beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

vendor: opencontainers/selinux v1.8.0, and remove selinux build-tag and stubs

Browse source 
full diff: https://github.com/opencontainers/selinux/compare/v1.7.0...v1.8.0

Remove "selinux" build tag

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2020-12-14 11:46:58 +01:00
parent 249d0ab744
commit 1c0af18c6c
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
15 changed files with 14 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -6,7 +6,7 @@ ARG SYSTEMD="false"
ARG GO_VERSION=1.13.15
ARG DEBIAN_FRONTEND=noninteractive
ARG VPNKIT_VERSION=0.4.0
ARG DOCKER_BUILDTAGS="apparmor seccomp selinux"
ARG DOCKER_BUILDTAGS="apparmor seccomp"
ARG BASE_DEBIAN_DISTRO="buster"
ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"

5
daemon/daemon_unix.go
View file

@ -45,6 +45,7 @@ import (
lntypes "github.com/docker/libnetwork/types"
"github.com/moby/sys/mount"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@ -822,7 +823,7 @@ func overlaySupportsSelinux() (bool, error) {
// configureKernelSecuritySupport configures and validates security support for the kernel
func configureKernelSecuritySupport(config *config.Config, driverName string) error {
if config.EnableSelinuxSupport {
if !selinuxEnabled() {
if !selinux.GetEnabled() {
logrus.Warn("Docker could not enable SELinux on the host system")
return nil
}
@ -840,7 +841,7 @@ func configureKernelSecuritySupport(config *config.Config, driverName string) er
}
}
} else {
selinuxSetDisabled()
selinux.SetDisabled()
}
return nil
}

3
daemon/delete.go
View file

@ -11,6 +11,7 @@ import (
"github.com/docker/docker/container"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/pkg/system"
"github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@ -134,7 +135,7 @@ func (daemon *Daemon) cleanupContainer(container *container.Container, forceRemo
}
linkNames := daemon.linkIndex.delete(container)
selinuxFreeLxcContexts(container.ProcessLabel)
selinux.ReleaseLabel(container.ProcessLabel)
daemon.idIndex.Delete(container.ID)
daemon.containers.Delete(container.ID)
daemon.containersReplica.Delete(container)

3
daemon/info.go
View file

@ -22,6 +22,7 @@ import (
"github.com/docker/docker/pkg/system"
"github.com/docker/docker/registry"
metrics "github.com/docker/go-metrics"
"github.com/opencontainers/selinux/go-selinux"
"github.com/sirupsen/logrus"
)
@ -188,7 +189,7 @@ func (daemon *Daemon) fillSecurityOptions(v *types.Info, sysInfo *sysinfo.SysInf
}
securityOptions = append(securityOptions, fmt.Sprintf("name=seccomp,profile=%s", profile))
}
if selinuxEnabled() {
if selinux.GetEnabled() {
securityOptions = append(securityOptions, "name=selinux")
}
if rootIDs := daemon.idMapping.RootPair(); rootIDs.UID != 0 || rootIDs.GID != 0 {

15
daemon/selinux_linux.go
View file

@ -1,15 +0,0 @@
package daemon // import "github.com/docker/docker/daemon"
import selinux "github.com/opencontainers/selinux/go-selinux"
func selinuxSetDisabled() {
selinux.SetDisabled()
}
func selinuxFreeLxcContexts(label string) {
selinux.ReleaseLabel(label)
}
func selinuxEnabled() bool {
return selinux.GetEnabled()
}

13
daemon/selinux_unsupported.go
View file

@ -1,13 +0,0 @@
// +build !linux
package daemon // import "github.com/docker/docker/daemon"
func selinuxSetDisabled() {
}
func selinuxFreeLxcContexts(label string) {
}
func selinuxEnabled() bool {
return false
}

8
project/PACKAGERS.md
View file

@ -156,12 +156,6 @@ AppArmor, you will need to set `DOCKER_BUILDTAGS` as follows:
export DOCKER_BUILDTAGS='apparmor'
```
If you're building a binary that may need to be used on platforms that include
SELinux, you will need to use the `selinux` build tag:
```bash
export DOCKER_BUILDTAGS='selinux'
```
If you're building a binary that may need to be used on platforms that include
seccomp, you will need to use the `seccomp` build tag:
```bash
@ -188,7 +182,7 @@ export DOCKER_BUILDTAGS='exclude_graphdriver_aufs'
NOTE: if you need to set more than one build tag, space separate them:
```bash
export DOCKER_BUILDTAGS='apparmor selinux exclude_graphdriver_aufs'
export DOCKER_BUILDTAGS='apparmor exclude_graphdriver_aufs'
```
### LCOW (Linux Containers On Windows)

2
vendor.conf
View file

@ -176,7 +176,7 @@ github.com/morikuni/aec 39771216ff4c63d11f5e604076f9
# metrics
github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
github.com/opencontainers/selinux 63ad55b76fd78d4c76c2f5491f68516e60c9d523 # v1.7.0
github.com/opencontainers/selinux 2f45b3796d18f1ab4c9fc0c888a98d0a0fd6e429 # v1.8.0
github.com/willf/bitset 559910e8471e48d76d9e5a1ba15842dee77ad45d # v1.1.11

3
vendor/github.com/opencontainers/selinux/README.md generated vendored
View file

@ -6,7 +6,8 @@ Common SELinux package used across the container ecosystem.
## Usage
When compiling consumers of this project, the `selinux` build tag must be used to enable selinux functionality.
Prior to v1.8.0, the `selinux` build tag had to be used to enable selinux functionality for compiling consumers of this project.
Starting with v1.8.0, the `selinux` build tag is no longer needed.
For complete documentation, see [godoc](https://godoc.org/github.com/opencontainers/selinux).

3
vendor/github.com/opencontainers/selinux/go-selinux/doc.go generated vendored
View file

@ -5,9 +5,6 @@ This package uses a selinux build tag to enable the selinux functionality. This
allows non-linux and linux users who do not have selinux support to still use
tools that rely on this library.
To compile with full selinux support use the -tags=selinux option in your build
and test commands.
Usage:
import "github.com/opencontainers/selinux/go-selinux"

2
vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go → vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go generated vendored
View file

@ -1,5 +1,3 @@
// +build selinux,linux
package label
import (

2
vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go generated vendored
View file

@ -1,4 +1,4 @@
// +build !selinux !linux
// +build !linux
package label

2
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go generated vendored
View file

@ -1,5 +1,3 @@
// +build selinux,linux
package selinux
import (

2
vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go generated vendored
View file

@ -1,4 +1,4 @@
// +build !selinux !linux
// +build !linux
package selinux

2
vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go → vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go generated vendored
View file

@ -1,5 +1,3 @@
// +build selinux,linux
package selinux
import (