From f844fa64e6bbc9b638ba5c37916b49b04e5d1959 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 15 Feb 2016 14:52:10 -0500
Subject: [PATCH] /dev/mqueue should never be mounted readonly

If user specifies --read-only flag it should not effect /dev/mqueue.
This is causing SELinux issues in docker-1.10.  --read-only blows up
on SELinux enabled machines.  Mounting /dev/mqueue read/only would also
blow up any tool that was going to use /dev/mqueue.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
(cherry picked from commit adb2e3fedc76fbaecce0d75a29aa0d419be5c4c2)
---
 daemon/execdriver/native/create.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemon/execdriver/native/create.go b/daemon/execdriver/native/create.go
index 4cc14532fd..e3f56d997a 100644
--- a/daemon/execdriver/native/create.go
+++ b/daemon/execdriver/native/create.go
@@ -103,7 +103,7 @@ func (d *Driver) createContainer(c *execdriver.Command, hooks execdriver.Hooks)
 	if container.Readonlyfs {
 		for i := range container.Mounts {
 			switch container.Mounts[i].Destination {
-			case "/proc", "/dev", "/dev/pts":
+			case "/proc", "/dev", "/dev/pts", "/dev/mqueue":
 				continue
 			}
 			container.Mounts[i].Flags |= syscall.MS_RDONLY