From ac99566390c5999710a707322e8795a70c0193f9 Mon Sep 17 00:00:00 2001
From: Kirill Kolyshkin <kolyshkin@users.noreply.github.com>
Date: Wed, 12 Sep 2018 14:58:01 -0700
Subject: [PATCH] image/Dockerfile: add osusergo, seccomp tags

osusergo build tag is needed for better chances to have
a proper static binary when Go >= 1.11 is used, and is
harmless otherwise.

seccomp build tag is needed so the resulting dockerd binary
has seccomp support.

[v2: add libseccomp-dev installation]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 97596405f4300a7ae6eb7664f6c58785955dd8d3
Component: packaging
---
 components/packaging/image/Dockerfile.engine | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/packaging/image/Dockerfile.engine b/components/packaging/image/Dockerfile.engine
index 869ef14429..c5b2379d1b 100644
--- a/components/packaging/image/Dockerfile.engine
+++ b/components/packaging/image/Dockerfile.engine
@@ -14,6 +14,7 @@ RUN apt-get update && apt-get install -y \
     libc-dev \
     libgcc-6-dev \
     libltdl-dev \
+    libseccomp-dev \
     libtool \
     make
 RUN grep "_COMMIT=" /*.installer  |cut -f2- -d: > /binaries-commits
@@ -37,7 +38,7 @@ ENV DEFAULT_PRODUCT_LICENSE ${DEFAULT_PRODUCT_LICENSE}
 # TODO The way we set the version could easily be simplified not to depend on hack/...
 RUN bash ./hack/make/.go-autogen
 RUN go build -o /sbin/dockerd \
-    -tags 'autogen netgo static_build selinux journald' \
+    -tags 'autogen netgo osusergo static_build seccomp selinux journald' \
     -installsuffix netgo -a -buildmode=pie -ldflags '-w -extldflags "-static" ' \
     github.com/docker/docker/cmd/dockerd