update selinux to b6fa367

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

pkg/server/helpers_selinux_test.go

@@ -19,6 +19,7 @@ limitations under the License.
 package server
 
 import (
+	"strings"
 	"testing"
 
 	"github.com/opencontainers/selinux/go-selinux"
@@ -62,6 +63,16 @@ func TestInitSelinuxOpts(t *testing.T) {
 			processLabel: "user_u:user_r:user_t:s0:c1,c2",
 			mountLabels:  []string{"user_u:object_r:container_file_t:s0:c1,c2", "user_u:object_r:svirt_sandbox_file_t:s0:c1,c2"},
 		},
+		"Should be resolved correctly when selinuxOpt has been initialized with level=''": {
+			selinuxOpt: &runtime.SELinuxOption{
+				User:  "user_u",
+				Role:  "user_r",
+				Type:  "user_t",
+				Level: "",
+			},
+			processLabel: "user_u:user_r:user_t:s0",
+			mountLabels:  []string{"user_u:object_r:container_file_t:s0", "user_u:object_r:svirt_sandbox_file_t:s0"},
+		},
 		"Should return error when the format of 'level' is not correct": {
 			selinuxOpt: &runtime.SELinuxOption{
 				User:  "user_u",
@@ -78,8 +89,15 @@ func TestInitSelinuxOpts(t *testing.T) {
 				assert.Error(t, err)
 			} else {
 				assert.NoError(t, err)
-				assert.Equal(t, test.processLabel, processLabel)
-				assert.Contains(t, test.mountLabels, mountLabel)
+				if test.selinuxOpt == nil || test.selinuxOpt.Level != "" {
+					assert.Equal(t, test.processLabel, processLabel)
+					assert.Contains(t, test.mountLabels, mountLabel)
+				} else {
+					assert.Equal(t, 0, strings.LastIndex(processLabel, test.processLabel))
+					contain := strings.LastIndex(mountLabel, test.mountLabels[0]) == 0 ||
+						strings.LastIndex(mountLabel, test.mountLabels[1]) == 0
+					assert.True(t, contain)
+				}
 			}
 		})
 	}