Merge pull request #29958 from cpuguy83/1.13_fix_selinux_packaging

[1.13] Fix conflicts with newly updated selinux policies

contrib/selinux/docker-engine-selinux/docker.fc

@@ -7,8 +7,6 @@
 /etc/docker(/.*)?		gen_context(system_u:object_r:docker_config_t,s0)
 
 /var/lib/docker(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
-/var/lib/kublet(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
-/var/lib/docker/vfs(/.*)?	gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
 
 /var/run/docker\.pid		--	gen_context(system_u:object_r:docker_var_run_t,s0)
 /var/run/docker\.sock		-s	gen_context(system_u:object_r:docker_var_run_t,s0)

contrib/selinux/docker-engine-selinux/docker.te

@@ -5,13 +5,6 @@ policy_module(docker, 1.0.0)
 # Declarations
 #
 
-## <desc>
-## <p>
-## Allow sandbox containers manage fuse files
-## </p>
-## </desc>
-gen_tunable(virt_sandbox_use_fusefs, false)
-
 ## <desc>
 ##  <p>
 ##  Determine whether docker can

hack/make/.build-rpm/docker-engine-selinux.spec

@@ -13,20 +13,7 @@ URL: https://dockerproject.org
 Vendor: Docker
 Packager: Docker <support@docker.com>
 
-# Version of SELinux we were using
+%global selinux_policyver 3.13.1-102
-%if 0%{?fedora} == 20
-%global selinux_policyver 3.12.1-197
-%endif # fedora 20
-%if 0%{?fedora} == 21
-%global selinux_policyver 3.13.1-105
-%endif # fedora 21
-%if 0%{?fedora} >= 22
-%global selinux_policyver 3.13.1-128
-%endif # fedora 22
-%if 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7
-%global selinux_policyver 3.13.1-23
-%endif # centos,rhel,oraclelinux 7
-
 %global selinuxtype targeted
 %global moduletype  services
 %global modulenames docker
@@ -84,7 +71,7 @@ if %{_sbindir}/selinuxenabled ; then
     %{_sbindir}/load_policy
     %relabel_files
     if [ $1 -eq 1 ]; then
-	restorecon -R %{_sharedstatedir}/docker
+      restorecon -R %{_sharedstatedir}/docker
     fi
 fi