d76235b88c
This vendoring fixes two issues. 1. When a user specifies an SELinux MCS Label (level) to override moby picking an unigue MCS label, the code currently picks a label then overrides with the user selected. This works fine, except the unique MCS Label is leaked and will not be used until the daemon is restarted. 2. The override label, is not reserved. This could potentially cause an issue where the daemon could pick the same MCS Label again for a different container. (~ 1/500,000 Chance). The updated selinux go bindings, now release the overriden unigue label, and reserve the one specified by the user. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: 73c82386148fe14a47cc515c622bd23b9b7d99b9 Component: engine