dockerd: Updated to 20.10.0

* SELinux and Seccomp are now enabled via the kernel options themselves
* Config.in now uses CGroupsV2 by default but optionally allows V1

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>

utils/dockerd/Config.in

@@ -1,95 +1,74 @@
-config DOCKER_KERNEL_OPTIONS
-	bool "Enable Basic kernel support for Docker"
-	depends on PACKAGE_docker-ce
-	default y
-	select KERNEL_CGROUPS
-	select KERNEL_CGROUP_CPUACCT
+# These options are mostly specified by https://github.com/moby/moby/blob/master/contrib/check-config.sh
+
+config DOCKER_CGROUP_OPTIONS
+	bool "Enable available kernel support for CGroupsV1"
+	default n
+	depends on PACKAGE_dockerd
 	select KERNEL_CGROUP_DEVICE
 	select KERNEL_CGROUP_FREEZER
-	select KERNEL_CGROUP_SCHED
-	select KERNEL_NAMESPACES
-	select KERNEL_CPUSETS
-	select KERNEL_MEMCG
-	select KERNEL_KEYS
-	select KERNEL_POSIX_MQUEUE
+	select KERNEL_NET_CLS_CGROUP
+	select KERNEL_CGROUP_NET_PRIO
+	select PACKAGE_cgroupfs-mount
 	help
-	  Select needed kernel options for Docker. Options include
-	  cgroups, namespaces and other miscellaneous options.
-	  see also https://github.com/docker/engine/blob/master/contrib/check-config.sh
+		Selects kernel options to enable CGroups V1.
 
-config DOCKER_SECCOMP
-	bool "Enable support for seccomp in Docker"
-	depends on PACKAGE_docker-ce
+config DOCKER_OPTIONAL_FEATURES
+	bool "Enable optional kernel support for Docker"
 	default n
-	select KERNEL_SECCOMP
-	select PACKAGE_libseccomp
-	help
-	  Build Docker with support for seccomp filters.
-	  Select libseccomp which also pulls-in the needed kernel features.
-
-config DOCKER_RES_SHAPE
-	bool "Enables support for resource shaping"
-	depends on PACKAGE_docker-ce
-	default n
-	select KERNEL_MEMCG_SWAP
+	depends on PACKAGE_dockerd
 	select KERNEL_MEMCG_SWAP_ENABLED
-	select KERNEL_BLK_DEV_THROTTLING
 	select KERNEL_CFQ_GROUP_IOSCHED
 	select KERNEL_CGROUP_PERF
 	select KERNEL_CGROUP_HUGETLB
-	select KERNEL_FAIR_GROUP_SCHED
-	select KERNEL_NET_CLS_CGROUP
-	select KERNEL_CGROUP_NET_CLASSID
-	select KERNEL_CGROUP_NET_PRIO
-	select KERNEL_CFS_BANDWIDTH
-	select KERNEL_RT_GROUP_SCHED
+	help
+		Select 'Optional Features' kernel options for Docker that are unselected.
+		See https://github.com/moby/moby/blob/master/contrib/check-config.sh
 
 menu "Network"
-	depends on PACKAGE_docker-ce
+	depends on PACKAGE_dockerd
 
 	config DOCKER_NET_OVERLAY
-		bool "Enables the Overlay network feature"
+		bool "Includes the Overlay network feature"
 		default n
-		select PACKAGE_kmod-udptunnel4
+		select PACKAGE_kmod-vxlan
 		help
-		  Selects kernel options for the Overlay network feature.
-		  Includes udptunnel4
+			Selects kmod-vxlan for the Overlay network feature.
 
 	config DOCKER_NET_ENCRYPT
-		bool "Enable encrypted networking kernel support"
+		bool "Includes encrypted networking kernel modules"
 		depends on DOCKER_NET_OVERLAY
 		default n
-		select PACKAGE_kmod-ipsec
-		select PACKAGE_kmod-ipsec4
 		select PACKAGE_kmod-crypto-gcm
+		select PACKAGE_kmod-crypto-seqiv
 		select PACKAGE_kmod-crypto-ghash
+		select PACKAGE_kmod-ipsec
 		help
-		  Select needed kernel options for encrypted networking support.
+		  Select needed kernel modules for encrypted networking support.
 
 	config DOCKER_NET_MACVLAN
-		bool "Enables macvlan kernel support"
+		bool "Includes macvlan kernel modules"
 		default n
 		select PACKAGE_kmod-macvlan
 		select PACKAGE_kmod-dummy
 
 	config DOCKER_NET_TFTP
-		bool "Enable ftp/tftp client kernel support"
+		bool "Includes ftp/tftp client kernel modules"
 		default n
 		select PACKAGE_kmod-nf-nathelper
 		select PACKAGE_kmod-nf-nathelper-extra
 endmenu
 
 menu "Storage"
-	depends on PACKAGE_docker-ce
+	depends on PACKAGE_dockerd
 
 	config DOCKER_STO_EXT4
 		bool "Enables support for ext3 or ext4 as the backing filesystem"
 		default n
 		select KERNEL_EXT4_FS_POSIX_ACL
+		select KERNEL_EXT4_FS_SECURITY
 
 	config DOCKER_STO_BTRFS
 		bool "Enables support for btrfs as the backing filesystem"
 		default n
-		select PACKAGE_kmod-fs-btrfs
 		select KERNEL_BTRFS_FS_POSIX_ACL
 endmenu