From f8fdde79eccf5b3cff5a356930677bbce6c8b2ff Mon Sep 17 00:00:00 2001
From: Lifubang <lifubang@acmcoder.com>
Date: Thu, 4 Apr 2019 23:20:36 +0800
Subject: [PATCH] fix SetKeyLabel in old kernels

Signed-off-by: Lifubang <lifubang@acmcoder.com>
---
 go-selinux/selinux_linux.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go
index 51fa8de..ed66991 100644
--- a/go-selinux/selinux_linux.go
+++ b/go-selinux/selinux_linux.go
@@ -406,7 +406,21 @@ func SocketLabel() (string, error) {
 // SetKeyLabel takes a process label and tells the kernel to assign the
 // label to the next kernel keyring that gets created
 func SetKeyLabel(label string) error {
-	return writeCon("/proc/self/attr/keycreate", label)
+	if label == "" && GetEnabled() {
+		if _, err := KeyLabel(); err == io.EOF || os.IsNotExist(err) {
+			// If we got io.EOF err, this means it is the first time write "" to keycreate
+			// And in some old kernels before Linux 2.6.18, there is no keycreate file
+			// So we can ignore these errors
+			return nil
+		}
+	}
+	err := writeCon("/proc/self/attr/keycreate", label)
+	if os.IsNotExist(err) {
+		// For non empty label, In some old kernels before Linux 2.6.18,
+		// there is no keycreate file, so we can ignore it
+		return nil
+	}
+	return err
 }
 
 // KeyLabel retrieves the current kernel keyring label setting