Merge pull request #1721 from vcaputo/prevent-disabling-selinux

app-emulation/docker: don't clobber --selinux-enabled

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd

@@ -24,6 +24,10 @@ parse_docker_args() {
                 ARG_DRIVER="$1"
                 shift
                 ;;
+            --selinux-enabled)
+                ARG_SELINUX="$1"
+                shift
+                ;;
             *)
                 # ignore everything else
                 ;;
@@ -55,13 +59,15 @@ select_docker_driver() {
     esac
 }
 
-maybe_disable_selinux() {
+# Enable selinux except when known to be unsupported (btrfs).
+maybe_enable_selinux() {
     case "${DOCKER_DRIVER}" in
         btrfs)
             USE_SELINUX=""
             ;;
         *)
-            # Leave enabled for everything else.
+            # Enable for everything else.
+            USE_SELINUX="--selinux-enabled"
             ;;
     esac
 }
@@ -75,8 +81,10 @@ if [[ -z "${ARG_DRIVER}" && -z "${DOCKER_DRIVER}" ]]; then
     select_docker_driver
 fi
 
-# Enable selinux except when known to be unsupported (btrfs).
+USE_SELINUX=""
-USE_SELINUX="--selinux-enabled"
+# Do not override selinux if it is already explicitly configured.
-maybe_disable_selinux
+if [[ -z "${ARG_SELINUX}" ]]; then
+        maybe_enable_selinux
+fi
 
 exec docker "$@" ${USE_SELINUX}