From b8affe908fba948597b88a3f101411fdfcbbd11c Mon Sep 17 00:00:00 2001
From: Fabio Kung <fabio.kung@gmail.com>
Date: Wed, 5 Apr 2017 17:37:04 -0700
Subject: [PATCH] only Daemon.load needs to call label.ReserveLabel

Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
Upstream-commit: 9134e87afc6f3215a58d23c7261242b764357501
Component: engine
---
 components/engine/container/container.go | 4 ----
 components/engine/container/view.go      | 2 +-
 components/engine/daemon/container.go    | 6 +++++-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/components/engine/container/container.go b/components/engine/container/container.go
index 2fd007e0a5..b0ff5b7c9b 100644
--- a/components/engine/container/container.go
+++ b/components/engine/container/container.go
@@ -45,7 +45,6 @@ import (
 	"github.com/docker/libnetwork/options"
 	"github.com/docker/libnetwork/types"
 	agentexec "github.com/docker/swarmkit/agent/exec"
-	"github.com/opencontainers/selinux/go-selinux/label"
 )
 
 const configFileName = "config.v2.json"
@@ -152,9 +151,6 @@ func (container *Container) FromDisk() error {
 		container.Platform = runtime.GOOS
 	}
 
-	if err := label.ReserveLabel(container.ProcessLabel); err != nil {
-		return err
-	}
 	return container.readHostConfig()
 }
 
diff --git a/components/engine/container/view.go b/components/engine/container/view.go
index e5e1542f77..5c501fd9b4 100644
--- a/components/engine/container/view.go
+++ b/components/engine/container/view.go
@@ -95,7 +95,7 @@ func (db *memDB) Save(c *Container) error {
 	txn := db.store.Txn(true)
 	defer txn.Commit()
 	deepCopy := NewBaseContainer(c.ID, c.Root)
-	err := deepCopy.FromDisk() // TODO: deal with reserveLabel
+	err := deepCopy.FromDisk()
 	if err != nil {
 		return err
 	}
diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 6582da82c8..149df0dec6 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -18,6 +18,7 @@ import (
 	"github.com/docker/docker/pkg/truncindex"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/go-connections/nat"
+	"github.com/opencontainers/selinux/go-selinux/label"
 )
 
 // GetContainer looks for a container using the provided information, which could be
@@ -90,6 +91,9 @@ func (daemon *Daemon) load(id string) (*container.Container, error) {
 	if err := container.FromDisk(); err != nil {
 		return nil, err
 	}
+	if err := label.ReserveLabel(container.ProcessLabel); err != nil {
+		return nil, err
+	}
 
 	if container.ID != id {
 		return container, fmt.Errorf("Container %s is stored at %s", container.ID, id)
@@ -307,7 +311,7 @@ func (daemon *Daemon) verifyContainerSettings(hostConfig *containertypes.HostCon
 			return nil, fmt.Errorf("maximum retry count cannot be negative")
 		}
 	case "":
-	// do nothing
+		// do nothing
 	default:
 		return nil, fmt.Errorf("invalid restart policy '%s'", p.Name)
 	}