bump opencontainers/selinux v1.2.2

full diff: https://github.com/opencontainers/selinux/compare/v1.2.1...v1.2.2

- opencontainers/selinux#51 Older kernels do not support keyring labeling

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0d453115fe0b1b19c08c614b6029c4edf92a0f0a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

vendor.conf

@@ -162,6 +162,6 @@ github.com/morikuni/aec                             39771216ff4c63d11f5e604076f9
 # metrics
 github.com/docker/go-metrics                        d466d4f6fd960e01820085bd7e1a24426ee7ef18
 
-github.com/opencontainers/selinux                   0bb7b9fa9ba5c1120e9d22caed4961fca4228408 # v1.2.1
+github.com/opencontainers/selinux                   3a1f366feb7aecbf7a0e71ac4cea88b31597de9e # v1.2.2
 
 # DO NOT EDIT BELOW THIS LINE -------- reserved for downstream projects --------

vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go

@@ -406,7 +406,14 @@ func SocketLabel() (string, error) {
 // SetKeyLabel takes a process label and tells the kernel to assign the
 // label to the next kernel keyring that gets created
 func SetKeyLabel(label string) error {
-	return writeCon("/proc/self/attr/keycreate", label)
+	err := writeCon("/proc/self/attr/keycreate", label)
+	if os.IsNotExist(err) {
+		return nil
+	}
+	if label == "" && os.IsPermission(err) && !GetEnabled() {
+		return nil
+	}
+	return err
 }
 
 // KeyLabel retrieves the current kernel keyring label setting