evaluate symlinks before relabeling mount source

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

Author: runcom

daemon/volumes.go

@@ -11,7 +11,6 @@ import (
 	"github.com/docker/docker/volume"
 	"github.com/docker/engine-api/types"
 	containertypes "github.com/docker/engine-api/types/container"
-	"github.com/opencontainers/runc/libcontainer/label"
 )
 
 var (
@@ -149,11 +148,6 @@ func (daemon *Daemon) registerMountPoints(container *container.Container, hostCo
 			if bind.Driver == "local" {
 				bind = setBindModeIfNull(bind)
 			}
-			if label.RelabelNeeded(bind.Mode) {
-				if err := label.Relabel(bind.Source, container.MountLabel, label.IsShared(bind.Mode)); err != nil {
-					return err
-				}
-			}
 		}
 
 		binds[bind.Destination] = true

volume/volume.go

@@ -3,6 +3,7 @@ package volume
 import (
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"
 	"syscall"
 
@@ -110,7 +111,17 @@ func (m *MountPoint) Setup(mountLabel string) (path string, err error) {
 	defer func() {
 		if err == nil {
 			if label.RelabelNeeded(m.Mode) {
-				if err = label.Relabel(m.Source, mountLabel, label.IsShared(m.Mode)); err != nil {
+				sourcePath, err := filepath.EvalSymlinks(m.Source)
+				if err != nil {
+					path = ""
+					err = fmt.Errorf("error evaluating symlink from mount source '%s': %v", m.Source, err)
+					return
+				}
+				err = label.Relabel(sourcePath, mountLabel, label.IsShared(m.Mode))
+				if err == syscall.ENOTSUP {
+					err = nil
+				}
+				if err != nil {
 					path = ""
 					err = fmt.Errorf("error setting label on mount source '%s': %v", m.Source, err)
 					return