From eccd03f3c40ad98b87138e6d67f18785f53da788 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 May 2021 06:22:36 +0000
Subject: Bump github.com/containers/storage from 1.30.2 to 1.30.3

Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.30.2 to 1.30.3.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.30.2...v1.30.3)

Signed-off-by: dependabot[bot] <support@github.com>
---
 .../opencontainers/selinux/go-selinux/label/label_linux.go           | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'vendor/github.com/opencontainers/selinux/go-selinux/label')

diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
index 439455511..b3d142d8c 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
@@ -25,6 +25,8 @@ var ErrIncompatibleLabel = errors.New("Bad SELinux option z and Z can not be use
 // the container.  A list of options can be passed into this function to alter
 // the labels.  The labels returned will include a random MCS String, that is
 // guaranteed to be unique.
+// If the disabled flag is passed in, the process label will not be set, but the mount label will be set
+// to the container_file label with the maximum category. This label is not usable by any confined label.
 func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
 	if !selinux.GetEnabled() {
 		return "", "", nil
@@ -47,7 +49,8 @@ func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
 		}
 		for _, opt := range options {
 			if opt == "disable" {
-				return "", mountLabel, nil
+				selinux.ReleaseLabel(mountLabel)
+				return "", selinux.PrivContainerMountLabel(), nil
 			}
 			if i := strings.Index(opt, ":"); i == -1 {
 				return "", "", errors.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt)
-- 
cgit v1.2.3-54-g00ecf