Add new field to libpod to indicate whether or not to use labelling

Also update some missing fields libpod.conf obtions in man pages.

Fix sort order of security options and add a note about disabling
labeling.

When a process requests a new label.  libpod needs to reserve all
labels to make sure that their are no conflicts.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1406
Approved by: mheon

1 files changed, 7 insertions, 5 deletions

diff --git a/libpod/options.go b/libpod/options.go
index 1a29c0705..977f3f4c2 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -373,15 +373,17 @@ func WithPrivileged(privileged bool) CtrCreateOption {
 	}
 }
 
-// WithSELinuxLabels sets the mount label for SELinux.
-func WithSELinuxLabels(processLabel, mountLabel string) CtrCreateOption {
+// WithSecLabels sets the labels for SELinux.
+func WithSecLabels(labelOpts []string) CtrCreateOption {
 	return func(ctr *Container) error {
 		if ctr.valid {
 			return ErrCtrFinalized
 		}
-
-		ctr.config.ProcessLabel = processLabel
-		ctr.config.MountLabel = mountLabel
+		var err error
+		ctr.config.ProcessLabel, ctr.config.MountLabel, err = ctr.runtime.initLabels(labelOpts)
+		if err != nil {
+			return errors.Wrapf(err, "failed to init labels")
+		}
 		return nil
 	}
 }