From b11af7b2f686fe3724d0cfce260000a3d2b8fbc1 Mon Sep 17 00:00:00 2001
From: Antonio Murdaca <runcom@redhat.com>
Date: Tue, 11 Apr 2017 17:43:23 +0200
Subject: [PATCH] daemon: relabel secrets path

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
---
 daemon/container_operations_unix.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
index 67b3ee38c0..17d5a061dd 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
@@ -214,6 +214,8 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		}
 	}
 
+	label.Relabel(localMountPath, c.MountLabel, false)
+
 	// remount secrets ro
 	if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "remount,ro,"+tmpfsOwnership); err != nil {
 		return errors.Wrap(err, "unable to remount secret dir as readonly")