1. docker
  2. Commit e7a837120de1f4f2d45c673e758bd444441a0c8f
Browse code

bump opencontainers/selinux v1.2.2

full diff: https://github.com/opencontainers/selinux/compare/v1.2.1...v1.2.2

- opencontainers/selinux#51 Older kernels do not support keyring labeling

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0d453115fe0b1b19c08c614b6029c4edf92a0f0a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Sebastiaan van Stijn authored on 2019/04/26 10:49:21
Showing 2 changed files
vendor.conf
History View file @ e7a8371
... ... 
@@ -162,6 +162,6 @@ github.com/morikuni/aec                             39771216ff4c63d11f5e604076f9
162 162 
 # metrics
163 163 
 github.com/docker/go-metrics                        d466d4f6fd960e01820085bd7e1a24426ee7ef18
164 164
165 
-github.com/opencontainers/selinux                   0bb7b9fa9ba5c1120e9d22caed4961fca4228408 # v1.2.1
165 
+github.com/opencontainers/selinux                   3a1f366feb7aecbf7a0e71ac4cea88b31597de9e # v1.2.2
166 166
167 167 
 # DO NOT EDIT BELOW THIS LINE -------- reserved for downstream projects --------
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
History View file @ e7a8371
... ... 
@@ -406,7 +406,14 @@ func SocketLabel() (string, error) {
406 406 
 // SetKeyLabel takes a process label and tells the kernel to assign the
407 407 
 // label to the next kernel keyring that gets created
408 408 
 func SetKeyLabel(label string) error {
409 
-	return writeCon("/proc/self/attr/keycreate", label)
409 
+	err := writeCon("/proc/self/attr/keycreate", label)
410 
+	if os.IsNotExist(err) {
411 
+		return nil
412 
+	}
413 
+	if label == "" && os.IsPermission(err) && !GetEnabled() {
414 
+		return nil
415 
+	}
416 
+	return err
410 417 
 }
411 418
412 419 
 // KeyLabel retrieves the current kernel keyring label setting