Use newer x/sys/windows SecurityAttributes struct

This struct now has a properly typed member, so use the properly typed
functions with it.

Also update the vendor directory and hope nothing explodes.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

builder/dockerfile/internals_windows.go

@@ -12,7 +12,6 @@ import (
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/system"
-	"github.com/pkg/errors"
 	"golang.org/x/sys/windows"
 )
 
@@ -31,13 +30,7 @@ func getAccountIdentity(builder *Builder, accountName string, ctrRootPath string
 		sid, err := windows.StringToSid(accountName)
 
 		if err == nil {
-			accountSid, err := sid.String()
-
-			if err != nil {
-				return idtools.Identity{SID: ""}, errors.Wrapf(err, "error converting SID to string")
-			}
-
-			return idtools.Identity{SID: accountSid}, nil
+			return idtools.Identity{SID: sid.String()}, nil
 		}
 	}
 
@@ -46,13 +39,7 @@ func getAccountIdentity(builder *Builder, accountName string, ctrRootPath string
 
 	// If this is a SID that is built-in and hence the same across all systems then use that.
 	if err == nil && (accType == windows.SidTypeAlias || accType == windows.SidTypeWellKnownGroup) {
-		accountSid, err := sid.String()
-
-		if err != nil {
-			return idtools.Identity{SID: ""}, errors.Wrapf(err, "error converting SID to string")
-		}
-
-		return idtools.Identity{SID: accountSid}, nil
+		return idtools.Identity{SID: sid.String()}, nil
 	}
 
 	// Check if the account name is one unique to containers.

daemon/debugtrap_windows.go

@@ -5,7 +5,6 @@ import (
 	"os"
 	"unsafe"
 
-	winio "github.com/Microsoft/go-winio"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
@@ -17,7 +16,7 @@ func (d *Daemon) setupDumpStackTrap(root string) {
 	// signaled. ACL'd to builtin administrators and local system
 	event := "Global\\stackdump-" + fmt.Sprint(os.Getpid())
 	ev, _ := windows.UTF16PtrFromString(event)
-	sd, err := winio.SddlToSecurityDescriptor("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
+	sd, err := windows.SecurityDescriptorFromString("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
 	if err != nil {
 		logrus.Errorf("failed to get security descriptor for debug stackdump event %s: %s", event, err.Error())
 		return
@@ -25,7 +24,7 @@ func (d *Daemon) setupDumpStackTrap(root string) {
 	var sa windows.SecurityAttributes
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 	h, err := windows.CreateEvent(&sa, 0, 0, ev)
 	if h == 0 || err != nil {
 		logrus.Errorf("failed to create debug stackdump event %s: %s", event, err.Error())

pkg/system/filesys_windows.go

@@ -11,7 +11,6 @@ import (
 	"time"
 	"unsafe"
 
-	winio "github.com/Microsoft/go-winio"
 	"golang.org/x/sys/windows"
 )
 
@@ -103,13 +102,13 @@ func mkdirall(path string, applyACL bool, sddl string) error {
 // and Local System.
 func mkdirWithACL(name string, sddl string) error {
 	sa := windows.SecurityAttributes{Length: 0}
-	sd, err := winio.SddlToSecurityDescriptor(sddl)
+	sd, err := windows.SecurityDescriptorFromString(sddl)
 	if err != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: err}
 	}
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 
 	namep, err := windows.UTF16PtrFromString(name)
 	if err != nil {