Add more label checks for selinux enabled

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

label/label_selinux.go

@@ -9,30 +9,31 @@ import (
 )
 
 func GenLabels(options string) (string, string, error) {
-	processLabel, mountLabel := selinux.GetLxcContexts()
+	if !selinux.SelinuxEnabled() {
-	if processLabel == "" { // SELinux is disabled
 		return "", "", nil
 	}
-
+	var err error
-	var (
+	processLabel, mountLabel := selinux.GetLxcContexts()
-		err error
+	if processLabel != "" {
-		s   = strings.Fields(options)
+		var (
-		l   = len(s)
+			s = strings.Fields(options)
-	)
+			l = len(s)
-	if l > 0 {
+		)
-		pcon := selinux.NewContext(processLabel)
+		if l > 0 {
-		for i := 0; i < l; i++ {
+			pcon := selinux.NewContext(processLabel)
-			o := strings.Split(s[i], "=")
+			for i := 0; i < l; i++ {
-			pcon[o[0]] = o[1]
+				o := strings.Split(s[i], "=")
+				pcon[o[0]] = o[1]
+			}
+			processLabel = pcon.Get()
+			mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
 		}
-		processLabel = pcon.Get()
-		mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
 	}
 	return processLabel, mountLabel, err
 }
 
 func FormatMountLabel(src string, mountLabel string) string {
-	if mountLabel != "" {
+	if selinux.SelinuxEnabled() && mountLabel != "" {
 		switch src {
 		case "":
 			src = fmt.Sprintf("%s,context=%s", src, mountLabel)
@@ -65,6 +66,9 @@ func SetFileLabel(path string, fileLabel string) error {
 }
 
 func GetPidCon(pid int) (string, error) {
+	if !selinux.SelinuxEnabled() {
+		return "", nil
+	}
 	return selinux.Getpidcon(pid)
 }