Use opencontainers/selinux package

[hqhq]

It's splitted as a separate project.

Fixes: #897

Signed-off-by: Qiang Huang h.huangqiang@huawei.com

[hqhq]

We'll need opencontainers/selinux#7 to be merged to fix CI failure.

[rhatdan]

I would prefer the rename before this gets merged.

[hqhq]

@rhatdan Sure, I'll rework this PR after rename and other fixes in opencontainers/selinux are merged.

[hqhq]

Updated, all green now~

[rhatdan]

I have requested one more change to the opencontainers/selinux package to put the go bindings into a golang subdir, so we can add a policy subdir and move container-selinux package into opencontainers/selinux package.

opencontainers/selinux#10

[crosbymichael]

@rhatdan is upstream good now? I saw that issue is closed so are you happy with the naming of the project now so that we can update?

[rhatdan]

@crosbymichael we have renamed a bunch of function calls. Lets get these merged and then we will need to change the calls in libcontainer as well as vendor it in.

[rhatdan]

Upstream has been merged, we can start to convert runc to use the new interfaces.

[hqhq]

@rhatdan Thanks, I'll rework later today.

[hqhq]

Updated.

[rhatdan]

@runcom says there is no need to use selinux here.

selinux "github.com/opencontainers/selinux/go-selinux"

The code should work fine without it.

[rhatdan]

Other then that this LGTM

[runcom]

yup, there shouldn't be the need of aliasing if go-selinux exports selinux package afaict.

[hqhq]

I think it's an explicit or implicit issue, and I'd prefer it to be explicit, we can wait for other maintainers' opinions :)

[crosbymichael]

go-imports also makes it explicit, its fine both ways and is not an issue at all

[crosbymichael]

LGTM

[hqhq]

ping @cyphar @mrunalp @dqminh

[crosbymichael]

ping @opencontainers/runc-maintainers

[dqminh]

LGTM