From c6cfce304b10513abd71252fddb57367f3c91673 Mon Sep 17 00:00:00 2001
From: Mrunal Patel <mrunalp@gmail.com>
Date: Fri, 8 Apr 2016 14:12:51 -0700
Subject: [PATCH] Synchronize writes to mcs map

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
---
 libcontainer/selinux/selinux.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libcontainer/selinux/selinux.go b/libcontainer/selinux/selinux.go
index 3bdce10c..4babee1b 100644
--- a/libcontainer/selinux/selinux.go
+++ b/libcontainer/selinux/selinux.go
@@ -35,6 +35,7 @@ const (
 var (
 	assignRegex           = regexp.MustCompile(`^([^=]+)=(.*)$`)
 	mcsList               = make(map[string]bool)
+	mcsLock               sync.Mutex
 	selinuxfs             = "unknown"
 	selinuxEnabled        = false // Stores whether selinux is currently enabled
 	selinuxEnabledChecked = false // Stores whether selinux enablement has been checked or established yet
@@ -267,6 +268,8 @@ func SelinuxGetEnforceMode() int {
 }
 
 func mcsAdd(mcs string) error {
+	mcsLock.Lock()
+	defer mcsLock.Unlock()
 	if mcsList[mcs] {
 		return fmt.Errorf("MCS Label already exists")
 	}
@@ -275,7 +278,9 @@ func mcsAdd(mcs string) error {
 }
 
 func mcsDelete(mcs string) {
+	mcsLock.Lock()
 	mcsList[mcs] = false
+	mcsLock.Unlock()
 }
 
 func IntToMcs(id int, catRange uint32) string {