From fd94302cba0ec222a280442e2fb7e7555fda6772 Mon Sep 17 00:00:00 2001
From: Wenxuan Zhao <viz@linux.com>
Date: Tue, 5 Sep 2017 18:39:48 -0300
Subject: [PATCH] Relabel config files.

Without relabel these files, SELinux-enabled containers will show
"permission denied" errors for configuration files mounted with
`docker server create ... --config ... ...`.

Signed-off-by: Wenxuan Zhao <viz@linux.com>
Upstream-commit: 472c03a8c364090afb88258b3dd9748183c29d05
Component: engine
---
 components/engine/daemon/container_operations_unix.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
index 84b7eb352f..954c194ea8 100644
--- a/components/engine/daemon/container_operations_unix.go
+++ b/components/engine/daemon/container_operations_unix.go
@@ -307,6 +307,8 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) {
 		if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
 			return errors.Wrap(err, "error setting ownership for config")
 		}
+
+		label.Relabel(fPath, c.MountLabel, false)
 	}
 
 	return nil