Amendments to SELinux enhancement proposal

docs/proposals/selinux-enhancements.md

@@ -174,9 +174,8 @@ Using the host IPC and PID namespaces is not currently supported by rkt.
 2.  The `SelinuxContextRunner` interface should be renamed to `SELinuxRunner`
     and be changed to have the same method names and signatures as the
     libcontainer methods its implementations wrap
-3.  The `SELinuxRunner` interface should have a new method added called
+3.  The `SELinuxRunner` interface only needs `Getfilecon`, which is used by
-    `GetLxcContexts`; this should return a **shared** (ie, without MCS labels)
+    the rkt code
-    SELinux context usable by a container
 
 ```go
 package selinux
@@ -191,17 +190,9 @@ package selinux
 //
 // https://github.com/opencontainers/runc/blob/master/libcontainer/selinux/selinux.go
 type SELinuxRunner interface {
-	// Setfilecon sets the SELinux context for the given path or returns an
-	// error.
-	Setfilecon(path, context string) error
-
 	// Getfilecon returns the SELinux context for the given path or returns an
 	// error.
 	Getfilecon(path string) (string, error)
-
-	// GetLxcContexts returns the process and file SELinux contexts to use for
-	// containers.
-	GetLxcContexts() (string, string)
 }
 ```
 
@@ -233,9 +224,9 @@ ensure things work as expected under rkt.
 1.  The `VolumeHost` interface contains a method called `GetRootContext`; this
     is an artifact of the old assumptions about the Kubelet directory's SELinux
     context and can be removed
-2.  The `empty_dir.go` file should be changed to create an `SELinuxRunner` and
+2.  The `empty_dir.go` file should be changed to be completely agnostic of
-    call its `GetLxcContexts` method to determine the right SELinux context to
+    SELinux; no behavior in this plugin needs to be differentiated when SELinux
-    give `tmpfs` mounts
+    is enabled
 
 ### Changes to `pkg/controller/...`