rebase: bump the golang-dependencies group with 1 update

Bumps the golang-dependencies group with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `golang.org/x/crypto` from 0.16.0 to 0.17.0
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

vendor/github.com/opencontainers/selinux/go-selinux/label/label.go

@@ -78,6 +78,9 @@ func ReleaseLabel(label string) error {
 // Deprecated: use selinux.DupSecOpt
 var DupSecOpt = selinux.DupSecOpt
 
+// FormatMountLabel returns a string to be used by the mount command. Using
+// the SELinux `context` mount option. Changing labels of files on mount
+// points with this option can never be changed.
 // FormatMountLabel returns a string to be used by the mount command.
 // The format of this string will be used to alter the labeling of the mountpoint.
 // The string returned is suitable to be used as the options field of the mount command.
@@ -85,12 +88,27 @@ var DupSecOpt = selinux.DupSecOpt
 // the first parameter.  Second parameter is the label that you wish to apply
 // to all content in the mount point.
 func FormatMountLabel(src, mountLabel string) string {
+	return FormatMountLabelByType(src, mountLabel, "context")
+}
+
+// FormatMountLabelByType returns a string to be used by the mount command.
+// Allow caller to specify the mount options. For example using the SELinux
+// `fscontext` mount option would allow certain container processes to change
+// labels of files created on the mount points, where as `context` option does
+// not.
+// FormatMountLabelByType returns a string to be used by the mount command.
+// The format of this string will be used to alter the labeling of the mountpoint.
+// The string returned is suitable to be used as the options field of the mount command.
+// If you need to have additional mount point options, you can pass them in as
+// the first parameter.  Second parameter is the label that you wish to apply
+// to all content in the mount point.
+func FormatMountLabelByType(src, mountLabel, contextType string) string {
 	if mountLabel != "" {
 		switch src {
 		case "":
-			src = fmt.Sprintf("context=%q", mountLabel)
+			src = fmt.Sprintf("%s=%q", contextType, mountLabel)
 		default:
-			src = fmt.Sprintf("%s,context=%q", src, mountLabel)
+			src = fmt.Sprintf("%s,%s=%q", src, contextType, mountLabel)
 		}
 	}
 	return src

vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go

@@ -3,8 +3,6 @@ package label
 import (
 	"errors"
 	"fmt"
-	"os"
-	"os/user"
 	"strings"
 
 	"github.com/opencontainers/selinux/go-selinux"
@@ -113,50 +111,6 @@ func Relabel(path string, fileLabel string, shared bool) error {
 		return nil
 	}
 
-	exclude_paths := map[string]bool{
-		"/":           true,
-		"/bin":        true,
-		"/boot":       true,
-		"/dev":        true,
-		"/etc":        true,
-		"/etc/passwd": true,
-		"/etc/pki":    true,
-		"/etc/shadow": true,
-		"/home":       true,
-		"/lib":        true,
-		"/lib64":      true,
-		"/media":      true,
-		"/opt":        true,
-		"/proc":       true,
-		"/root":       true,
-		"/run":        true,
-		"/sbin":       true,
-		"/srv":        true,
-		"/sys":        true,
-		"/tmp":        true,
-		"/usr":        true,
-		"/var":        true,
-		"/var/lib":    true,
-		"/var/log":    true,
-	}
-
-	if home := os.Getenv("HOME"); home != "" {
-		exclude_paths[home] = true
-	}
-
-	if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" {
-		if usr, err := user.Lookup(sudoUser); err == nil {
-			exclude_paths[usr.HomeDir] = true
-		}
-	}
-
-	if path != "/" {
-		path = strings.TrimSuffix(path, "/")
-	}
-	if exclude_paths[path] {
-		return fmt.Errorf("SELinux relabeling of %s is not allowed", path)
-	}
-
 	if shared {
 		c, err := selinux.NewContext(fileLabel)
 		if err != nil {

vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go

@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package label