From 77df34b1da87c1d5336b45e2fe5be33e3b5fb1d0 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Thu, 25 Apr 2019 18:49:21 -0700
Subject: [PATCH] bump opencontainers/selinux v1.2.2

full diff: https://github.com/opencontainers/selinux/compare/v1.2.1...v1.2.2

- opencontainers/selinux#51 Older kernels do not support keyring labeling

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 0d453115fe0b1b19c08c614b6029c4edf92a0f0a
Component: engine
---
 components/engine/vendor.conf                            | 2 +-
 .../opencontainers/selinux/go-selinux/selinux_linux.go   | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf
index 93f07c4e4df..ae99800b49f 100644
--- a/components/engine/vendor.conf
+++ b/components/engine/vendor.conf
@@ -162,6 +162,6 @@ github.com/morikuni/aec                             39771216ff4c63d11f5e604076f9
 # metrics
 github.com/docker/go-metrics                        d466d4f6fd960e01820085bd7e1a24426ee7ef18
 
-github.com/opencontainers/selinux                   0bb7b9fa9ba5c1120e9d22caed4961fca4228408 # v1.2.1
+github.com/opencontainers/selinux                   3a1f366feb7aecbf7a0e71ac4cea88b31597de9e # v1.2.2
 
 # DO NOT EDIT BELOW THIS LINE -------- reserved for downstream projects --------
diff --git a/components/engine/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/components/engine/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index 51fa8de68a3..d7786c33c19 100644
--- a/components/engine/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/components/engine/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -406,7 +406,14 @@ func SocketLabel() (string, error) {
 // SetKeyLabel takes a process label and tells the kernel to assign the
 // label to the next kernel keyring that gets created
 func SetKeyLabel(label string) error {
-	return writeCon("/proc/self/attr/keycreate", label)
+	err := writeCon("/proc/self/attr/keycreate", label)
+	if os.IsNotExist(err) {
+		return nil
+	}
+	if label == "" && os.IsPermission(err) && !GetEnabled() {
+		return nil
+	}
+	return err
 }
 
 // KeyLabel retrieves the current kernel keyring label setting