diff --git a/pkg/label/label.go b/pkg/label/label.go
index ba1e9f48ea..be0d0ae079 100644
--- a/pkg/label/label.go
+++ b/pkg/label/label.go
@@ -21,3 +21,6 @@ func SetFileLabel(path string, fileLabel string) error {
 func GetPidCon(pid int) (string, error) {
 	return "", nil
 }
+
+func Init() {
+}
diff --git a/pkg/label/label_selinux.go b/pkg/label/label_selinux.go
index 300a8b6d14..64a1720996 100644
--- a/pkg/label/label_selinux.go
+++ b/pkg/label/label_selinux.go
@@ -67,3 +67,7 @@ func SetFileLabel(path string, fileLabel string) error {
 func GetPidCon(pid int) (string, error) {
 	return selinux.Getpidcon(pid)
 }
+
+func Init() {
+	selinux.SelinuxEnabled()
+}
diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index c7c2addb18..b6c02eafd5 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -57,6 +57,8 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	if err := setupNetwork(container, context); err != nil {
 		return fmt.Errorf("setup networking %s", err)
 	}
+
+	label.Init()
 	ns.logger.Println("setup mount namespace")
 	if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot, container.Context["mount_label"]); err != nil {
 		return fmt.Errorf("setup mount namespace %s", err)
diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go
index 5236d3fb87..6453f37ea9 100644
--- a/pkg/selinux/selinux.go
+++ b/pkg/selinux/selinux.go
@@ -313,12 +313,9 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 		return "", ""
 	}
 	lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot())
-	fileLabel = "system_u:object_r:svirt_sandbox_file_t:s0"
-	processLabel = "system_u:system_r:svirt_lxc_net_t:s0"
-
 	in, err := os.Open(lxcPath)
 	if err != nil {
-		goto exit
+		return "", ""
 	}
 	defer in.Close()
 
@@ -352,6 +349,11 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 			}
 		}
 	}
+
+	if processLabel == "" || fileLabel == "" {
+		return "", ""
+	}
+
 exit:
 	mcs := IntToMcs(os.Getpid(), 1024)
 	scon := NewContext(processLabel)