From f5d6269371c123179c44f7fa983d158bac68efe0 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 20 Aug 2014 16:43:15 -0400
Subject: [PATCH] Allow docker to free container labels when containers are
 removed.

Currently we do not remove reservations on MCS labels when a container
is removed.  Not a big problem, since on reboot it would be freed.
But we should be cleaning this up.  Currently we support ~500,000
labels.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
---
 label/label.go         | 4 ++++
 label/label_selinux.go | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/label/label.go b/label/label.go
index 73869b36..ce60296e 100644
--- a/label/label.go
+++ b/label/label.go
@@ -39,3 +39,7 @@ func Init() {
 func ReserveLabel(label string) error {
 	return nil
 }
+
+func UnreserveLabel(label string) error {
+	return nil
+}
diff --git a/label/label_selinux.go b/label/label_selinux.go
index 5b1380a2..0a9a8205 100644
--- a/label/label_selinux.go
+++ b/label/label_selinux.go
@@ -128,3 +128,11 @@ func ReserveLabel(label string) error {
 	selinux.ReserveLabel(label)
 	return nil
 }
+
+// UnreserveLabel will remove the reservation of the MCS label.
+// This will allow InitLabels to use the MCS label in a newly created
+// containers
+func UnreserveLabel(label string) error {
+	selinux.FreeLxcContexts(label)
+	return nil
+}