v2.0.0-beta7

- Docker 24.0.5
- Kernel 5.10.188
- System-docker 17.06.108
- System container images compresses with zstd instead of xz
- Added WSL2 support
- Include Hyper-V, ProxmoxVE and VMware tools to ISO
- Include apparmor tools to console
- Enable apparmor by default
- Remove experimental selinux support
- Include chroot command to initrd

.github/workflows/create-release.yml

@@ -2,11 +2,6 @@ name: release
 
 on:
   workflow_dispatch:
-    inputs:
-      firmware:
-        description: 'Include firmwares'
-        default: 'true'
-        required: true
 
 jobs:
   build:

Dockerfile.dapper

@@ -39,6 +39,7 @@ RUN echo "Acquire::http { Proxy \"$APTPROXY\"; };" >> /etc/apt/apt.conf.d/01prox
         wget \
         xorriso \
         xz-utils \
+        zstd \
         telnet
 
 ########## Dapper Configuration #####################
@@ -61,9 +62,7 @@ ARG OS_REPO=burmilla
 ARG HOSTNAME_DEFAULT=burmilla
 ARG DISTRIB_ID=BurmillaOS
 
-ARG SELINUX_POLICY_URL=https://github.com/burmilla/refpolicy/releases/download/v0.0.3/policy.29
-
-ARG KERNEL_VERSION=5.10.162-burmilla
+ARG KERNEL_VERSION=5.10.188-burmilla
 ARG KERNEL_URL_amd64=https://github.com/burmilla/os-kernel/releases/download/v${KERNEL_VERSION}/linux-${KERNEL_VERSION}-x86.tar.gz
 ARG KERNEL_URL_arm64=https://github.com/burmilla/os-kernel/releases/download/v${KERNEL_VERSION}/linux-${KERNEL_VERSION}-arm64.tar.gz
 
@@ -79,17 +78,17 @@ ARG OS_CONSOLE=default
 ARG OS_AUTOFORMAT=false
 ARG OS_FIRMWARE=true
 
-ARG OS_BASE_URL_amd64=https://github.com/burmilla/os-base/releases/download/v2022.02.8-2/os-base_amd64.tar.xz
-ARG OS_BASE_URL_arm64=https://github.com/burmilla/os-base/releases/download/v2022.02.8-2/os-base_arm64.tar.xz
+ARG OS_BASE_URL_amd64=https://github.com/burmilla/os-base/releases/download/v2023.05-1/os-base_amd64.tar.xz
+ARG OS_BASE_URL_arm64=https://github.com/burmilla/os-base/releases/download/v2023.05-1/os-base_arm64.tar.xz
 
-ARG OS_INITRD_BASE_URL_amd64=https://github.com/burmilla/os-initrd-base/releases/download/v2022.02.8-2/os-initrd-base-amd64.tar.gz
-ARG OS_INITRD_BASE_URL_arm64=https://github.com/burmilla/os-initrd-base/releases/download/v2022.02.8-2/os-initrd-base-arm64.tar.gz
+ARG OS_INITRD_BASE_URL_amd64=https://github.com/burmilla/os-initrd-base/releases/download/v2023.05-1/os-initrd-base-amd64.tar.gz
+ARG OS_INITRD_BASE_URL_arm64=https://github.com/burmilla/os-initrd-base/releases/download/v2023.05-1/os-initrd-base-arm64.tar.gz
 
-ARG SYSTEM_DOCKER_VERSION=17.06.107
+ARG SYSTEM_DOCKER_VERSION=17.06.108
 ARG SYSTEM_DOCKER_URL_amd64=https://github.com/burmilla/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
 ARG SYSTEM_DOCKER_URL_arm64=https://github.com/burmilla/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
 
-ARG USER_DOCKER_VERSION=23.0.0rc3
+ARG USER_DOCKER_VERSION=24.0.5
 ARG USER_DOCKER_ENGINE_VERSION=docker-${USER_DOCKER_VERSION}
 
 ARG AZURE_SERVICE=false
@@ -131,7 +130,6 @@ ENV BUILD_DOCKER_URL=BUILD_DOCKER_URL_${ARCH} \
     OS_AUTOFORMAT=${OS_AUTOFORMAT} \
     OS_FIRMWARE=${OS_FIRMWARE} \
     REPO_VERSION=master \
-    SELINUX_POLICY_URL=${SELINUX_POLICY_URL} \
     SYSTEM_DOCKER_URL=SYSTEM_DOCKER_URL_${ARCH} \
     SYSTEM_DOCKER_URL_amd64=${SYSTEM_DOCKER_URL_amd64} \
     SYSTEM_DOCKER_URL_arm64=${SYSTEM_DOCKER_URL_arm64} \
@@ -152,9 +150,6 @@ RUN echo "... Downloading  ${!KERNEL_URL}"; \
         curl -fL ${!KERNEL_URL} > ${DOWNLOADS}/kernel.tar.gz \
     ;fi
 
-# Download SELinux Policy
-RUN curl -pfL ${SELINUX_POLICY_URL} > ${DOWNLOADS}/$(basename ${SELINUX_POLICY_URL})
-
 # Install Go
 RUN curl -L https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${HOST_ARCH}.tar.gz | tar -xzf - -C /usr/local && \
     go get github.com/burmilla/trash

cmd/control/cli.go

@@ -136,7 +136,6 @@ func Main() {
 			Action:          userDockerAction,
 		},
 		installCommand,
-		selinuxCommand(),
 	}
 
 	app.Run(os.Args)

cmd/control/console_init.go

@@ -277,6 +277,10 @@ sudo ros service up docker-compose
 		log.Error(err)
 	}
 
+	if err := util.RunScript("/etc/init.d/apparmor", "start"); err != nil {
+		log.Error(err)
+	}
+
 	// Enable Bash colors
 	enableBashRC("/root", 0, 0)
 	enableBashRC(rancherHome, 1100, 1100)

cmd/init/init.go

@@ -20,7 +20,6 @@ import (
 	"github.com/burmilla/os/pkg/init/one"
 	"github.com/burmilla/os/pkg/init/prepare"
 	"github.com/burmilla/os/pkg/init/recovery"
-	"github.com/burmilla/os/pkg/init/selinux"
 	"github.com/burmilla/os/pkg/init/sharedroot"
 	"github.com/burmilla/os/pkg/init/switchroot"
 	"github.com/burmilla/os/pkg/log"
@@ -64,7 +63,6 @@ func RunInit() error {
 		{Name: "preparefs2", Func: prepare.FS},
 		{Name: "load modules2", Func: modules.LoadModules},
 		{Name: "set proxy env", Func: env.Proxy},
-		{Name: "init SELinux", Func: selinux.Initialize},
 		{Name: "setupSharedRoot", Func: sharedroot.Setup},
 		{Name: "sysinit", Func: sysinit.RunSysInit},
 	}

config/cloudinit/Documentation/cloud-config.md

@@ -387,7 +387,6 @@ The following fields are not yet implemented:
 - **inactive**: Deactivate the user upon creation
 - **lock-passwd**: Boolean. Disable password login for user
 - **sudo**: Entry to add to /etc/sudoers for user. By default, no sudo access is authorized.
-- **selinux-user**: Corresponding SELinux user
 - **ssh-import-id**: Import SSH keys by ID from Launchpad.
 
 ```yaml

config/docker_config_test.go

@@ -37,13 +37,6 @@ func TestGenerateEngineOptsString(t *testing.T) {
 		Bridge: "bridge",
 	})), "--bridge bridge")
 
-	testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{
-		SelinuxEnabled: &[]bool{true}[0],
-	})), "--selinux-enabled")
-	testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{
-		SelinuxEnabled: &[]bool{false}[0],
-	})), "--selinux-enabled=false")
-
 	testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{
 		Host: []string{
 			"unix:///var/run/system-docker.sock",
@@ -59,11 +52,10 @@ func TestGenerateEngineOptsString(t *testing.T) {
 	})), "--log-opt max-size=25m", "--log-opt max-file=2")
 
 	testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{
-		Bridge:         "bridge",
-		SelinuxEnabled: &[]bool{true}[0],
+		Bridge: "bridge",
 		LogOpts: map[string]string{
 			"max-size": "25m",
 			"max-file": "2",
 		},
-	})), "--bridge bridge", "--selinux-enabled", "--log-opt max-size=25m", "--log-opt max-file=2")
+	})), "--bridge bridge", "--log-opt max-size=25m", "--log-opt max-file=2")
 }

config/schema.go

@@ -140,7 +140,6 @@ var schema = `{
 				"pid_file": {"type": "string"},
 				"registry_mirror": {"type": "string"},
 				"restart": {"type": ["boolean", "null"]},
-				"selinux_enabled": {"type": ["boolean", "null"]},
 				"storage_driver": {"type": "string"},
 				"userland_proxy": {"type": ["boolean", "null"]},
 				"userns_enabled": {"type": ["boolean", "null"]},

config/types.go

@@ -180,7 +180,6 @@ type EngineOpts struct {
 	PidFile          string            `yaml:"pid_file,omitempty" opt:"pidfile"`
 	RegistryMirror   string            `yaml:"registry_mirror,omitempty" opt:"registry-mirror"`
 	Restart          *bool             `yaml:"restart,omitempty" opt:"restart"`
-	SelinuxEnabled   *bool             `yaml:"selinux_enabled,omitempty" opt:"selinux-enabled"`
 	StorageDriver    string            `yaml:"storage_driver,omitempty" opt:"storage-driver"`
 	UserlandProxy    *bool             `yaml:"userland_proxy,omitempty" opt:"userland-proxy"`
 }

images/02-console/Dockerfile

@@ -8,6 +8,7 @@ RUN apt-get update \
                            sudo less curl ca-certificates psmisc htop kmod iproute2 \
                            net-tools bash-completion wget \
                            nano open-iscsi iputils-ping nvi \
+                           apparmor \
     && update-alternatives --set iptables /usr/sbin/iptables-legacy \
     && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \
     && rm -rf /var/lib/apt/lists/* \

os-config.tpl.yml

@@ -141,7 +141,6 @@ rancher:
       - /etc/logrotate.d:/etc/logrotate.d
       - /etc/resolv.conf:/etc/resolv.conf
       - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt.rancher
-      - /etc/selinux:/etc/selinux
       - /lib/firmware:/lib/firmware
       - /lib/modules:/lib/modules
       - /run:/run

pkg/dfs/scratch.go

@@ -15,7 +15,6 @@ import (
 	"github.com/burmilla/os/pkg/init/one"
 	"github.com/burmilla/os/pkg/log"
 	"github.com/burmilla/os/pkg/netconf"
-	"github.com/burmilla/os/pkg/selinux"
 	"github.com/burmilla/os/pkg/util"
 
 	"github.com/docker/libnetwork/resolvconf"
@@ -38,9 +37,7 @@ var (
 		{"none", "/run", "tmpfs", ""},
 		{"none", "/sys", "sysfs", ""},
 		{"none", "/sys/fs/cgroup", "tmpfs", ""},
-	}
-	optionalMounts = [][]string{
-		{"none", "/sys/fs/selinux", "selinuxfs", "ro"},
+		{"debugfs", "/sys/kernel/debug", "debugfs", ""},
 	}
 )
 
@@ -73,16 +70,6 @@ func createMounts(mounts ...[]string) error {
 	return nil
 }
 
-func createOptionalMounts(mounts ...[]string) {
-	for _, mount := range mounts {
-		log.Debugf("Mounting %s %s %s %s", mount[0], mount[1], mount[2], mount[3])
-		err := util.Mount(mount[0], mount[1], mount[2], mount[3])
-		if err != nil {
-			log.Debugf("Unable to mount %s %s %s %s: %v", mount[0], mount[1], mount[2], mount[3], err)
-		}
-	}
-}
-
 func createDirs(dirs ...string) error {
 	for _, dir := range dirs {
 		if _, err := os.Stat(dir); os.IsNotExist(err) {
@@ -448,10 +435,10 @@ func PrepareFs(config *Config) error {
 		return err
 	}
 
-	createOptionalMounts(optionalMounts...)
-
-	if err := mountCgroups(config.CgroupHierarchy); err != nil {
-		return err
+	if util.GetHypervisor() != "wsl2" {
+		if err := mountCgroups(config.CgroupHierarchy); err != nil {
+			return err
+		}
 	}
 
 	if err := createLayout(config); err != nil {
@@ -547,8 +534,6 @@ func createLayout(config *Config) error {
 
 	cleanupFiles(graphDirectory)
 
-	selinux.SetFileContext(graphDirectory, "system_u:object_r:var_lib_t:s0")
-
 	symlinks := [][]string{
 		{"usr/lib", "/lib"},
 		{"usr/sbin", "/sbin"},
@@ -579,10 +564,6 @@ func firstPrepare() error {
 
 	if err := defaultFolders(
 		"/etc/docker",
-		"/etc/selinux",
-		"/etc/selinux/ros",
-		"/etc/selinux/ros/policy",
-		"/etc/selinux/ros/contexts",
 	); err != nil {
 		return err
 	}