Fix SELinux failures on disabled SELinux Machines

On some machines when setting the SELinux key labels to "", we are seeing failures that cause runc to fail. Even if SELinux is disabled. This check will ignore callers calling SELinux Set*Label functions with "" when SELinux is disabled. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-04-02 10:23:59 -04:00 · 2019-04-02 10:23:59 -04:00 · dcf994b4f8
parent da2021132b
commit dcf994b4f8
2 changed files with 6 additions and 1 deletions
--- a/vendor.conf
+++ b/vendor.conf
@ -5,7 +5,7 @@ github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4
 # Core libcontainer functionality.
 github.com/checkpoint-restore/go-criu v3.11
 github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
-github.com/opencontainers/selinux v1.2
+github.com/opencontainers/selinux v1.2.1
 github.com/seccomp/libseccomp-golang 84e90a91acea0f4e51e62bc1a75de18b1fc0790f
 github.com/sirupsen/logrus a3f95b5c423586578a4e099b11a46c2479628cac
 github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@ -333,6 +333,11 @@ func writeCon(fpath string, val string) error {
 	if fpath == "" {
 		return ErrEmptyPath
 	}
+	if val == "" {
+		if !GetEnabled() {
+			return nil
+		}
+	}

 	out, err := os.OpenFile(fpath, os.O_WRONLY, 0)
 	if err != nil {