" == "" ]; then
-    ARCHIVE_CMD="gzip"
-else
-    # system-docker can not load images which compressed by xz with a compression level of 9
-    # decompression consumes more memory if using level 9
-    # the default compression level for xz is 6
-    ARCHIVE_CMD="xz -4 -e"
-fi
+ARCHIVE_CMD="zstd -19 -c"
 
 docker save ${INIT_IMAGES} | ${ARCHIVE_CMD} > ${INIT_IMAGES_DST}
 docker save ${SYSTEM_IMAGES} | ${ARCHIVE_CMD} > ${SYSTEM_IMAGES_DST}