From 19620f3d1ebc0c8f5629c8bd41c12396866107b6 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 22 Mar 2017 13:58:35 -0400
Subject: [PATCH] Switch to using opencontainers/selinux

We have moved selinux support out of opencontainers/runc into its
own package.  This patch moves to using the new selinux go bindings.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 cmd/ocid/main.go           | 2 +-
 server/config.go           | 4 ++--
 server/container_create.go | 2 +-
 server/sandbox_remove.go   | 4 ++--
 server/sandbox_run.go      | 2 +-
 server/server.go           | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/cmd/ocid/main.go b/cmd/ocid/main.go
index 94a130ea..76b857d6 100644
--- a/cmd/ocid/main.go
+++ b/cmd/ocid/main.go
@@ -12,7 +12,7 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/containers/storage/pkg/reexec"
 	"github.com/kubernetes-incubator/cri-o/server"
-	"github.com/opencontainers/runc/libcontainer/selinux"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/urfave/cli"
 	"google.golang.org/grpc"
 	"k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
diff --git a/server/config.go b/server/config.go
index 335b110e..f893428e 100644
--- a/server/config.go
+++ b/server/config.go
@@ -5,7 +5,7 @@ import (
 	"io/ioutil"
 
 	"github.com/BurntSushi/toml"
-	"github.com/opencontainers/runc/libcontainer/selinux"
+	"github.com/opencontainers/selinux/go-selinux"
 )
 
 // Default paths if none are specified
@@ -215,7 +215,7 @@ func DefaultConfig() *Config {
 			ConmonEnv: []string{
 				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 			},
-			SELinux:         selinux.SelinuxEnabled(),
+			SELinux:         selinux.GetEnabled(),
 			SeccompProfile:  seccompProfilePath,
 			ApparmorProfile: apparmorProfileName,
 			CgroupManager:   cgroupManager,
diff --git a/server/container_create.go b/server/container_create.go
index 0a051f0b..831a3247 100644
--- a/server/container_create.go
+++ b/server/container_create.go
@@ -14,8 +14,8 @@ import (
 	"github.com/kubernetes-incubator/cri-o/server/apparmor"
 	"github.com/kubernetes-incubator/cri-o/server/seccomp"
 	"github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/opencontainers/runc/libcontainer/label"
 	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"golang.org/x/net/context"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
 )
diff --git a/server/sandbox_remove.go b/server/sandbox_remove.go
index c5cceebb..bf7d18cb 100644
--- a/server/sandbox_remove.go
+++ b/server/sandbox_remove.go
@@ -6,7 +6,7 @@ import (
 
 	"github.com/Sirupsen/logrus"
 	"github.com/kubernetes-incubator/cri-o/oci"
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"golang.org/x/net/context"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
 )
@@ -66,7 +66,7 @@ func (s *Server) RemovePodSandbox(ctx context.Context, req *pb.RemovePodSandboxR
 		}
 	}
 
-	if err := label.UnreserveLabel(sb.processLabel); err != nil {
+	if err := label.ReleaseLabel(sb.processLabel); err != nil {
 		return nil, err
 	}
 
diff --git a/server/sandbox_run.go b/server/sandbox_run.go
index 7c7d8c26..c978582a 100644
--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@@ -11,8 +11,8 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/containers/storage/storage"
 	"github.com/kubernetes-incubator/cri-o/oci"
-	"github.com/opencontainers/runc/libcontainer/label"
 	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"golang.org/x/net/context"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
 )
diff --git a/server/server.go b/server/server.go
index be7307a0..150f98b8 100644
--- a/server/server.go
+++ b/server/server.go
@@ -17,8 +17,8 @@ import (
 	"github.com/kubernetes-incubator/cri-o/pkg/storage"
 	"github.com/kubernetes-incubator/cri-o/server/apparmor"
 	"github.com/kubernetes-incubator/cri-o/server/seccomp"
-	"github.com/opencontainers/runc/libcontainer/label"
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
 )