From 32ad78b0430079dcc53c245826a244afa2d9b6b6 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 1 Apr 2014 09:24:24 -0400
Subject: [PATCH] Remove hard coding of SELinux labels on systems without
 proper selinux policy.

If a system is configured for SELinux but does not know about docker or
containers, then we want the transitions of the policy to work.  Hard coding
the labels causes docker to break on older Fedora and RHEL systems

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
---
 pkg/selinux/selinux.go | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go
index 5236d3fb87..5362308617 100644
--- a/pkg/selinux/selinux.go
+++ b/pkg/selinux/selinux.go
@@ -312,13 +312,10 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 	if !SelinuxEnabled() {
 		return "", ""
 	}
-	lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot())
-	fileLabel = "system_u:object_r:svirt_sandbox_file_t:s0"
-	processLabel = "system_u:system_r:svirt_lxc_net_t:s0"
-
+	lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", GetSELinuxPolicyRoot())
 	in, err := os.Open(lxcPath)
 	if err != nil {
-		goto exit
+		return "", ""
 	}
 	defer in.Close()
 
@@ -352,6 +349,11 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 			}
 		}
 	}
+
+	if processLabel == "" || fileLabel == "" {
+		return "", ""
+	}
+
 exit:
 	mcs := IntToMcs(os.Getpid(), 1024)
 	scon := NewContext(processLabel)