bump opencontainers/selinux v1.2.2

full diff: https://github.com/opencontainers/selinux/compare/v1.2.1...v1.2.2 - opencontainers/selinux#51 Older kernels do not support keyring labeling Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 0d453115fe) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-25 18:49:21 -07:00 · 2019-04-25 18:49:21 -07:00 · e7a837120d
commit e7a837120d
parent 04c51495da
2 changed files with 9 additions and 2 deletions
--- a/vendor.conf
+++ b/vendor.conf
@ -162,6 +162,6 @@ github.com/morikuni/aec                             39771216ff4c63d11f5e604076f9
 # metrics
 github.com/docker/go-metrics                        d466d4f6fd960e01820085bd7e1a24426ee7ef18

-github.com/opencontainers/selinux                   0bb7b9fa9ba5c1120e9d22caed4961fca4228408 # v1.2.1
+github.com/opencontainers/selinux                   3a1f366feb7aecbf7a0e71ac4cea88b31597de9e # v1.2.2

 # DO NOT EDIT BELOW THIS LINE -------- reserved for downstream projects --------
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@ -406,7 +406,14 @@ func SocketLabel() (string, error) {
 // SetKeyLabel takes a process label and tells the kernel to assign the
 // label to the next kernel keyring that gets created
 func SetKeyLabel(label string) error {
-	return writeCon("/proc/self/attr/keycreate", label)
+	err := writeCon("/proc/self/attr/keycreate", label)
+	if os.IsNotExist(err) {
+		return nil
+	}
+	if label == "" && os.IsPermission(err) && !GetEnabled() {
+		return nil
+	}
+	return err
 }

 // KeyLabel retrieves the current kernel keyring label setting