Update lxc to use opts for selinux labels

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

runtime/execdriver/lxc/driver.go

@@ -3,6 +3,7 @@ package lxc
 import (
 	"fmt"
 	"github.com/dotcloud/docker/pkg/cgroups"
+	"github.com/dotcloud/docker/pkg/label"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
@@ -378,19 +379,34 @@ func rootIsShared() bool {
 }
 
 func (d *driver) generateLXCConfig(c *execdriver.Command) (string, error) {
-	root := path.Join(d.root, "containers", c.ID, "config.lxc")
+	var (
+		process, mount string
+		root           = path.Join(d.root, "containers", c.ID, "config.lxc")
+		labels         = c.Config["label"]
+	)
 	fo, err := os.Create(root)
 	if err != nil {
 		return "", err
 	}
 	defer fo.Close()
 
+	if len(labels) > 0 {
+		process, mount, err = label.GenLabels(labels[0])
+		if err != nil {
+			return "", err
+		}
+	}
+
 	if err := LxcTemplateCompiled.Execute(fo, struct {
 		*execdriver.Command
-		AppArmor bool
+		AppArmor     bool
+		ProcessLabel string
+		MountLabel   string
 	}{
-		Command:  c,
-		AppArmor: d.apparmor,
+		Command:      c,
+		AppArmor:     d.apparmor,
+		ProcessLabel: process,
+		MountLabel:   mount,
 	}); err != nil {
 		return "", err
 	}

runtime/execdriver/lxc/lxc_template.go

@@ -30,9 +30,9 @@ lxc.pts = 1024
 
 # disable the main console
 lxc.console = none
-{{if getProcessLabel .Config}}
-lxc.se_context = {{ getProcessLabel .Config}}
-{{$MOUNTLABEL := getMountLabel .Config}}
+{{if .ProcessLabel}}
+lxc.se_context = {{ .ProcessLabel}}
+{{$MOUNTLABEL := .MountLabel}}
 {{end}}
 
 # no controlling tty at all
@@ -159,8 +159,8 @@ func getLabel(c map[string][]string, name string) string {
 	label := c["label"]
 	for _, l := range label {
 		parts := strings.SplitN(l, "=", 2)
-		if parts[0] == name {
-			return parts[1]
+		if strings.TrimSpace(parts[0]) == name {
+			return strings.TrimSpace(parts[1])
 		}
 	}
 	return ""