Merge pull request #1639 from vcaputo/docker-disable-selinux-on-btrfs

app-emulation/docker: disable SELinux when using btrfs

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service

@@ -9,7 +9,7 @@ EnvironmentFile=-/run/flannel_docker_opts.env
 MountFlags=slave
 LimitNOFILE=1048576
 LimitNPROC=1048576
-ExecStart=/usr/lib/coreos/dockerd daemon --selinux-enabled --host=fd:// $DOCKER_OPTS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
+ExecStart=/usr/lib/coreos/dockerd daemon --host=fd:// $DOCKER_OPTS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
 
 [Install]
 WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd

@@ -55,6 +55,17 @@ select_docker_driver() {
     esac
 }
 
+maybe_disable_selinux() {
+    case "${DOCKER_DRIVER}" in
+        btrfs)
+            USE_SELINUX=""
+            ;;
+        *)
+            # Leave enabled for everything else.
+            ;;
+    esac
+}
+
 ARG_ROOT="/var/lib/docker"
 ARG_DRIVER=""
 parse_docker_args "$@"
@@ -64,4 +75,8 @@ if [[ -z "${ARG_DRIVER}" && -z "${DOCKER_DRIVER}" ]]; then
     select_docker_driver
 fi
 
-exec docker "$@"
+# Enable selinux except when known to be unsupported (btrfs).
+USE_SELINUX="--selinux-enabled"
+maybe_disable_selinux
+
+exec docker "$@" "${USE_SELINUX}"