We need to release the SELinux label when we destroy the sandbox

This will release the MCS Label to be used again. Only do this if we don't have another sandbox using the same label. Also vendor in the latest selinux go bindings, which fixes a leak and properly reserves the SELinux label we are going to use. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-10-25 02:35:20 +00:00 · 2017-10-25 02:35:20 +00:00 · c2c148f18d
commit c2c148f18d
parent 7ab9c55a12
4 changed files with 17 additions and 3 deletions
--- a/vendor.conf
+++ b/vendor.conf
@ -10,7 +10,7 @@ github.com/ostreedev/ostree-go master
 github.com/containers/storage d7921c6facc516358070a1306689eda18adaa20a
 github.com/containernetworking/cni v0.4.0
 google.golang.org/grpc v1.0.4 https://github.com/grpc/grpc-go
-github.com/opencontainers/selinux v1.0.0-rc1
+github.com/opencontainers/selinux b29023b86e4a69d1b46b7e7b4e2b6fda03f0b9cd
 github.com/opencontainers/go-digest v1.0.0-rc0
 github.com/opencontainers/runtime-tools d3f7e9e9e631c7e87552d67dc7c86de33c3fb68a
 github.com/opencontainers/runc 45bde006ca8c90e089894508708bcf0e2cdf9e13