skip write /proc/self/attr/keycreate when selinux label is null

Signed-off-by: ningmingxiao <[email protected]>
opencontainers · Jul 29, 2024 · ee265e5 · ee265e5
1 parent bb1ec25
commit ee265e5
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go
@@ -724,11 +724,11 @@ func peerLabel(fd uintptr) (string, error) {
 // setKeyLabel takes a process label and tells the kernel to assign the
 // label to the next kernel keyring that gets created
 func setKeyLabel(label string) error {
-	err := writeCon("/proc/self/attr/keycreate", label)
-	if errors.Is(err, os.ErrNotExist) {
+	if label == "" {
 		return nil
 	}
-	if label == "" && errors.Is(err, os.ErrPermission) {
+	err := writeCon("/proc/self/attr/keycreate", label)
+	if errors.Is(err, os.ErrNotExist) {
 		return nil
 	}
 	return err