Add a note about Conflicts return value

Author: jsafrane

pkg/controller/volume/selinuxwarning/translator/selinux_translator.go

@@ -60,12 +60,13 @@ func (c *ControllerSELinuxTranslator) SELinuxOptionsToFileLabel(opts *v1.SELinux
 // Conflicts returns true if two SELinux labels conflict.
 // These labels must be generated by SELinuxOptionsToFileLabel above
 // (the function expects strict nr. of elements in the labels).
-// Since this translator cannot default missing components,
-// the first three components treated as incomparable when missing and they do not
-// conflict with anything.
+// Since this translator cannot default missing label components from the operating system,
+// the first three components can be empty. In this case, the empty components don't lead to a
+// conflict when compared to a real SELinux label and this function returns false (as no
+// conflict can be detected).
 // The last component (level) is always compared, as it is not defaulted by the operating system.
 // Example: "system_u:system_r:container_t:s0:c1,c2" *does not* conflict with ":::s0:c1,c2",
-// because the node that will run such a Pod may expand "":::s0:c1,c2" to "system_u:system_r:container_t:s0:c1,c2".
+// because the node that will run such a Pod may expand ":::s0:c1,c2" to "system_u:system_r:container_t:s0:c1,c2".
 // However: "system_u:system_r:container_t:s0:c1,c2" *does* conflict with ":::s0:c98,c99".
 // And ":::s0:c1,c2" *does* conflict with "" or ":::", because it's never defaulted by the OS.
 func (c *ControllerSELinuxTranslator) Conflicts(labelA, labelB string) bool {