From 876e1aba79ab04684a1f5647305d5c7547f26674 Mon Sep 17 00:00:00 2001
From: Amin Shayan <amin@shayan.net>
Date: Sat, 19 Dec 2015 14:23:26 +0330
Subject: [PATCH] app-emulation/docker: don't clobber --selinux-enabled

exec docker "$@" ${USE_SELINUX} will override DOCKER_OPTS if it contains
--selinux-enabled=false, and puts double --selinux-enabled in args which
is confusing too.

docker daemon --host=fd:// --selinux-enabled=false --selinux-enabled
---
 ...-1.9.1-r2.ebuild => docker-1.9.1-r3.ebuild} |  0
 .../app-emulation/docker/files/dockerd         | 18 +++++++++++++-----
 2 files changed, 13 insertions(+), 5 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-1.9.1-r2.ebuild => docker-1.9.1-r3.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.9.1-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.9.1-r3.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.9.1-r2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.9.1-r3.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd
index ac33563f8f..4b4f58767f 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd
@@ -24,6 +24,10 @@ parse_docker_args() {
                 ARG_DRIVER="$1"
                 shift
                 ;;
+            --selinux-enabled)
+                ARG_SELINUX="$1"
+                shift
+                ;;
             *)
                 # ignore everything else
                 ;;
@@ -55,13 +59,15 @@ select_docker_driver() {
     esac
 }
 
-maybe_disable_selinux() {
+# Enable selinux except when known to be unsupported (btrfs).
+maybe_enable_selinux() {
     case "${DOCKER_DRIVER}" in
         btrfs)
             USE_SELINUX=""
             ;;
         *)
-            # Leave enabled for everything else.
+            # Enable for everything else.
+            USE_SELINUX="--selinux-enabled"
             ;;
     esac
 }
@@ -75,8 +81,10 @@ if [[ -z "${ARG_DRIVER}" && -z "${DOCKER_DRIVER}" ]]; then
     select_docker_driver
 fi
 
-# Enable selinux except when known to be unsupported (btrfs).
-USE_SELINUX="--selinux-enabled"
-maybe_disable_selinux
+USE_SELINUX=""
+# Do not override selinux if it is already explicitly configured.
+if [[ -z "${ARG_SELINUX}" ]]; then
+        maybe_enable_selinux
+fi
 
 exec docker "$@" ${USE_SELINUX}