Merge pull request #7660 from rhatdan/selinux-volumes

Change default label of container volumes to shared SELinux Label

daemon/graphdriver/vfs/driver.go

@@ -3,10 +3,12 @@ package vfs
 import (
 	"bytes"
 	"fmt"
-	"github.com/docker/docker/daemon/graphdriver"
 	"os"
 	"os/exec"
 	"path"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/libcontainer/label"
 )
 
 func init() {
@@ -67,6 +69,10 @@ func (d *Driver) Create(id, parent string) error {
 	if err := os.Mkdir(dir, 0755); err != nil {
 		return err
 	}
+	opts := []string{"level:s0"}
+	if _, mountLabel, err := label.InitLabels(opts); err == nil {
+		label.Relabel(dir, mountLabel, "")
+	}
 	if parent == "" {
 		return nil
 	}