Docker Infrastructure:
- Added proper user namespace mapping in Dockerfile.alpine
- Created 'builder' user with host UID/GID mapping at build time
- Removed runtime user mapping (now handled in Dockerfile)
- Set up Rust environment for mapped user instead of root
- Fixed config mount consistency (removed :ro flags for real-time sync)
Container Management:
- Added 15 essential cgroup modules to modules-essential.list
- Complete cgroups v1 and v2 support for container orchestration
- Process control: cgroup_pids, cgroup_freezer, cgroup_cpuset
- Memory management: memcg, hugetlb_cgroup
- Network control: net_cls_cgroup, net_prio_cgroup
- Device access: cgroup_device, devices_cgroup
- Advanced features: cgroup_bpf, cgroup_perf_event, cgroup_debug
Environment Updates:
- Updated RFS Dockerfile to Alpine 3.22 for consistency
- Ensured proper /build directory permissions for mapped user
This enables true rootless operation with full container management
capabilities, fixing permission issues and enabling Zero-OS container
orchestration with complete resource control.
- Added upx package to Dockerfile.alpine build dependencies
- Added optimize_binary() function to compile-components.sh
- Automatically strips debug symbols from all Zero-OS binaries
- Applies UPX compression with --best --lzma for maximum size reduction
- Optimizes binaries in both initramfs and output directories
- Shows size reduction stats (original → stripped → compressed)
- Graceful fallback if UPX fails, keeping stripped version
This significantly reduces initramfs size by compressing zinit, rfs, and mycelium binaries.
- Add openssl-libs-static package to both Dockerfiles
- Add pkgconfig for proper SSL library detection
- Fixes mycelium compilation error with missing -lssl and -lcrypto
