Update runc to v1.0.0-rc91

https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc91

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

vendor/github.com/opencontainers/selinux/go-selinux/label/label.go

@@ -1,8 +1,6 @@
 package label
 
 import (
-	"fmt"
-
 	"github.com/opencontainers/selinux/go-selinux"
 )
 
@@ -48,7 +46,7 @@ var PidLabel = selinux.PidLabel
 
 // Init initialises the labeling system
 func Init() {
-	_ = selinux.GetEnabled()
+	selinux.GetEnabled()
 }
 
 // ClearLabels will clear all reserved labels
@@ -77,21 +75,3 @@ func ReleaseLabel(label string) error {
 // can be used to set duplicate labels on future container processes
 // Deprecated: use selinux.DupSecOpt
 var DupSecOpt = selinux.DupSecOpt
-
-// FormatMountLabel returns a string to be used by the mount command.
-// The format of this string will be used to alter the labeling of the mountpoint.
-// The string returned is suitable to be used as the options field of the mount command.
-// If you need to have additional mount point options, you can pass them in as
-// the first parameter.  Second parameter is the label that you wish to apply
-// to all content in the mount point.
-func FormatMountLabel(src, mountLabel string) string {
-	if mountLabel != "" {
-		switch src {
-		case "":
-			src = fmt.Sprintf("context=%q", mountLabel)
-		default:
-			src = fmt.Sprintf("%s,context=%q", src, mountLabel)
-		}
-	}
-	return src
-}

vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go

@@ -3,6 +3,7 @@
 package label
 
 import (
+	"fmt"
 	"os"
 	"os/user"
 	"strings"
@@ -42,7 +43,7 @@ func InitLabels(options []string) (plabel string, mlabel string, Err error) {
 		if err != nil {
 			return "", "", err
 		}
-		mcsLevel := pcon["level"]
+
 		mcon, err := selinux.NewContext(mountLabel)
 		if err != nil {
 			return "", "", err
@@ -61,21 +62,16 @@ func InitLabels(options []string) (plabel string, mlabel string, Err error) {
 			}
 			if con[0] == "filetype" {
 				mcon["type"] = con[1]
-				continue
 			}
 			pcon[con[0]] = con[1]
 			if con[0] == "level" || con[0] == "user" {
 				mcon[con[0]] = con[1]
 			}
 		}
-		if pcon.Get() != processLabel {
-			if pcon["level"] != mcsLevel {
-				selinux.ReleaseLabel(processLabel)
-			}
-			processLabel = pcon.Get()
-			selinux.ReserveLabel(processLabel)
-		}
+		selinux.ReleaseLabel(processLabel)
+		processLabel = pcon.Get()
 		mountLabel = mcon.Get()
+		selinux.ReserveLabel(processLabel)
 	}
 	return processLabel, mountLabel, nil
 }
@@ -86,6 +82,24 @@ func GenLabels(options string) (string, string, error) {
 	return InitLabels(strings.Fields(options))
 }
 
+// FormatMountLabel returns a string to be used by the mount command.
+// The format of this string will be used to alter the labeling of the mountpoint.
+// The string returned is suitable to be used as the options field of the mount command.
+// If you need to have additional mount point options, you can pass them in as
+// the first parameter.  Second parameter is the label that you wish to apply
+// to all content in the mount point.
+func FormatMountLabel(src, mountLabel string) string {
+	if mountLabel != "" {
+		switch src {
+		case "":
+			src = fmt.Sprintf("context=%q", mountLabel)
+		default:
+			src = fmt.Sprintf("%s,context=%q", src, mountLabel)
+		}
+	}
+	return src
+}
+
 // SetFileLabel modifies the "path" label to the specified file label
 func SetFileLabel(path string, fileLabel string) error {
 	if !selinux.GetEnabled() || fileLabel == "" {

vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go

@@ -15,6 +15,10 @@ func GenLabels(options string) (string, string, error) {
 	return "", "", nil
 }
 
+func FormatMountLabel(src string, mountLabel string) string {
+	return src
+}
+
 func SetFileLabel(path string, fileLabel string) error {
 	return nil
 }

vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go

@@ -31,9 +31,6 @@ const (
 	// Disabled constant to indicate SELinux is disabled
 	Disabled = -1
 
-	// DefaultCategoryRange is the upper bound on the category range
-	DefaultCategoryRange = uint32(1024)
-
 	contextFile      = "/usr/share/containers/selinux/contexts"
 	selinuxDir       = "/etc/selinux/"
 	selinuxConfig    = selinuxDir + "config"
@@ -60,9 +57,6 @@ var (
 	// InvalidLabel is returned when an invalid label is specified.
 	InvalidLabel = errors.New("Invalid Label")
 
-	// CategoryRange allows the upper bound on the category range to be adjusted
-	CategoryRange = DefaultCategoryRange
-
 	assignRegex = regexp.MustCompile(`^([^=]+)=(.*)$`)
 	roFileLabel string
 	state       = selinuxState{
@@ -796,7 +790,7 @@ func ContainerLabels() (processLabel string, fileLabel string) {
 func addMcs(processLabel, fileLabel string) (string, string) {
 	scon, _ := NewContext(processLabel)
 	if scon["level"] != "" {
-		mcs := uniqMcs(CategoryRange)
+		mcs := uniqMcs(1024)
 		scon["level"] = mcs
 		processLabel = scon.Get()
 		scon, _ = NewContext(fileLabel)

vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go

@@ -13,8 +13,6 @@ const (
 	Permissive = 0
 	// Disabled constant to indicate SELinux is disabled
 	Disabled = -1
-	// DefaultCategoryRange is the upper bound on the category range
-	DefaultCategoryRange = uint32(1024)
 )
 
 var (
@@ -22,8 +20,6 @@ var (
 	ErrMCSAlreadyExists = errors.New("MCS label already exists")
 	// ErrEmptyPath is returned when an empty path has been specified.
 	ErrEmptyPath = errors.New("empty path")
-	// CategoryRange allows the upper bound on the category range to be adjusted
-	CategoryRange = DefaultCategoryRange
 )
 
 // Context is a representation of the SELinux label broken into 4 parts