app-emulation/docker: deprecate dockerd script

This script had two main functions:

1. Select the graphdriver
This functionality is now handled in the docker daemon. It defaults to
overlay2 on recent docker versions, and does its own fs detection for
btrfs etc.
We carry a patch for 1.12.6 now to prefer overlay to devicemapper

2. Avoid enabling selinux on btrfs
This no longer matters since as of v1.10, selinux on btrfs is supported.
See moby/moby#16452

This PR replaces that original functionality with a simpler systemd environment variable, which is also more in-line with what we do for other similar choices.

The environment variable is also more discoverable and easier for users to edit.
Note: for backwards compatibility with
DOCKER_OPTS=--selinux-enabled=false (to make that take precedent), we
intentionally put the environment variable as the first option.

However, for backwards compatibility with older units, we also retain
the script. We are able to remove the graphdriver detection/selection
since that behavior now happens appropriately in docker, but we need to
keep the selinux defaulting so that people who are executing the script
and expecting selinux to work (e.g.  if they copied an old
docker.service) will continue to get selinux as expected.

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.6-r5.ebuild

@@ -9,7 +9,7 @@ CROS_WORKON_LOCALNAME="docker"
 CROS_WORKON_REPO="git://github.com"
 COREOS_GO_VERSION="go1.7"
 
-CROS_WORKON_COMMIT="d5236f0452873048a28c1ecd63d40513efa66542" # coreos-1.12.6
+CROS_WORKON_COMMIT="a82d35e3daba1a2cd48c66e57a4f9975c39c45c6" # coreos-1.12.6
 DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}"
 KEYWORDS="amd64 arm64"
 
@@ -270,6 +270,7 @@ src_install() {
 	newconfd contrib/init/openrc/docker.confd docker
 
 	exeinto /usr/lib/coreos
+	# Create /usr/lib/coreos/dockerd script for backwards compatibility
 	doexe "${FILESDIR}/dockerd"
 
 	systemd_dounit "${FILESDIR}/docker.service"

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild

@@ -258,6 +258,7 @@ src_install() {
 	newconfd contrib/init/openrc/docker.confd docker
 
 	exeinto /usr/lib/coreos
+	# Create /usr/lib/coreos/dockerd for backwards compatibility
 	doexe "${FILESDIR}/dockerd"
 
 	systemd_dounit "${FILESDIR}/docker.service"

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service

@@ -8,11 +8,12 @@ Requires=containerd.service docker.socket
 [Service]
 Type=notify
 EnvironmentFile=-/run/flannel/flannel_docker_opts.env
+Environment=DOCKER_SELINUX=--selinux-enabled=true
 
 # the default is not to use systemd for cgroups because the delegate issues still
 # exists and systemd currently does not support the cgroup feature set required
 # for containers run by docker
-ExecStart=/usr/lib/coreos/dockerd --host=fd:// --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
+ExecStart=/usr/bin/dockerd --host=fd:// --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_SELINUX $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
 ExecReload=/bin/kill -s HUP $MAINPID
 LimitNOFILE=1048576
 # Having non-zero Limit*s causes performance problems due to accounting overhead

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd

@@ -1,5 +1,7 @@
 #!/bin/bash
-# Wrapper for launching docker daemons with an appropriate backend.
+# Wrapper for launching docker daemons with selinux default on
+# This wrapper script has been deprecated (euank: 2017-05-09) and is retained
+# for backwards compatibility.
 
 set -e
 
@@ -16,14 +18,6 @@ parse_docker_args() {
         fi
 
         case "${flag}" in
-            -g|--graph)
-                ARG_ROOT="$1"
-                shift
-                ;;
-            -s|--storage-driver)
-                ARG_DRIVER="$1"
-                shift
-                ;;
             --selinux-enabled)
                 ARG_SELINUX="$1"
                 shift
@@ -35,56 +29,13 @@ parse_docker_args() {
     done
 }
 
-select_docker_driver() {
-    local fstype
-
-    # mimic docker's behavior to ensure we stat the right filesystem.
-    if [[ -L "${ARG_ROOT}" ]]; then
-        ARG_ROOT="$(readlink -f "${ARG_ROOT}")"
-    fi
-
-    mkdir --parents --mode=0700 "${ARG_ROOT}"
-    fstype=$(findmnt --noheadings --output FSTYPE --target "${ARG_ROOT}")
-
-    case "${fstype}" in
-        btrfs)
-            export DOCKER_DRIVER=btrfs
-            ;;
-        ext4|tmpfs|xfs) # As of 4.1
-            export DOCKER_DRIVER=overlay
-            ;;
-        *)
-            # Fall back to whatever docker's default behavior is.
-            ;;
-    esac
-}
-
-# Enable selinux except when known to be unsupported (btrfs).
-maybe_enable_selinux() {
-    case "${DOCKER_DRIVER}" in
-        btrfs)
-            USE_SELINUX=""
-            ;;
-        *)
-            # Enable for everything else.
-            USE_SELINUX="--selinux-enabled"
-            ;;
-    esac
-}
-
-ARG_ROOT="/var/lib/docker"
-ARG_DRIVER=""
 parse_docker_args "$@"
 
-# Do not override the driver if it is already explicitly configured.
-if [[ -z "${ARG_DRIVER}" && -z "${DOCKER_DRIVER}" ]]; then
-    select_docker_driver
-fi
-
 USE_SELINUX=""
 # Do not override selinux if it is already explicitly configured.
 if [[ -z "${ARG_SELINUX}" ]]; then
-        maybe_enable_selinux
+        # If unspecified, default on
+        USE_SELINUX="--selinux-enabled"
 fi
 
 exec dockerd "$@" ${USE_SELINUX}