From c94bf6b7c940c0aa4bf8ee05e8efabcb7c4f0b0c Mon Sep 17 00:00:00 2001
From: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Date: Tue, 3 Nov 2015 23:40:24 +0900
Subject: [PATCH] Apply SELinux label to allocate directory of docker driver

---
 client/driver/docker.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/client/driver/docker.go b/client/driver/docker.go
index bbd52a9d8a2..d5031d5d97a 100644
--- a/client/driver/docker.go
+++ b/client/driver/docker.go
@@ -108,8 +108,10 @@ func (d *DockerDriver) containerBinds(alloc *allocdir.AllocDir, task *structs.Ta
 	}
 
 	return []string{
-		fmt.Sprintf("%s:%s", shared, allocdir.SharedAllocName),
-		fmt.Sprintf("%s:%s", local, allocdir.TaskLocal),
+		// "z" and "Z" option is to allocate directory with SELinux label.
+		fmt.Sprintf("%s:/%s:rw,z", shared, allocdir.SharedAllocName),
+		// capital "Z" will label with Multi-Category Security (MCS) labels
+		fmt.Sprintf("%s:/%s:rw,Z", local, allocdir.TaskLocal),
 	}, nil
 }