vendor: opencontainers/selinux v1.8.0, and remove selinux build-tag and stubs

full diff: https://github.com/opencontainers/selinux/compare/v1.7.0...v1.8.0

Remove "selinux" build tag

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

15 files changed, 14 insertions, 53 deletions

diff --git a/Dockerfile b/Dockerfile
index c748a07492..a75fc2578d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,7 @@ ARG SYSTEMD="false"
 ARG GO_VERSION=1.13.15
 ARG DEBIAN_FRONTEND=noninteractive
 ARG VPNKIT_VERSION=0.4.0
-ARG DOCKER_BUILDTAGS="apparmor seccomp selinux"
+ARG DOCKER_BUILDTAGS="apparmor seccomp"
 
 ARG BASE_DEBIAN_DISTRO="buster"
 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index 69514753fc..5fa688dff4 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -45,6 +45,7 @@ import (
 	lntypes "github.com/docker/libnetwork/types"
 	"github.com/moby/sys/mount"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -822,7 +823,7 @@ func overlaySupportsSelinux() (bool, error) {
 // configureKernelSecuritySupport configures and validates security support for the kernel
 func configureKernelSecuritySupport(config *config.Config, driverName string) error {
 	if config.EnableSelinuxSupport {
-		if !selinuxEnabled() {
+		if !selinux.GetEnabled() {
 			logrus.Warn("Docker could not enable SELinux on the host system")
 			return nil
 		}
@@ -840,7 +841,7 @@ func configureKernelSecuritySupport(config *config.Config, driverName string) er
 			}
 		}
 	} else {
-		selinuxSetDisabled()
+		selinux.SetDisabled()
 	}
 	return nil
 }
diff --git a/daemon/delete.go b/daemon/delete.go
index 482e7d1270..668f232d1c 100644
--- a/daemon/delete.go
+++ b/daemon/delete.go
@@ -11,6 +11,7 @@ import (
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/system"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -134,7 +135,7 @@ func (daemon *Daemon) cleanupContainer(container *container.Container, forceRemo
 	}
 
 	linkNames := daemon.linkIndex.delete(container)
-	selinuxFreeLxcContexts(container.ProcessLabel)
+	selinux.ReleaseLabel(container.ProcessLabel)
 	daemon.idIndex.Delete(container.ID)
 	daemon.containers.Delete(container.ID)
 	daemon.containersReplica.Delete(container)
diff --git a/daemon/info.go b/daemon/info.go
index 610d7fe2ec..2d4151a991 100644
--- a/daemon/info.go
+++ b/daemon/info.go
@@ -22,6 +22,7 @@ import (
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/registry"
 	metrics "github.com/docker/go-metrics"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/sirupsen/logrus"
 )
 
@@ -188,7 +189,7 @@ func (daemon *Daemon) fillSecurityOptions(v *types.Info, sysInfo *sysinfo.SysInf
 		}
 		securityOptions = append(securityOptions, fmt.Sprintf("name=seccomp,profile=%s", profile))
 	}
-	if selinuxEnabled() {
+	if selinux.GetEnabled() {
 		securityOptions = append(securityOptions, "name=selinux")
 	}
 	if rootIDs := daemon.idMapping.RootPair(); rootIDs.UID != 0 || rootIDs.GID != 0 {
diff --git a/daemon/selinux_linux.go b/daemon/selinux_linux.go
deleted file mode 100644
index 1f7843ed1e..0000000000
--- a/daemon/selinux_linux.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package daemon // import "github.com/docker/docker/daemon"
-
-import selinux "github.com/opencontainers/selinux/go-selinux"
-
-func selinuxSetDisabled() {
-	selinux.SetDisabled()
-}
-
-func selinuxFreeLxcContexts(label string) {
-	selinux.ReleaseLabel(label)
-}
-
-func selinuxEnabled() bool {
-	return selinux.GetEnabled()
-}
diff --git a/daemon/selinux_unsupported.go b/daemon/selinux_unsupported.go
deleted file mode 100644
index 49d0d13bce..0000000000
--- a/daemon/selinux_unsupported.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build !linux
-
-package daemon // import "github.com/docker/docker/daemon"
-
-func selinuxSetDisabled() {
-}
-
-func selinuxFreeLxcContexts(label string) {
-}
-
-func selinuxEnabled() bool {
-	return false
-}
diff --git a/project/PACKAGERS.md b/project/PACKAGERS.md
index 716aa81813..90447fe289 100644
--- a/project/PACKAGERS.md
+++ b/project/PACKAGERS.md
@@ -157,12 +157,6 @@ export DOCKER_BUILDTAGS='apparmor'
 ```
 
 If you're building a binary that may need to be used on platforms that include
-SELinux, you will need to use the `selinux` build tag:
-```bash
-export DOCKER_BUILDTAGS='selinux'
-```
-
-If you're building a binary that may need to be used on platforms that include
 seccomp, you will need to use the `seccomp` build tag:
 ```bash
 export DOCKER_BUILDTAGS='seccomp'
@@ -188,7 +182,7 @@ export DOCKER_BUILDTAGS='exclude_graphdriver_aufs'
 
 NOTE: if you need to set more than one build tag, space separate them:
 ```bash
-export DOCKER_BUILDTAGS='apparmor selinux exclude_graphdriver_aufs'
+export DOCKER_BUILDTAGS='apparmor exclude_graphdriver_aufs'
 ```
 
 ### LCOW (Linux Containers On Windows)
diff --git a/vendor.conf b/vendor.conf
index 0c74186e3e..5802153463 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -176,7 +176,7 @@ github.com/morikuni/aec                             39771216ff4c63d11f5e604076f9
 # metrics
 github.com/docker/go-metrics                        b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
 
-github.com/opencontainers/selinux                   63ad55b76fd78d4c76c2f5491f68516e60c9d523 # v1.7.0
+github.com/opencontainers/selinux                   2f45b3796d18f1ab4c9fc0c888a98d0a0fd6e429 # v1.8.0
 github.com/willf/bitset                             559910e8471e48d76d9e5a1ba15842dee77ad45d # v1.1.11
 
 
diff --git a/vendor/github.com/opencontainers/selinux/README.md b/vendor/github.com/opencontainers/selinux/README.md
index 41f4df718a..cd6a60f805 100644
--- a/vendor/github.com/opencontainers/selinux/README.md
+++ b/vendor/github.com/opencontainers/selinux/README.md
@@ -6,7 +6,8 @@ Common SELinux package used across the container ecosystem.
 
 ## Usage
 
-When compiling consumers of this project, the `selinux` build tag must be used to enable selinux functionality.
+Prior to v1.8.0, the `selinux` build tag had to be used to enable selinux functionality for compiling consumers of this project.
+Starting with v1.8.0, the `selinux` build tag is no longer needed.
 
 For complete documentation, see [godoc](https://godoc.org/github.com/opencontainers/selinux).
 
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/doc.go b/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
index 79a8e6446d..9c9cbd120a 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
@@ -5,9 +5,6 @@ This package uses a selinux build tag to enable the selinux functionality. This
 allows non-linux and linux users who do not have selinux support to still use
 tools that rely on this library.
 
-To compile with full selinux support use the -tags=selinux option in your build
-and test commands.
-
 Usage:
 
 	import "github.com/opencontainers/selinux/go-selinux"
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
index 988adc8f40..4394555117 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
@@ -1,5 +1,3 @@
-// +build selinux,linux
-
 package label
 
 import (
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
index a7d2d5e342..02d206239c 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
@@ -1,4 +1,4 @@
-// +build !selinux !linux
+// +build !linux
 
 package label
 
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index 904f5b04f4..5bfcc04902 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -1,5 +1,3 @@
-// +build selinux,linux
-
 package selinux
 
 import (
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
index e4b65c9e2c..70b7b7c851 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
@@ -1,4 +1,4 @@
-// +build !selinux !linux
+// +build !linux
 
 package selinux
 
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go
index 2365b4bdac..117c255be2 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go
@@ -1,5 +1,3 @@
-// +build selinux,linux
-
 package selinux
 
 import (