From 4a87beb6614c69e46fae40fce13cc34537f658cd Mon Sep 17 00:00:00 2001
From: Bryan Boreham <bjboreham@gmail.com>
Date: Fri, 29 Apr 2016 12:59:58 +0100
Subject: [PATCH] Use '=' instead of ':' separator on labels, which is now
 deprecated by Docker

Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
---
 libcontainer/label/label_selinux_test.go | 25 ++++++++++++------------
 libcontainer/selinux/selinux.go          | 10 +++++-----
 2 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/libcontainer/label/label_selinux_test.go b/libcontainer/label/label_selinux_test.go
index adafc2cc..8593105e 100644
--- a/libcontainer/label/label_selinux_test.go
+++ b/libcontainer/label/label_selinux_test.go
@@ -51,39 +51,40 @@ func TestDuplicateLabel(t *testing.T) {
 	secopt := DupSecOpt("system_u:system_r:svirt_lxc_net_t:s0:c1,c2")
 	t.Log(secopt)
 	for _, opt := range secopt {
-		con := strings.SplitN(opt, ":", 3)
-		if len(con) != 3 || con[0] != "label" {
+		parts := strings.SplitN(opt, "=", 2)
+		if len(parts) != 2 || parts[0] != "label" {
 			t.Errorf("Invalid DupSecOpt return value")
 			continue
 		}
-		if con[1] == "user" {
-			if con[2] != "system_u" {
+		con := strings.SplitN(parts[1], ":", 2)
+		if con[0] == "user" {
+			if con[1] != "system_u" {
 				t.Errorf("DupSecOpt Failed user incorrect")
 			}
 			continue
 		}
-		if con[1] == "role" {
-			if con[2] != "system_r" {
+		if con[0] == "role" {
+			if con[1] != "system_r" {
 				t.Errorf("DupSecOpt Failed role incorrect")
 			}
 			continue
 		}
-		if con[1] == "type" {
-			if con[2] != "svirt_lxc_net_t" {
+		if con[0] == "type" {
+			if con[1] != "svirt_lxc_net_t" {
 				t.Errorf("DupSecOpt Failed type incorrect")
 			}
 			continue
 		}
-		if con[1] == "level" {
-			if con[2] != "s0:c1,c2" {
+		if con[0] == "level" {
+			if con[1] != "s0:c1,c2" {
 				t.Errorf("DupSecOpt Failed level incorrect")
 			}
 			continue
 		}
-		t.Errorf("DupSecOpt Failed invalid field %q", con[1])
+		t.Errorf("DupSecOpt Failed invalid field %q", con[0])
 	}
 	secopt = DisableSecOpt()
-	if secopt[0] != "label:disable" {
+	if secopt[0] != "label=disable" {
 		t.Errorf("DisableSecOpt Failed level incorrect")
 	}
 }
diff --git a/libcontainer/selinux/selinux.go b/libcontainer/selinux/selinux.go
index a6cf7f20..2a18e2ad 100644
--- a/libcontainer/selinux/selinux.go
+++ b/libcontainer/selinux/selinux.go
@@ -486,14 +486,14 @@ func DupSecOpt(src string) []string {
 		con["level"] == "" {
 		return nil
 	}
-	return []string{"label:user:" + con["user"],
-		"label:role:" + con["role"],
-		"label:type:" + con["type"],
-		"label:level:" + con["level"]}
+	return []string{"label=user:" + con["user"],
+		"label=role:" + con["role"],
+		"label=type:" + con["type"],
+		"label=level:" + con["level"]}
 }
 
 // DisableSecOpt returns a security opt that can be used to disabling SELinux
 // labeling support for future container processes
 func DisableSecOpt() []string {
-	return []string{"label:disable"}
+	return []string{"label=disable"}
 }