Switch to using opencontainers/selinux

We have moved selinux support out of opencontainers/runc into its own package. This patch moves to using the new selinux go bindings. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-03-22 13:58:35 -04:00 · 2017-03-22 13:58:35 -04:00 · 19620f3d1e
commit 19620f3d1e
parent c12db22819
6 changed files with 8 additions and 8 deletions
--- a/cmd/ocid/main.go
+++ b/cmd/ocid/main.go
@ -12,7 +12,7 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/containers/storage/pkg/reexec"
 	"github.com/kubernetes-incubator/cri-o/server"
-	"github.com/opencontainers/runc/libcontainer/selinux"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/urfave/cli"
 	"google.golang.org/grpc"
 	"k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
--- a/server/config.go
+++ b/server/config.go
@ -5,7 +5,7 @@ import (
 	"io/ioutil"

 	"github.com/BurntSushi/toml"
-	"github.com/opencontainers/runc/libcontainer/selinux"
+	"github.com/opencontainers/selinux/go-selinux"
 )

 // Default paths if none are specified
@ -215,7 +215,7 @@ func DefaultConfig() *Config {
 			ConmonEnv: []string{
 				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 			},
-			SELinux:         selinux.SelinuxEnabled(),
+			SELinux:         selinux.GetEnabled(),
 			SeccompProfile:  seccompProfilePath,
 			ApparmorProfile: apparmorProfileName,
 			CgroupManager:   cgroupManager,
--- a/server/container_create.go
+++ b/server/container_create.go
@ -14,8 +14,8 @@ import (
 	"github.com/kubernetes-incubator/cri-o/server/apparmor"
 	"github.com/kubernetes-incubator/cri-o/server/seccomp"
 	"github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/opencontainers/runc/libcontainer/label"
 	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"golang.org/x/net/context"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
 )
--- a/server/sandbox_remove.go
+++ b/server/sandbox_remove.go
@ -6,7 +6,7 @@ import (

 	"github.com/Sirupsen/logrus"
 	"github.com/kubernetes-incubator/cri-o/oci"
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"golang.org/x/net/context"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
 )
@ -66,7 +66,7 @@ func (s *Server) RemovePodSandbox(ctx context.Context, req *pb.RemovePodSandboxR
 		}
 	}

-	if err := label.UnreserveLabel(sb.processLabel); err != nil {
+	if err := label.ReleaseLabel(sb.processLabel); err != nil {
 		return nil, err
 	}

--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@ -11,8 +11,8 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/containers/storage/storage"
 	"github.com/kubernetes-incubator/cri-o/oci"
-	"github.com/opencontainers/runc/libcontainer/label"
 	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"golang.org/x/net/context"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
 )
--- a/server/server.go
+++ b/server/server.go
@ -17,8 +17,8 @@ import (
 	"github.com/kubernetes-incubator/cri-o/pkg/storage"
 	"github.com/kubernetes-incubator/cri-o/server/apparmor"
 	"github.com/kubernetes-incubator/cri-o/server/seccomp"
-	"github.com/opencontainers/runc/libcontainer/label"
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
 )