From b4dcb755039a35d0f02b0b29927d69c04afc7382 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Sun, 27 Sep 2015 06:52:24 -0400
Subject: [PATCH 1/2] /proc and /sys do not support labeling

This is causing docker to crash when --selinux-enforcing mode is set.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
 libcontainer/rootfs_linux.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
index 3e3a7d2e..f13c9fba 100644
--- a/libcontainer/rootfs_linux.go
+++ b/libcontainer/rootfs_linux.go
@@ -106,7 +106,8 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
 		if err := os.MkdirAll(dest, 0755); err != nil {
 			return err
 		}
-		return mountPropagate(m, rootfs, mountLabel)
+		// Selinux kernels do not support labeling of /proc or /sys
+		return mountPropagate(m, rootfs, "")
 	case "mqueue":
 		if err := os.MkdirAll(dest, 0755); err != nil {
 			return err

From cab342f0de2818564a84358d54fc599f2c45c44f Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 28 Sep 2015 11:02:37 -0400
Subject: [PATCH 2/2] Check for failure on /dev/mqueue and try again without
 labeling

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
 libcontainer/rootfs_linux.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
index f13c9fba..b801fafc 100644
--- a/libcontainer/rootfs_linux.go
+++ b/libcontainer/rootfs_linux.go
@@ -113,7 +113,10 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
 			return err
 		}
 		if err := mountPropagate(m, rootfs, mountLabel); err != nil {
-			return err
+			// older kernels do not support labeling of /dev/mqueue
+			if err := mountPropagate(m, rootfs, ""); err != nil {
+				return err
+			}
 		}
 		return label.SetFileLabel(dest, mountLabel)
 	case "tmpfs":