From f091e2ec82fe660e840b0ec9e801a730b0ac7446 Mon Sep 17 00:00:00 2001
From: Diptanu Choudhury <diptanuc@gmail.com>
Date: Wed, 15 Jun 2016 02:33:09 +0200
Subject: [PATCH] Added a client options for setting selinux options

---
 client/driver/docker.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/client/driver/docker.go b/client/driver/docker.go
index 1bdae1cb1..b6145ae57 100644
--- a/client/driver/docker.go
+++ b/client/driver/docker.go
@@ -316,11 +316,16 @@ func (d *DockerDriver) containerBinds(alloc *allocdir.AllocDir, task *structs.Ta
 		return nil, fmt.Errorf("Failed to find task local directory: %v", task.Name)
 	}
 
+	allocDirBind := fmt.Sprintf("%s:/%s", shared, allocdir.SharedAllocName)
+	taskLocalBind := fmt.Sprintf("%s:/%s", local, allocdir.TaskLocal)
+
+	if selinuxLabel := d.config.Read("docker.volumes.selinuxlabel"); selinuxLabel != "" {
+		allocDirBind = fmt.Sprintf("%s:%s", allocDirBind, selinuxLabel)
+		taskLocalBind = fmt.Sprintf("%s:%s", taskLocalBind, selinuxLabel)
+	}
 	return []string{
-		// "z" and "Z" option is to allocate directory with SELinux label.
-		fmt.Sprintf("%s:/%s:rw,z", shared, allocdir.SharedAllocName),
-		// capital "Z" will label with Multi-Category Security (MCS) labels
-		fmt.Sprintf("%s:/%s:rw,Z", local, allocdir.TaskLocal),
+		allocDirBind,
+		taskLocalBind,
 	}, nil
 }