1. docker
  2. Commit f0e6e135a8d733af173bf0b8732c704c9ec716d7
Browse code

Initial work on selinux patch

This has every container using the docker daemon's pid for the processes
label so it does not work correctly.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

Michael Crosby authored on 2014/04/18 08:47:27
Showing 21 changed files
daemon/container.go
History View file @ f0e6e13
... ... 
@@ -11,6 +11,7 @@ import (
11 11 
 	"github.com/dotcloud/docker/image"
12 12 
 	"github.com/dotcloud/docker/links"
13 13 
 	"github.com/dotcloud/docker/nat"
14 
+	"github.com/dotcloud/docker/pkg/selinux"
14 15 
 	"github.com/dotcloud/docker/runconfig"
15 16 
 	"github.com/dotcloud/docker/utils"
16 17 
 	"io"
... ... 
@@ -64,7 +65,8 @@ type Container struct {
64 64 
 	stdin     io.ReadCloser
65 65 
 	stdinPipe io.WriteCloser
66 66
67 
-	daemon *Daemon
67 
+	daemon                   *Daemon
68 
+	mountLabel, processLabel string
68 69
69 70 
 	waitLock chan struct{}
70 71 
 	Volumes  map[string]string
... ... 
@@ -320,9 +322,11 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s
320 320
321 321 
 func populateCommand(c *Container, env []string) {
322 322 
 	var (
323 
-		en           *execdriver.Network
324 
-		driverConfig = make(map[string][]string)
323 
+		en      *execdriver.Network
324 
+		context = make(map[string][]string)
325 325 
 	)
326 
+	context["process_label"] = []string{c.processLabel}
327 
+	context["mount_label"] = []string{c.mountLabel}
326 328
327 329 
 	en = &execdriver.Network{
328 330 
 		Mtu:       c.daemon.config.Mtu,
... ... 
@@ -340,7 +344,7 @@ func populateCommand(c *Container, env []string) {
340 340 
 	}
341 341
342 342 
 	// TODO: this can be removed after lxc-conf is fully deprecated
343 
-	mergeLxcConfIntoOptions(c.hostConfig, driverConfig)
343 
+	mergeLxcConfIntoOptions(c.hostConfig, context)
344 344
345 345 
 	resources := &execdriver.Resources{
346 346 
 		Memory:     c.Config.Memory,
... ... 
@@ -358,7 +362,7 @@ func populateCommand(c *Container, env []string) {
358 358 
 		Network:    en,
359 359 
 		Tty:        c.Config.Tty,
360 360 
 		User:       c.Config.User,
361 
-		Config:     driverConfig,
361 
+		Config:     context,
362 362 
 		Resources:  resources,
363 363 
 	}
364 364 
 	c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
... ... 
@@ -383,6 +387,12 @@ func (container *Container) Start() (err error) {
383 383 
 	if err := container.setupContainerDns(); err != nil {
384 384 
 		return err
385 385 
 	}
386 
+
387 
+	process, mount := selinux.GetLxcContexts()
388 
+
389 
+	container.mountLabel = mount
390 
+	container.processLabel = process
391 
+
386 392 
 	if err := container.Mount(); err != nil {
387 393 
 		return err
388 394 
 	}
daemon/daemon.go
History View file @ f0e6e13
... ... 
@@ -543,10 +543,10 @@ func (daemon *Daemon) createRootfs(container *Container, img *image.Image) error
543 543 
 		return err
544 544 
 	}
545 545 
 	initID := fmt.Sprintf("%s-init", container.ID)
546 
-	if err := daemon.driver.Create(initID, img.ID, ""); err != nil {
546 
+	if err := daemon.driver.Create(initID, img.ID); err != nil {
547 547 
 		return err
548 548 
 	}
549 
-	initPath, err := daemon.driver.Get(initID)
549 
+	initPath, err := daemon.driver.Get(initID, "")
550 550 
 	if err != nil {
551 551 
 		return err
552 552 
 	}
... ... 
@@ -556,7 +556,7 @@ func (daemon *Daemon) createRootfs(container *Container, img *image.Image) error
556 556 
 		return err
557 557 
 	}
558 558
559 
-	if err := daemon.driver.Create(container.ID, initID, ""); err != nil {
559 
+	if err := daemon.driver.Create(container.ID, initID); err != nil {
560 560 
 		return err
561 561 
 	}
562 562 
 	return nil
... ... 
@@ -670,7 +670,6 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D
670 670 
 	if !config.EnableSelinuxSupport {
671 671 
 		selinux.SetDisabled()
672 672 
 	}
673 
-
674 673 
 	// Set the default driver
675 674 
 	graphdriver.DefaultDriver = config.GraphDriver
676 675
... ... 
@@ -840,7 +839,7 @@ func (daemon *Daemon) Close() error {
840 840 
 }
841 841
842 842 
 func (daemon *Daemon) Mount(container *Container) error {
843 
-	dir, err := daemon.driver.Get(container.ID)
843 
+	dir, err := daemon.driver.Get(container.ID, container.mountLabel)
844 844 
 	if err != nil {
845 845 
 		return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err)
846 846 
 	}
... ... 
@@ -862,12 +861,12 @@ func (daemon *Daemon) Changes(container *Container) ([]archive.Change, error) {
862 862 
 	if differ, ok := daemon.driver.(graphdriver.Differ); ok {
863 863 
 		return differ.Changes(container.ID)
864 864 
 	}
865 
-	cDir, err := daemon.driver.Get(container.ID)
865 
+	cDir, err := daemon.driver.Get(container.ID, "")
866 866 
 	if err != nil {
867 867 
 		return nil, fmt.Errorf("Error getting container rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err)
868 868 
 	}
869 869 
 	defer daemon.driver.Put(container.ID)
870 
-	initDir, err := daemon.driver.Get(container.ID + "-init")
870 
+	initDir, err := daemon.driver.Get(container.ID+"-init", "")
871 871 
 	if err != nil {
872 872 
 		return nil, fmt.Errorf("Error getting container init rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err)
873 873 
 	}
... ... 
@@ -885,7 +884,7 @@ func (daemon *Daemon) Diff(container *Container) (archive.Archive, error) {
885 885 
 		return nil, err
886 886 
 	}
887 887
888 
-	cDir, err := daemon.driver.Get(container.ID)
888 
+	cDir, err := daemon.driver.Get(container.ID, "")
889 889 
 	if err != nil {
890 890 
 		return nil, fmt.Errorf("Error getting container rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err)
891 891 
 	}
daemon/execdriver/native/create.go
History View file @ f0e6e13
... ... 
@@ -8,7 +8,6 @@ import (
8 8 
 	"github.com/dotcloud/docker/daemon/execdriver/native/configuration"
9 9 
 	"github.com/dotcloud/docker/daemon/execdriver/native/template"
10 10 
 	"github.com/dotcloud/docker/pkg/apparmor"
11 
-	"github.com/dotcloud/docker/pkg/label"
12 11 
 	"github.com/dotcloud/docker/pkg/libcontainer"
13 12 
 )
14 13
... ... 
@@ -119,14 +118,7 @@ func (d *driver) setupMounts(container *libcontainer.Container, c *execdriver.Co
119 119 
 }
120 120
121 121 
 func (d *driver) setupLabels(container *libcontainer.Container, c *execdriver.Command) error {
122 
-	labels := c.Config["label"]
123 
-	if len(labels) > 0 {
124 
-		process, mount, err := label.GenLabels(labels[0])
125 
-		if err != nil {
126 
-			return err
127 
-		}
128 
-		container.Context["mount_label"] = mount
129 
-		container.Context["process_label"] = process
130 
-	}
122 
+	container.Context["process_label"] = c.Config["process_label"][0]
123 
+	container.Context["mount_label"] = c.Config["mount_label"][0]
131 124 
 	return nil
132 125 
 }
daemon/graphdriver/aufs/aufs.go
History View file @ f0e6e13
... ... 
@@ -25,6 +25,7 @@ import (
25 25 
 	"fmt"
26 26 
 	"github.com/dotcloud/docker/archive"
27 27 
 	"github.com/dotcloud/docker/daemon/graphdriver"
28 
+	"github.com/dotcloud/docker/pkg/label"
28 29 
 	mountpk "github.com/dotcloud/docker/pkg/mount"
29 30 
 	"github.com/dotcloud/docker/utils"
30 31 
 	"os"
... ... 
@@ -134,7 +135,7 @@ func (a Driver) Exists(id string) bool {
134 134
135 135 
 // Three folders are created for each id
136 136 
 // mnt, layers, and diff
137 
-func (a *Driver) Create(id, parent string, mountLabel string) error {
137 
+func (a *Driver) Create(id, parent string) error {
138 138 
 	if err := a.createDirsFor(id); err != nil {
139 139 
 		return err
140 140 
 	}
... ... 
@@ -218,7 +219,7 @@ func (a *Driver) Remove(id string) error {
218 218
219 219 
 // Return the rootfs path for the id
220 220 
 // This will mount the dir at it's given path
221 
-func (a *Driver) Get(id string) (string, error) {
221 
+func (a *Driver) Get(id, mountLabel string) (string, error) {
222 222 
 	ids, err := getParentIds(a.rootPath(), id)
223 223 
 	if err != nil {
224 224 
 		if !os.IsNotExist(err) {
... ... 
@@ -240,7 +241,7 @@ func (a *Driver) Get(id string) (string, error) {
240 240 
 		out = path.Join(a.rootPath(), "mnt", id)
241 241
242 242 
 		if count == 0 {
243 
-			if err := a.mount(id); err != nil {
243 
+			if err := a.mount(id, mountLabel); err != nil {
244 244 
 				return "", err
245 245 
 			}
246 246 
 		}
... ... 
@@ -309,7 +310,7 @@ func (a *Driver) getParentLayerPaths(id string) ([]string, error) {
309 309 
 	return layers, nil
310 310 
 }
311 311
312 
-func (a *Driver) mount(id string) error {
312 
+func (a *Driver) mount(id, mountLabel string) error {
313 313 
 	// If the id is mounted or we get an error return
314 314 
 	if mounted, err := a.mounted(id); err != nil || mounted {
315 315 
 		return err
... ... 
@@ -325,7 +326,7 @@ func (a *Driver) mount(id string) error {
325 325 
 		return err
326 326 
 	}
327 327
328 
-	if err := a.aufsMount(layers, rw, target); err != nil {
328 
+	if err := a.aufsMount(layers, rw, target, mountLabel); err != nil {
329 329 
 		return err
330 330 
 	}
331 331 
 	return nil
... ... 
@@ -358,21 +359,21 @@ func (a *Driver) Cleanup() error {
358 358 
 	return nil
359 359 
 }
360 360
361 
-func (a *Driver) aufsMount(ro []string, rw, target string) (err error) {
361 
+func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err error) {
362 362 
 	defer func() {
363 363 
 		if err != nil {
364 364 
 			Unmount(target)
365 365 
 		}
366 366 
 	}()
367 367
368 
-	if err = a.tryMount(ro, rw, target); err != nil {
369 
-		if err = a.mountRw(rw, target); err != nil {
368 
+	if err = a.tryMount(ro, rw, target, mountLabel); err != nil {
369 
+		if err = a.mountRw(rw, target, mountLabel); err != nil {
370 370 
 			return
371 371 
 		}
372 372
373 373 
 		for _, layer := range ro {
374 
-			branch := fmt.Sprintf("append:%s=ro+wh", layer)
375 
-			if err = mount("none", target, "aufs", MsRemount, branch); err != nil {
374 
+			data := label.FormatMountLabel(fmt.Sprintf("append:%s=ro+wh", layer), mountLabel)
375 
+			if err = mount("none", target, "aufs", MsRemount, data); err != nil {
376 376 
 				return
377 377 
 			}
378 378 
 		}
... ... 
@@ -382,16 +383,18 @@ func (a *Driver) aufsMount(ro []string, rw, target string) (err error) {
382 382
383 383 
 // Try to mount using the aufs fast path, if this fails then
384 384 
 // append ro layers.
385 
-func (a *Driver) tryMount(ro []string, rw, target string) (err error) {
385 
+func (a *Driver) tryMount(ro []string, rw, target, mountLabel string) (err error) {
386 386 
 	var (
387 387 
 		rwBranch   = fmt.Sprintf("%s=rw", rw)
388 388 
 		roBranches = fmt.Sprintf("%s=ro+wh:", strings.Join(ro, "=ro+wh:"))
389 
+		data       = label.FormatMountLabel(fmt.Sprintf("br:%v:%v,xino=/dev/shm/aufs.xino", rwBranch, roBranches), mountLabel)
389 390 
 	)
390 
-	return mount("none", target, "aufs", 0, fmt.Sprintf("br:%v:%v,xino=/dev/shm/aufs.xino", rwBranch, roBranches))
391 
+	return mount("none", target, "aufs", 0, data)
391 392 
 }
392 393
393 
-func (a *Driver) mountRw(rw, target string) error {
394 
-	return mount("none", target, "aufs", 0, fmt.Sprintf("br:%s,xino=/dev/shm/aufs.xino", rw))
394 
+func (a *Driver) mountRw(rw, target, mountLabel string) error {
395 
+	data := label.FormatMountLabel(fmt.Sprintf("br:%s,xino=/dev/shm/aufs.xino", rw), mountLabel)
396 
+	return mount("none", target, "aufs", 0, data)
395 397 
 }
396 398
397 399 
 func rollbackMount(target string, err error) {
daemon/graphdriver/aufs/aufs_test.go
History View file @ f0e6e13
... ... 
@@ -90,7 +90,7 @@ func TestCreateNewDir(t *testing.T) {
90 90 
 	d := newDriver(t)
91 91 
 	defer os.RemoveAll(tmp)
92 92
93 
-	if err := d.Create("1", "", ""); err != nil {
93 
+	if err := d.Create("1", ""); err != nil {
94 94 
 		t.Fatal(err)
95 95 
 	}
96 96 
 }
... ... 
@@ -99,7 +99,7 @@ func TestCreateNewDirStructure(t *testing.T) {
99 99 
 	d := newDriver(t)
100 100 
 	defer os.RemoveAll(tmp)
101 101
102 
-	if err := d.Create("1", "", ""); err != nil {
102 
+	if err := d.Create("1", ""); err != nil {
103 103 
 		t.Fatal(err)
104 104 
 	}
105 105
... ... 
@@ -120,7 +120,7 @@ func TestRemoveImage(t *testing.T) {
120 120 
 	d := newDriver(t)
121 121 
 	defer os.RemoveAll(tmp)
122 122
123 
-	if err := d.Create("1", "", ""); err != nil {
123 
+	if err := d.Create("1", ""); err != nil {
124 124 
 		t.Fatal(err)
125 125 
 	}
126 126
... ... 
@@ -145,11 +145,11 @@ func TestGetWithoutParent(t *testing.T) {
145 145 
 	d := newDriver(t)
146 146 
 	defer os.RemoveAll(tmp)
147 147
148 
-	if err := d.Create("1", "", ""); err != nil {
148 
+	if err := d.Create("1", ""); err != nil {
149 149 
 		t.Fatal(err)
150 150 
 	}
151 151
152 
-	diffPath, err := d.Get("1")
152 
+	diffPath, err := d.Get("1", "")
153 153 
 	if err != nil {
154 154 
 		t.Fatal(err)
155 155 
 	}
... ... 
@@ -172,7 +172,7 @@ func TestCleanupWithDir(t *testing.T) {
172 172 
 	d := newDriver(t)
173 173 
 	defer os.RemoveAll(tmp)
174 174
175 
-	if err := d.Create("1", "", ""); err != nil {
175 
+	if err := d.Create("1", ""); err != nil {
176 176 
 		t.Fatal(err)
177 177 
 	}
178 178
... ... 
@@ -185,7 +185,7 @@ func TestMountedFalseResponse(t *testing.T) {
185 185 
 	d := newDriver(t)
186 186 
 	defer os.RemoveAll(tmp)
187 187
188 
-	if err := d.Create("1", "", ""); err != nil {
188 
+	if err := d.Create("1", ""); err != nil {
189 189 
 		t.Fatal(err)
190 190 
 	}
191 191
... ... 
@@ -204,14 +204,14 @@ func TestMountedTrueReponse(t *testing.T) {
204 204 
 	defer os.RemoveAll(tmp)
205 205 
 	defer d.Cleanup()
206 206
207 
-	if err := d.Create("1", "", ""); err != nil {
207 
+	if err := d.Create("1", ""); err != nil {
208 208 
 		t.Fatal(err)
209 209 
 	}
210 
-	if err := d.Create("2", "1", ""); err != nil {
210 
+	if err := d.Create("2", "1"); err != nil {
211 211 
 		t.Fatal(err)
212 212 
 	}
213 213
214 
-	_, err := d.Get("2")
214 
+	_, err := d.Get("2", "")
215 215 
 	if err != nil {
216 216 
 		t.Fatal(err)
217 217 
 	}
... ... 
@@ -230,10 +230,10 @@ func TestMountWithParent(t *testing.T) {
230 230 
 	d := newDriver(t)
231 231 
 	defer os.RemoveAll(tmp)
232 232
233 
-	if err := d.Create("1", "", ""); err != nil {
233 
+	if err := d.Create("1", ""); err != nil {
234 234 
 		t.Fatal(err)
235 235 
 	}
236 
-	if err := d.Create("2", "1", ""); err != nil {
236 
+	if err := d.Create("2", "1"); err != nil {
237 237 
 		t.Fatal(err)
238 238 
 	}
239 239
... ... 
@@ -243,7 +243,7 @@ func TestMountWithParent(t *testing.T) {
243 243 
 		}
244 244 
 	}()
245 245
246 
-	mntPath, err := d.Get("2")
246 
+	mntPath, err := d.Get("2", "")
247 247 
 	if err != nil {
248 248 
 		t.Fatal(err)
249 249 
 	}
... ... 
@@ -261,10 +261,10 @@ func TestRemoveMountedDir(t *testing.T) {
261 261 
 	d := newDriver(t)
262 262 
 	defer os.RemoveAll(tmp)
263 263
264 
-	if err := d.Create("1", "", ""); err != nil {
264 
+	if err := d.Create("1", ""); err != nil {
265 265 
 		t.Fatal(err)
266 266 
 	}
267 
-	if err := d.Create("2", "1", ""); err != nil {
267 
+	if err := d.Create("2", "1"); err != nil {
268 268 
 		t.Fatal(err)
269 269 
 	}
270 270
... ... 
@@ -274,7 +274,7 @@ func TestRemoveMountedDir(t *testing.T) {
274 274 
 		}
275 275 
 	}()
276 276
277 
-	mntPath, err := d.Get("2")
277 
+	mntPath, err := d.Get("2", "")
278 278 
 	if err != nil {
279 279 
 		t.Fatal(err)
280 280 
 	}
... ... 
@@ -300,7 +300,7 @@ func TestCreateWithInvalidParent(t *testing.T) {
300 300 
 	d := newDriver(t)
301 301 
 	defer os.RemoveAll(tmp)
302 302
303 
-	if err := d.Create("1", "docker", ""); err == nil {
303 
+	if err := d.Create("1", "docker"); err == nil {
304 304 
 		t.Fatalf("Error should not be nil with parent does not exist")
305 305 
 	}
306 306 
 }
... ... 
@@ -309,11 +309,11 @@ func TestGetDiff(t *testing.T) {
309 309 
 	d := newDriver(t)
310 310 
 	defer os.RemoveAll(tmp)
311 311
312 
-	if err := d.Create("1", "", ""); err != nil {
312 
+	if err := d.Create("1", ""); err != nil {
313 313 
 		t.Fatal(err)
314 314 
 	}
315 315
316 
-	diffPath, err := d.Get("1")
316 
+	diffPath, err := d.Get("1", "")
317 317 
 	if err != nil {
318 318 
 		t.Fatal(err)
319 319 
 	}
... ... 
@@ -343,10 +343,10 @@ func TestChanges(t *testing.T) {
343 343 
 	d := newDriver(t)
344 344 
 	defer os.RemoveAll(tmp)
345 345
346 
-	if err := d.Create("1", "", ""); err != nil {
346 
+	if err := d.Create("1", ""); err != nil {
347 347 
 		t.Fatal(err)
348 348 
 	}
349 
-	if err := d.Create("2", "1", ""); err != nil {
349 
+	if err := d.Create("2", "1"); err != nil {
350 350 
 		t.Fatal(err)
351 351 
 	}
352 352
... ... 
@@ -356,7 +356,7 @@ func TestChanges(t *testing.T) {
356 356 
 		}
357 357 
 	}()
358 358
359 
-	mntPoint, err := d.Get("2")
359 
+	mntPoint, err := d.Get("2", "")
360 360 
 	if err != nil {
361 361 
 		t.Fatal(err)
362 362 
 	}
... ... 
@@ -392,10 +392,10 @@ func TestChanges(t *testing.T) {
392 392 
 		t.Fatalf("Change kind should be ChangeAdd got %s", change.Kind)
393 393 
 	}
394 394
395 
-	if err := d.Create("3", "2", ""); err != nil {
395 
+	if err := d.Create("3", "2"); err != nil {
396 396 
 		t.Fatal(err)
397 397 
 	}
398 
-	mntPoint, err = d.Get("3")
398 
+	mntPoint, err = d.Get("3", "")
399 399 
 	if err != nil {
400 400 
 		t.Fatal(err)
401 401 
 	}
... ... 
@@ -437,11 +437,11 @@ func TestDiffSize(t *testing.T) {
437 437 
 	d := newDriver(t)
438 438 
 	defer os.RemoveAll(tmp)
439 439
440 
-	if err := d.Create("1", "", ""); err != nil {
440 
+	if err := d.Create("1", ""); err != nil {
441 441 
 		t.Fatal(err)
442 442 
 	}
443 443
444 
-	diffPath, err := d.Get("1")
444 
+	diffPath, err := d.Get("1", "")
445 445 
 	if err != nil {
446 446 
 		t.Fatal(err)
447 447 
 	}
... ... 
@@ -479,11 +479,11 @@ func TestChildDiffSize(t *testing.T) {
479 479 
 	defer os.RemoveAll(tmp)
480 480 
 	defer d.Cleanup()
481 481
482 
-	if err := d.Create("1", "", ""); err != nil {
482 
+	if err := d.Create("1", ""); err != nil {
483 483 
 		t.Fatal(err)
484 484 
 	}
485 485
486 
-	diffPath, err := d.Get("1")
486 
+	diffPath, err := d.Get("1", "")
487 487 
 	if err != nil {
488 488 
 		t.Fatal(err)
489 489 
 	}
... ... 
@@ -515,7 +515,7 @@ func TestChildDiffSize(t *testing.T) {
515 515 
 		t.Fatalf("Expected size to be %d got %d", size, diffSize)
516 516 
 	}
517 517
518 
-	if err := d.Create("2", "1", ""); err != nil {
518 
+	if err := d.Create("2", "1"); err != nil {
519 519 
 		t.Fatal(err)
520 520 
 	}
521 521
... ... 
@@ -534,7 +534,7 @@ func TestExists(t *testing.T) {
534 534 
 	defer os.RemoveAll(tmp)
535 535 
 	defer d.Cleanup()
536 536
537 
-	if err := d.Create("1", "", ""); err != nil {
537 
+	if err := d.Create("1", ""); err != nil {
538 538 
 		t.Fatal(err)
539 539 
 	}
540 540
... ... 
@@ -552,7 +552,7 @@ func TestStatus(t *testing.T) {
552 552 
 	defer os.RemoveAll(tmp)
553 553 
 	defer d.Cleanup()
554 554
555 
-	if err := d.Create("1", "", ""); err != nil {
555 
+	if err := d.Create("1", ""); err != nil {
556 556 
 		t.Fatal(err)
557 557 
 	}
558 558
... ... 
@@ -581,11 +581,11 @@ func TestApplyDiff(t *testing.T) {
581 581 
 	defer os.RemoveAll(tmp)
582 582 
 	defer d.Cleanup()
583 583
584 
-	if err := d.Create("1", "", ""); err != nil {
584 
+	if err := d.Create("1", ""); err != nil {
585 585 
 		t.Fatal(err)
586 586 
 	}
587 587
588 
-	diffPath, err := d.Get("1")
588 
+	diffPath, err := d.Get("1", "")
589 589 
 	if err != nil {
590 590 
 		t.Fatal(err)
591 591 
 	}
... ... 
@@ -607,10 +607,10 @@ func TestApplyDiff(t *testing.T) {
607 607 
 		t.Fatal(err)
608 608 
 	}
609 609
610 
-	if err := d.Create("2", "", ""); err != nil {
610 
+	if err := d.Create("2", ""); err != nil {
611 611 
 		t.Fatal(err)
612 612 
 	}
613 
-	if err := d.Create("3", "2", ""); err != nil {
613 
+	if err := d.Create("3", "2"); err != nil {
614 614 
 		t.Fatal(err)
615 615 
 	}
616 616
... ... 
@@ -620,7 +620,7 @@ func TestApplyDiff(t *testing.T) {
620 620
621 621 
 	// Ensure that the file is in the mount point for id 3
622 622
623 
-	mountPoint, err := d.Get("3")
623 
+	mountPoint, err := d.Get("3", "")
624 624 
 	if err != nil {
625 625 
 		t.Fatal(err)
626 626 
 	}
... ... 
@@ -656,11 +656,11 @@ func TestMountMoreThan42Layers(t *testing.T) {
656 656 
 		}
657 657 
 		current = hash(current)
658 658
659 
-		if err := d.Create(current, parent, ""); err != nil {
659 
+		if err := d.Create(current, parent); err != nil {
660 660 
 			t.Logf("Current layer %d", i)
661 661 
 			t.Fatal(err)
662 662 
 		}
663 
-		point, err := d.Get(current)
663 
+		point, err := d.Get(current, "")
664 664 
 		if err != nil {
665 665 
 			t.Logf("Current layer %d", i)
666 666 
 			t.Fatal(err)
... ... 
@@ -683,7 +683,7 @@ func TestMountMoreThan42Layers(t *testing.T) {
683 683 
 	}
684 684
685 685 
 	// Perform the actual mount for the top most image
686 
-	point, err := d.Get(last)
686 
+	point, err := d.Get(last, "")
687 687 
 	if err != nil {
688 688 
 		t.Fatal(err)
689 689 
 	}
daemon/graphdriver/aufs/migrate.go
History View file @ f0e6e13
... ... 
@@ -77,11 +77,11 @@ func (a *Driver) migrateContainers(pth string, setupInit func(p string) error) e
77 77 
 				}
78 78
79 79 
 				initID := fmt.Sprintf("%s-init", id)
80 
-				if err := a.Create(initID, metadata.Image, ""); err != nil {
80 
+				if err := a.Create(initID, metadata.Image); err != nil {
81 81 
 					return err
82 82 
 				}
83 83
84 
-				initPath, err := a.Get(initID)
84 
+				initPath, err := a.Get(initID, "")
85 85 
 				if err != nil {
86 86 
 					return err
87 87 
 				}
... ... 
@@ -90,7 +90,7 @@ func (a *Driver) migrateContainers(pth string, setupInit func(p string) error) e
90 90 
 					return err
91 91 
 				}
92 92
93 
-				if err := a.Create(id, initID, ""); err != nil {
93 
+				if err := a.Create(id, initID); err != nil {
94 94 
 					return err
95 95 
 				}
96 96 
 			}
... ... 
@@ -144,7 +144,7 @@ func (a *Driver) migrateImage(m *metadata, pth string, migrated map[string]bool)
144 144 
 			return err
145 145 
 		}
146 146 
 		if !a.Exists(m.ID) {
147 
-			if err := a.Create(m.ID, m.ParentID, ""); err != nil {
147 
+			if err := a.Create(m.ID, m.ParentID); err != nil {
148 148 
 				return err
149 149 
 			}
150 150 
 		}
daemon/graphdriver/btrfs/btrfs.go
History View file @ f0e6e13
... ... 
@@ -80,7 +80,7 @@ func getDirFd(dir *C.DIR) uintptr {
80 80 
 	return uintptr(C.dirfd(dir))
81 81 
 }
82 82
83 
-func subvolCreate(path, name string, mountLabel string) error {
83 
+func subvolCreate(path, name string) error {
84 84 
 	dir, err := openDir(path)
85 85 
 	if err != nil {
86 86 
 		return err
... ... 
@@ -155,17 +155,17 @@ func (d *Driver) subvolumesDirId(id string) string {
155 155 
 	return path.Join(d.subvolumesDir(), id)
156 156 
 }
157 157
158 
-func (d *Driver) Create(id string, parent string, mountLabel string) error {
158 
+func (d *Driver) Create(id string, parent string) error {
159 159 
 	subvolumes := path.Join(d.home, "subvolumes")
160 160 
 	if err := os.MkdirAll(subvolumes, 0700); err != nil {
161 161 
 		return err
162 162 
 	}
163 163 
 	if parent == "" {
164 
-		if err := subvolCreate(subvolumes, id, mountLabel); err != nil {
164 
+		if err := subvolCreate(subvolumes, id); err != nil {
165 165 
 			return err
166 166 
 		}
167 167 
 	} else {
168 
-		parentDir, err := d.Get(parent)
168 
+		parentDir, err := d.Get(parent, "")
169 169 
 		if err != nil {
170 170 
 			return err
171 171 
 		}
... ... 
@@ -187,7 +187,7 @@ func (d *Driver) Remove(id string) error {
187 187 
 	return os.RemoveAll(dir)
188 188 
 }
189 189
190 
-func (d *Driver) Get(id string) (string, error) {
190 
+func (d *Driver) Get(id, mountLabel string) (string, error) {
191 191 
 	dir := d.subvolumesDirId(id)
192 192 
 	st, err := os.Stat(dir)
193 193 
 	if err != nil {
daemon/graphdriver/devmapper/deviceset.go
History View file @ f0e6e13
... ... 
@@ -845,7 +845,7 @@ func (devices *DeviceSet) Shutdown() error {
845 845 
 	return nil
846 846 
 }
847 847
848 
-func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) error {
848 
+func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error {
849 849 
 	info, err := devices.lookupDevice(hash)
850 850 
 	if err != nil {
851 851 
 		return err
... ... 
@@ -858,6 +858,7 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro
858 858 
 	defer devices.Unlock()
859 859
860 860 
 	if info.mountCount > 0 {
861 
+		fmt.Printf("---> already mounted\n")
861 862 
 		if path != info.mountPath {
862 863 
 			return fmt.Errorf("Trying to mount devmapper device in multple places (%s, %s)", info.mountPath, path)
863 864 
 		}
... ... 
@@ -873,9 +874,12 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro
873 873 
 	var flags uintptr = sysMsMgcVal
874 874
875 875 
 	mountOptions := label.FormatMountLabel("discard", mountLabel)
876 
+	fmt.Printf("-----> setting mount label %s\n", mountOptions)
877 
+
876 878 
 	err = sysMount(info.DevName(), path, "ext4", flags, mountOptions)
877 879 
 	if err != nil && err == sysEInval {
878 
-		mountOptions = label.FormatMountLabel(mountLabel, "")
880 
+		mountOptions = label.FormatMountLabel("", mountLabel)
881 
+		fmt.Printf("-----> setting mount label after error %s\n", mountOptions)
879 882 
 		err = sysMount(info.DevName(), path, "ext4", flags, mountOptions)
880 883 
 	}
881 884 
 	if err != nil {
daemon/graphdriver/devmapper/driver.go
History View file @ f0e6e13
... ... 
@@ -60,7 +60,7 @@ func (d *Driver) Cleanup() error {
60 60 
 	return d.DeviceSet.Shutdown()
61 61 
 }
62 62
63 
-func (d *Driver) Create(id, parent string, mountLabel string) error {
63 
+func (d *Driver) Create(id, parent string) error {
64 64 
 	if err := d.DeviceSet.AddDevice(id, parent); err != nil {
65 65 
 		return err
66 66 
 	}
... ... 
@@ -89,7 +89,7 @@ func (d *Driver) Remove(id string) error {
89 89 
 	return nil
90 90 
 }
91 91
92 
-func (d *Driver) Get(id string) (string, error) {
92 
+func (d *Driver) Get(id, mountLabel string) (string, error) {
93 93 
 	mp := path.Join(d.home, "mnt", id)
94 94
95 95 
 	// Create the target directories if they don't exist
daemon/graphdriver/devmapper/driver_test.go
History View file @ f0e6e13
... ... 
@@ -436,6 +436,12 @@ func TestDriverCreate(t *testing.T) {
436 436 
 		return nil
437 437 
 	}
438 438
439 
+	sysUnmount = func(target string, flag int) error {
440 
+		//calls["sysUnmount"] = true
441 
+
442 
+		return nil
443 
+	}
444 
+
439 445 
 	Mounted = func(mnt string) (bool, error) {
440 446 
 		calls["Mounted"] = true
441 447 
 		if !strings.HasPrefix(mnt, "/tmp/docker-test-devmapper-") || !strings.HasSuffix(mnt, "/mnt/1") {
... ... 
@@ -494,7 +500,7 @@ func TestDriverCreate(t *testing.T) {
494 494 
 			"?ioctl.loopctlgetfree",
495 495 
 		)
496 496
497 
-		if err := d.Create("1", "", ""); err != nil {
497 
+		if err := d.Create("1", ""); err != nil {
498 498 
 			t.Fatal(err)
499 499 
 		}
500 500 
 		calls.Assert(t,
... ... 
@@ -542,7 +548,6 @@ func TestDriverRemove(t *testing.T) {
542 542 
 		return nil
543 543 
 	}
544 544 
 	sysUnmount = func(target string, flags int) (err error) {
545 
-		calls["sysUnmount"] = true
546 545 
 		// FIXME: compare the exact source and target strings (inodes + devname)
547 546 
 		if expectedTarget := "/tmp/docker-test-devmapper-"; !strings.HasPrefix(target, expectedTarget) {
548 547 
 			t.Fatalf("Wrong syscall call\nExpected: Mount(%v)\nReceived: Mount(%v)\n", expectedTarget, target)
... ... 
@@ -607,7 +612,7 @@ func TestDriverRemove(t *testing.T) {
607 607 
 			"?ioctl.loopctlgetfree",
608 608 
 		)
609 609
610 
-		if err := d.Create("1", "", ""); err != nil {
610 
+		if err := d.Create("1", ""); err != nil {
611 611 
 			t.Fatal(err)
612 612 
 		}
613 613
... ... 
@@ -657,21 +662,21 @@ func TestCleanup(t *testing.T) {
657 657
658 658 
 	mountPoints := make([]string, 2)
659 659
660 
-	if err := d.Create("1", "", ""); err != nil {
660 
+	if err := d.Create("1", ""); err != nil {
661 661 
 		t.Fatal(err)
662 662 
 	}
663 663 
 	// Mount the id
664 
-	p, err := d.Get("1")
664 
+	p, err := d.Get("1", "")
665 665 
 	if err != nil {
666 666 
 		t.Fatal(err)
667 667 
 	}
668 668 
 	mountPoints[0] = p
669 669
670 
-	if err := d.Create("2", "1", ""); err != nil {
670 
+	if err := d.Create("2", "1"); err != nil {
671 671 
 		t.Fatal(err)
672 672 
 	}
673 673
674 
-	p, err = d.Get("2")
674 
+	p, err = d.Get("2", "")
675 675 
 	if err != nil {
676 676 
 		t.Fatal(err)
677 677 
 	}
... ... 
@@ -720,7 +725,7 @@ func TestNotMounted(t *testing.T) {
720 720 
 	d := newDriver(t)
721 721 
 	defer cleanup(d)
722 722
723 
-	if err := d.Create("1", "", ""); err != nil {
723 
+	if err := d.Create("1", ""); err != nil {
724 724 
 		t.Fatal(err)
725 725 
 	}
726 726
... ... 
@@ -738,10 +743,10 @@ func TestMounted(t *testing.T) {
738 738 
 	d := newDriver(t)
739 739 
 	defer cleanup(d)
740 740
741 
-	if err := d.Create("1", "", ""); err != nil {
741 
+	if err := d.Create("1", ""); err != nil {
742 742 
 		t.Fatal(err)
743 743 
 	}
744 
-	if _, err := d.Get("1"); err != nil {
744 
+	if _, err := d.Get("1", ""); err != nil {
745 745 
 		t.Fatal(err)
746 746 
 	}
747 747
... ... 
@@ -758,10 +763,10 @@ func TestInitCleanedDriver(t *testing.T) {
758 758 
 	t.Skip("FIXME: not a unit test")
759 759 
 	d := newDriver(t)
760 760
761 
-	if err := d.Create("1", "", ""); err != nil {
761 
+	if err := d.Create("1", ""); err != nil {
762 762 
 		t.Fatal(err)
763 763 
 	}
764 
-	if _, err := d.Get("1"); err != nil {
764 
+	if _, err := d.Get("1", ""); err != nil {
765 765 
 		t.Fatal(err)
766 766 
 	}
767 767
... ... 
@@ -776,7 +781,7 @@ func TestInitCleanedDriver(t *testing.T) {
776 776 
 	d = driver.(*Driver)
777 777 
 	defer cleanup(d)
778 778
779 
-	if _, err := d.Get("1"); err != nil {
779 
+	if _, err := d.Get("1", ""); err != nil {
780 780 
 		t.Fatal(err)
781 781 
 	}
782 782 
 }
... ... 
@@ -786,16 +791,16 @@ func TestMountMountedDriver(t *testing.T) {
786 786 
 	d := newDriver(t)
787 787 
 	defer cleanup(d)
788 788
789 
-	if err := d.Create("1", "", ""); err != nil {
789 
+	if err := d.Create("1", ""); err != nil {
790 790 
 		t.Fatal(err)
791 791 
 	}
792 792
793 793 
 	// Perform get on same id to ensure that it will
794 794 
 	// not be mounted twice
795 
-	if _, err := d.Get("1"); err != nil {
795 
+	if _, err := d.Get("1", ""); err != nil {
796 796 
 		t.Fatal(err)
797 797 
 	}
798 
-	if _, err := d.Get("1"); err != nil {
798 
+	if _, err := d.Get("1", ""); err != nil {
799 799 
 		t.Fatal(err)
800 800 
 	}
801 801 
 }
... ... 
@@ -805,7 +810,7 @@ func TestGetReturnsValidDevice(t *testing.T) {
805 805 
 	d := newDriver(t)
806 806 
 	defer cleanup(d)
807 807
808 
-	if err := d.Create("1", "", ""); err != nil {
808 
+	if err := d.Create("1", ""); err != nil {
809 809 
 		t.Fatal(err)
810 810 
 	}
811 811
... ... 
@@ -813,7 +818,7 @@ func TestGetReturnsValidDevice(t *testing.T) {
813 813 
 		t.Fatalf("Expected id 1 to be in device set")
814 814 
 	}
815 815
816 
-	if _, err := d.Get("1"); err != nil {
816 
+	if _, err := d.Get("1", ""); err != nil {
817 817 
 		t.Fatal(err)
818 818 
 	}
819 819
... ... 
@@ -833,11 +838,11 @@ func TestDriverGetSize(t *testing.T) {
833 833 
 	d := newDriver(t)
834 834 
 	defer cleanup(d)
835 835
836 
-	if err := d.Create("1", "", ""); err != nil {
836 
+	if err := d.Create("1", ""); err != nil {
837 837 
 		t.Fatal(err)
838 838 
 	}
839 839
840 
-	mountPoint, err := d.Get("1")
840 
+	mountPoint, err := d.Get("1", "")
841 841 
 	if err != nil {
842 842 
 		t.Fatal(err)
843 843 
 	}
daemon/graphdriver/driver.go
History View file @ f0e6e13
... ... 
@@ -13,10 +13,10 @@ type InitFunc func(root string) (Driver, error)
13 13 
 type Driver interface {
14 14 
 	String() string
15 15
16 
-	Create(id, parent string, mountLabel string) error
16 
+	Create(id, parent string) error
17 17 
 	Remove(id string) error
18 18
19 
-	Get(id string) (dir string, err error)
19 
+	Get(id, mountLabel string) (dir string, err error)
20 20 
 	Put(id string)
21 21 
 	Exists(id string) bool
22 22
daemon/graphdriver/vfs/driver.go
History View file @ f0e6e13
... ... 
@@ -42,7 +42,7 @@ func copyDir(src, dst string) error {
42 42 
 	return nil
43 43 
 }
44 44
45 
-func (d *Driver) Create(id string, parent string, mountLabel string) error {
45 
+func (d *Driver) Create(id, parent string) error {
46 46 
 	dir := d.dir(id)
47 47 
 	if err := os.MkdirAll(path.Dir(dir), 0700); err != nil {
48 48 
 		return err
... ... 
@@ -53,7 +53,7 @@ func (d *Driver) Create(id string, parent string, mountLabel string) error {
53 53 
 	if parent == "" {
54 54 
 		return nil
55 55 
 	}
56 
-	parentDir, err := d.Get(parent)
56 
+	parentDir, err := d.Get(parent, "")
57 57 
 	if err != nil {
58 58 
 		return fmt.Errorf("%s: %s", parent, err)
59 59 
 	}
... ... 
@@ -74,7 +74,7 @@ func (d *Driver) Remove(id string) error {
74 74 
 	return os.RemoveAll(d.dir(id))
75 75 
 }
76 76
77 
-func (d *Driver) Get(id string) (string, error) {
77 
+func (d *Driver) Get(id, mountLabel string) (string, error) {
78 78 
 	dir := d.dir(id)
79 79 
 	if st, err := os.Stat(dir); err != nil {
80 80 
 		return "", err
daemon/volumes.go
History View file @ f0e6e13
... ... 
@@ -204,7 +204,7 @@ func createVolumes(container *Container) error {
204 204 
 			if err != nil {
205 205 
 				return err
206 206 
 			}
207 
-			srcPath, err = volumesDriver.Get(c.ID)
207 
+			srcPath, err = volumesDriver.Get(c.ID, "")
208 208 
 			if err != nil {
209 209 
 				return fmt.Errorf("Driver %s failed to get volume rootfs %s: %s", volumesDriver, c.ID, err)
210 210 
 			}
daemonconfig/config.go
History View file @ f0e6e13
... ... 
@@ -29,6 +29,7 @@ type Config struct {
29 29 
 	Mtu                         int
30 30 
 	DisableNetwork              bool
31 31 
 	EnableSelinuxSupport        bool
32 
+	Context                     map[string][]string
32 33 
 }
33 34
34 35 
 // ConfigFromJob creates and returns a new DaemonConfig object
... ... 
@@ -46,7 +47,7 @@ func ConfigFromJob(job *engine.Job) *Config {
46 46 
 		InterContainerCommunication: job.GetenvBool("InterContainerCommunication"),
47 47 
 		GraphDriver:                 job.Getenv("GraphDriver"),
48 48 
 		ExecDriver:                  job.Getenv("ExecDriver"),
49 
-		EnableSelinuxSupport:        false, // FIXME: hardcoded default to disable selinux for .10 release
49 
+		EnableSelinuxSupport:        job.GetenvBool("SelinuxEnabled"),
50 50 
 	}
51 51 
 	if dns := job.GetenvList("Dns"); dns != nil {
52 52 
 		config.Dns = dns
docker/docker.go
History View file @ f0e6e13
... ... 
@@ -64,6 +64,7 @@ func main() {
64 64 
 		flCa                 = flag.String([]string{"-tlscacert"}, dockerConfDir+defaultCaFile, "Trust only remotes providing a certificate signed by the CA given here")
65 65 
 		flCert               = flag.String([]string{"-tlscert"}, dockerConfDir+defaultCertFile, "Path to TLS certificate file")
66 66 
 		flKey                = flag.String([]string{"-tlskey"}, dockerConfDir+defaultKeyFile, "Path to TLS key file")
67 
+		flSelinuxEnabled     = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support")
67 68 
 	)
68 69 
 	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force docker to use specific DNS servers")
69 70 
 	flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
... ... 
@@ -148,6 +149,7 @@ func main() {
148 148 
 			job.Setenv("GraphDriver", *flGraphDriver)
149 149 
 			job.Setenv("ExecDriver", *flExecDriver)
150 150 
 			job.SetenvInt("Mtu", *flMtu)
151 
+			job.SetenvBool("SelinuxEnabled", *flSelinuxEnabled)
151 152 
 			if err := job.Run(); err != nil {
152 153 
 				log.Fatal(err)
153 154 
 			}
graph/graph.go
History View file @ f0e6e13
... ... 
@@ -98,7 +98,7 @@ func (graph *Graph) Get(name string) (*image.Image, error) {
98 98 
 	img.SetGraph(graph)
99 99
100 100 
 	if img.Size < 0 {
101 
-		rootfs, err := graph.driver.Get(img.ID)
101 
+		rootfs, err := graph.driver.Get(img.ID, "")
102 102 
 		if err != nil {
103 103 
 			return nil, fmt.Errorf("Driver %s failed to get image rootfs %s: %s", graph.driver, img.ID, err)
104 104 
 		}
... ... 
@@ -110,7 +110,7 @@ func (graph *Graph) Get(name string) (*image.Image, error) {
110 110 
 				return nil, err
111 111 
 			}
112 112 
 		} else {
113 
-			parentFs, err := graph.driver.Get(img.Parent)
113 
+			parentFs, err := graph.driver.Get(img.Parent, "")
114 114 
 			if err != nil {
115 115 
 				return nil, err
116 116 
 			}
... ... 
@@ -191,11 +191,11 @@ func (graph *Graph) Register(jsonData []byte, layerData archive.ArchiveReader, i
191 191 
 	}
192 192
193 193 
 	// Create root filesystem in the driver
194 
-	if err := graph.driver.Create(img.ID, img.Parent, ""); err != nil {
194 
+	if err := graph.driver.Create(img.ID, img.Parent); err != nil {
195 195 
 		return fmt.Errorf("Driver %s failed to create image rootfs %s: %s", graph.driver, img.ID, err)
196 196 
 	}
197 197 
 	// Mount the root filesystem so we can apply the diff/layer
198 
-	rootfs, err := graph.driver.Get(img.ID)
198 
+	rootfs, err := graph.driver.Get(img.ID, "")
199 199 
 	if err != nil {
200 200 
 		return fmt.Errorf("Driver %s failed to get image rootfs %s: %s", graph.driver, img.ID, err)
201 201 
 	}
image/image.go
History View file @ f0e6e13
... ... 
@@ -98,7 +98,7 @@ func StoreImage(img *Image, jsonData []byte, layerData archive.ArchiveReader, ro
98 98 
 					return err
99 99 
 				}
100 100 
 			} else {
101 
-				parent, err := driver.Get(img.Parent)
101 
+				parent, err := driver.Get(img.Parent, "")
102 102 
 				if err != nil {
103 103 
 					return err
104 104 
 				}
... ... 
@@ -159,7 +159,7 @@ func (img *Image) TarLayer() (arch archive.Archive, err error) {
159 159 
 		return differ.Diff(img.ID)
160 160 
 	}
161 161
162 
-	imgFs, err := driver.Get(img.ID)
162 
+	imgFs, err := driver.Get(img.ID, "")
163 163 
 	if err != nil {
164 164 
 		return nil, err
165 165 
 	}
... ... 
@@ -182,7 +182,7 @@ func (img *Image) TarLayer() (arch archive.Archive, err error) {
182 182 
 		}), nil
183 183 
 	}
184 184
185 
-	parentFs, err := driver.Get(img.Parent)
185 
+	parentFs, err := driver.Get(img.Parent, "")
186 186 
 	if err != nil {
187 187 
 		return nil, err
188 188 
 	}
integration/graph_test.go
History View file @ f0e6e13
... ... 
@@ -43,7 +43,7 @@ func TestMount(t *testing.T) {
43 43 
 		t.Fatal(err)
44 44 
 	}
45 45
46 
-	if _, err := driver.Get(image.ID); err != nil {
46 
+	if _, err := driver.Get(image.ID, ""); err != nil {
47 47 
 		t.Fatal(err)
48 48 
 	}
49 49 
 }
integration/runtime_test.go
History View file @ f0e6e13
... ... 
@@ -874,12 +874,12 @@ func TestDestroyWithInitLayer(t *testing.T) {
874 874 
 	driver := daemon.Graph().Driver()
875 875
876 876 
 	// Make sure that the container does not exist in the driver
877 
-	if _, err := driver.Get(container.ID); err == nil {
877 
+	if _, err := driver.Get(container.ID, ""); err == nil {
878 878 
 		t.Fatal("Conttainer should not exist in the driver")
879 879 
 	}
880 880
881 881 
 	// Make sure that the init layer is removed from the driver
882 
-	if _, err := driver.Get(fmt.Sprintf("%s-init", container.ID)); err == nil {
882 
+	if _, err := driver.Get(fmt.Sprintf("%s-init", container.ID), ""); err == nil {
883 883 
 		t.Fatal("Container's init layer should not exist in the driver")
884 884 
 	}
885 885 
 }
pkg/label/label_selinux.go
History View file @ f0e6e13
... ... 
@@ -32,13 +32,13 @@ func GenLabels(options string) (string, string, error) {
32 32 
 	return processLabel, mountLabel, err
33 33 
 }
34 34
35 
-func FormatMountLabel(src string, mountLabel string) string {
36 
-	if selinux.SelinuxEnabled() && mountLabel != "" {
35 
+func FormatMountLabel(src, mountLabel string) string {
36 
+	if mountLabel != "" {
37 37 
 		switch src {
38 38 
 		case "":
39 
-			src = fmt.Sprintf("%s,context=%s", src, mountLabel)
39 
+			src = fmt.Sprintf("context=%q", mountLabel)
40 40 
 		default:
41 
-			src = fmt.Sprintf("context=%s", mountLabel)
41 
+			src = fmt.Sprintf("%s,context=%q", src, mountLabel)
42 42 
 		}
43 43 
 	}
44 44 
 	return src
pkg/libcontainer/nsinit/init.go
History View file @ f0e6e13
... ... 
@@ -75,8 +75,9 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
75 75 
 		}
76 76 
 	}
77 77 
 	runtime.LockOSThread()
78 
+
78 79 
 	if err := label.SetProcessLabel(container.Context["process_label"]); err != nil {
79 
-		return fmt.Errorf("SetProcessLabel label %s", err)
80 
+		return fmt.Errorf("set process label %s", err)
80 81 
 	}
81 82 
 	ns.logger.Printf("execing %s\n", args[0])
82 83 
 	return system.Execv(args[0], args[0:], container.Env)