@@ -4,11 +4,12 @@

 FROM debian:jessie

-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev  libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS apparmor selinux

@@ -4,11 +4,12 @@

 FROM debian:stretch

-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

-ENV DOCKER_BUILDTAGS apparmor selinux

+

+ENV DOCKER_BUILDTAGS apparmor seccomp selinux

@@ -4,11 +4,12 @@

 FROM debian:wheezy-backports

-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools/wheezy-backports build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools/wheezy-backports build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev  libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS apparmor selinux

@@ -58,6 +58,7 @@ for version in "${versions[@]}"; do

 		libdevmapper-dev # for "libdevmapper.h"

 		libltdl-dev # for pkcs11 "ltdl.h"

 		libsqlite3-dev # for "sqlite3.h"

+		libseccomp-dev  # for "seccomp.h" & "libseccomp.so"

 	)

 	# packaging for "sd-journal.h" and libraries varies

 	case "$suite" in

@@ -66,6 +67,18 @@ for version in "${versions[@]}"; do

 		*) packages+=( libsystemd-journal-dev );;

 	esac

+	# debian wheezy & ubuntu precise do not have the right libseccomp libs

+	# debian jessie & ubuntu trusty/vivid do not have a libseccomp.a for compiling static dockerinit

+	case "$suite" in

+		jessie|precise|trusty|vivid|wheezy)

+			packages=( "${packages[@]/libseccomp-dev}" )

+			;;

+		*)

+			extraBuildTags+=' seccomp'

+			;;

+	esac

+

+

 	if [ "$suite" = 'precise' ]; then

 		# precise has a few package issues

@@ -99,5 +112,11 @@ for version in "${versions[@]}"; do

 	echo >> "$version/Dockerfile"

 	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"

-	awk '$1 == "ENV" && $2 == "DOCKER_BUILDTAGS" { print $0 "'"$extraBuildTags"'"; exit }' ../../../Dockerfile >> "$version/Dockerfile"

+

+	echo >> "$version/Dockerfile"

+

+	# print build tags in alphabetical order

+	buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )

+

+	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"

 done

@@ -4,11 +4,12 @@

 FROM ubuntu:precise

-RUN apt-get update && apt-get install -y apparmor bash-completion  build-essential curl ca-certificates debhelper dh-apparmor  git libapparmor-dev  libltdl-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y apparmor bash-completion  build-essential curl ca-certificates debhelper dh-apparmor  git libapparmor-dev  libltdl-dev libsqlite3-dev  --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

-ENV DOCKER_BUILDTAGS apparmor selinux exclude_graphdriver_devicemapper exclude_graphdriver_btrfs

+

+ENV DOCKER_BUILDTAGS apparmor exclude_graphdriver_btrfs exclude_graphdriver_devicemapper selinux

@@ -4,11 +4,12 @@

 FROM ubuntu:trusty

-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev  libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS apparmor selinux

@@ -4,11 +4,12 @@

 FROM ubuntu:vivid

-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev  libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS apparmor selinux

@@ -4,11 +4,12 @@

 FROM ubuntu:wily

-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libseccomp-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

-ENV DOCKER_BUILDTAGS apparmor selinux

+

+ENV DOCKER_BUILDTAGS apparmor seccomp selinux

@@ -6,11 +6,12 @@ FROM centos:7

 RUN yum groupinstall -y "Development Tools"

 RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs

-RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS selinux

@@ -5,11 +5,12 @@

 FROM fedora:21

 RUN yum install -y @development-tools fedora-packager

-RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS selinux

@@ -5,11 +5,12 @@

 FROM fedora:22

 RUN dnf install -y @development-tools fedora-packager

-RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

+RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS selinux

@@ -5,11 +5,12 @@

 FROM fedora:23

 RUN dnf install -y @development-tools fedora-packager

-RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

+RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS selinux

@@ -38,6 +38,8 @@ for version in "${versions[@]}"; do

 	echo >> "$version/Dockerfile"

+	extraBuildTags=

+

 	case "$from" in

 		centos:*)

 			# get "Development Tools" packages dependencies

@@ -65,6 +67,7 @@ for version in "${versions[@]}"; do

 		btrfs-progs-devel # for "btrfs/ioctl.h" (and "version.h" if possible)

 		device-mapper-devel # for "libdevmapper.h"

 		glibc-static

+		libseccomp-devel # for "seccomp.h" & "libseccomp.so"

 		libselinux-devel # for "libselinux.so"

 		libtool-ltdl-devel # for pkcs11 "ltdl.h"

 		selinux-policy

@@ -80,6 +83,17 @@ for version in "${versions[@]}"; do

 			;;

 	esac

+	# opensuse & oraclelinx:6 do not have the right libseccomp libs

+	# centos, fedora, & oraclelinux:7 do not have a libseccomp.a for compiling static dockerinit

+	case "$from" in

+		centos:*|fedora:*|opensuse:*|oraclelinux:*)

+			packages=( "${packages[@]/libseccomp-devel}" )

+			;;

+		*)

+			extraBuildTags+=' seccomp'

+			;;

+	esac

+

 	case "$from" in

 		opensuse:*)

 			packages=( "${packages[@]/btrfs-progs-devel/libbtrfs-devel}" )

@@ -101,5 +115,10 @@ for version in "${versions[@]}"; do

 	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"

-	echo 'ENV DOCKER_BUILDTAGS selinux' >> "$version/Dockerfile"

+	echo >> "$version/Dockerfile"

+

+	# print build tags in alphabetical order

+	buildTags=$( echo "selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )

+

+	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"

 done

@@ -5,11 +5,12 @@

 FROM opensuse:13.2

 RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build

-RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

+RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS selinux

@@ -5,11 +5,12 @@

 FROM oraclelinux:6

 RUN yum groupinstall -y "Development Tools"

-RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS selinux

@@ -5,11 +5,12 @@

 FROM oraclelinux:7

 RUN yum groupinstall -y "Development Tools"

-RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

+RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel selinux-policy selinux-policy-devel sqlite-devel tar

 ENV GO_VERSION 1.5.1

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

 ENV PATH $PATH:/usr/local/go/bin

 ENV AUTO_GOPATH 1

+

 ENV DOCKER_BUILDTAGS selinux