Vendor in latest selinux code for keycreate errors

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh 2019-04-24 08:41:56 -04:00
parent 029124da7a
commit 8362cd02c0
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
2 changed files with 9 additions and 2 deletions

View File

@ -5,7 +5,7 @@ github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4
# Core libcontainer functionality.
github.com/checkpoint-restore/go-criu v3.11
github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
github.com/opencontainers/selinux v1.2.1
github.com/opencontainers/selinux v1.2.2
github.com/seccomp/libseccomp-golang 84e90a91acea0f4e51e62bc1a75de18b1fc0790f
github.com/sirupsen/logrus a3f95b5c423586578a4e099b11a46c2479628cac
github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16

View File

@ -406,7 +406,14 @@ func SocketLabel() (string, error) {
// SetKeyLabel takes a process label and tells the kernel to assign the
// label to the next kernel keyring that gets created
func SetKeyLabel(label string) error {
return writeCon("/proc/self/attr/keycreate", label)
err := writeCon("/proc/self/attr/keycreate", label)
if os.IsNotExist(err) {
return nil
}
if label == "" && os.IsPermission(err) && !GetEnabled() {
return nil
}
return err
}
// KeyLabel retrieves the current kernel keyring label setting