Merge pull request #41786 from thaJeztah/test_selinux_tip
vendor: opencontainers/selinux v1.8.0, and remove selinux build-tag and stubs
diff --git a/Dockerfile b/Dockerfile
index c748a07..a75fc25 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,7 @@
ARG GO_VERSION=1.13.15
ARG DEBIAN_FRONTEND=noninteractive
ARG VPNKIT_VERSION=0.4.0
-ARG DOCKER_BUILDTAGS="apparmor seccomp selinux"
+ARG DOCKER_BUILDTAGS="apparmor seccomp"
ARG BASE_DEBIAN_DISTRO="buster"
ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index 6951475..5fa688d 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -45,6 +45,7 @@
lntypes "github.com/docker/libnetwork/types"
"github.com/moby/sys/mount"
specs "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -822,7 +823,7 @@
// configureKernelSecuritySupport configures and validates security support for the kernel
func configureKernelSecuritySupport(config *config.Config, driverName string) error {
if config.EnableSelinuxSupport {
- if !selinuxEnabled() {
+ if !selinux.GetEnabled() {
logrus.Warn("Docker could not enable SELinux on the host system")
return nil
}
@@ -840,7 +841,7 @@
}
}
} else {
- selinuxSetDisabled()
+ selinux.SetDisabled()
}
return nil
}
diff --git a/daemon/delete.go b/daemon/delete.go
index 482e7d1..668f232 100644
--- a/daemon/delete.go
+++ b/daemon/delete.go
@@ -11,6 +11,7 @@
"github.com/docker/docker/container"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/pkg/system"
+ "github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -134,7 +135,7 @@
}
linkNames := daemon.linkIndex.delete(container)
- selinuxFreeLxcContexts(container.ProcessLabel)
+ selinux.ReleaseLabel(container.ProcessLabel)
daemon.idIndex.Delete(container.ID)
daemon.containers.Delete(container.ID)
daemon.containersReplica.Delete(container)
diff --git a/daemon/info.go b/daemon/info.go
index 610d7fe..2d4151a 100644
--- a/daemon/info.go
+++ b/daemon/info.go
@@ -22,6 +22,7 @@
"github.com/docker/docker/pkg/system"
"github.com/docker/docker/registry"
metrics "github.com/docker/go-metrics"
+ "github.com/opencontainers/selinux/go-selinux"
"github.com/sirupsen/logrus"
)
@@ -188,7 +189,7 @@
}
securityOptions = append(securityOptions, fmt.Sprintf("name=seccomp,profile=%s", profile))
}
- if selinuxEnabled() {
+ if selinux.GetEnabled() {
securityOptions = append(securityOptions, "name=selinux")
}
if rootIDs := daemon.idMapping.RootPair(); rootIDs.UID != 0 || rootIDs.GID != 0 {
diff --git a/daemon/selinux_linux.go b/daemon/selinux_linux.go
deleted file mode 100644
index 1f7843e..0000000
--- a/daemon/selinux_linux.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package daemon // import "github.com/docker/docker/daemon"
-
-import selinux "github.com/opencontainers/selinux/go-selinux"
-
-func selinuxSetDisabled() {
- selinux.SetDisabled()
-}
-
-func selinuxFreeLxcContexts(label string) {
- selinux.ReleaseLabel(label)
-}
-
-func selinuxEnabled() bool {
- return selinux.GetEnabled()
-}
diff --git a/daemon/selinux_unsupported.go b/daemon/selinux_unsupported.go
deleted file mode 100644
index 49d0d13..0000000
--- a/daemon/selinux_unsupported.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build !linux
-
-package daemon // import "github.com/docker/docker/daemon"
-
-func selinuxSetDisabled() {
-}
-
-func selinuxFreeLxcContexts(label string) {
-}
-
-func selinuxEnabled() bool {
- return false
-}
diff --git a/project/PACKAGERS.md b/project/PACKAGERS.md
index 716aa81..90447fe 100644
--- a/project/PACKAGERS.md
+++ b/project/PACKAGERS.md
@@ -157,12 +157,6 @@
```
If you're building a binary that may need to be used on platforms that include
-SELinux, you will need to use the `selinux` build tag:
-```bash
-export DOCKER_BUILDTAGS='selinux'
-```
-
-If you're building a binary that may need to be used on platforms that include
seccomp, you will need to use the `seccomp` build tag:
```bash
export DOCKER_BUILDTAGS='seccomp'
@@ -188,7 +182,7 @@
NOTE: if you need to set more than one build tag, space separate them:
```bash
-export DOCKER_BUILDTAGS='apparmor selinux exclude_graphdriver_aufs'
+export DOCKER_BUILDTAGS='apparmor exclude_graphdriver_aufs'
```
### LCOW (Linux Containers On Windows)
diff --git a/vendor.conf b/vendor.conf
index 0c74186..5802153 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -176,7 +176,7 @@
# metrics
github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
-github.com/opencontainers/selinux 63ad55b76fd78d4c76c2f5491f68516e60c9d523 # v1.7.0
+github.com/opencontainers/selinux 2f45b3796d18f1ab4c9fc0c888a98d0a0fd6e429 # v1.8.0
github.com/willf/bitset 559910e8471e48d76d9e5a1ba15842dee77ad45d # v1.1.11
diff --git a/vendor/github.com/opencontainers/selinux/README.md b/vendor/github.com/opencontainers/selinux/README.md
index 41f4df7..cd6a60f 100644
--- a/vendor/github.com/opencontainers/selinux/README.md
+++ b/vendor/github.com/opencontainers/selinux/README.md
@@ -6,7 +6,8 @@
## Usage
-When compiling consumers of this project, the `selinux` build tag must be used to enable selinux functionality.
+Prior to v1.8.0, the `selinux` build tag had to be used to enable selinux functionality for compiling consumers of this project.
+Starting with v1.8.0, the `selinux` build tag is no longer needed.
For complete documentation, see [godoc](https://godoc.org/github.com/opencontainers/selinux).
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/doc.go b/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
index 79a8e64..9c9cbd1 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
@@ -5,9 +5,6 @@
allows non-linux and linux users who do not have selinux support to still use
tools that rely on this library.
-To compile with full selinux support use the -tags=selinux option in your build
-and test commands.
-
Usage:
import "github.com/opencontainers/selinux/go-selinux"
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
similarity index 99%
rename from vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
rename to vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
index 988adc8..4394555 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
@@ -1,5 +1,3 @@
-// +build selinux,linux
-
package label
import (
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
index a7d2d5e..02d2062 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
@@ -1,4 +1,4 @@
-// +build !selinux !linux
+// +build !linux
package label
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index 904f5b0..5bfcc04 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -1,5 +1,3 @@
-// +build selinux,linux
-
package selinux
import (
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
index e4b65c9..70b7b7c 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
@@ -1,4 +1,4 @@
-// +build !selinux !linux
+// +build !linux
package selinux
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go
similarity index 96%
rename from vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
rename to vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go
index 2365b4b..117c255 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go
@@ -1,5 +1,3 @@
-// +build selinux,linux
-
package selinux
import (
