2 files changed, 14 insertions, 2 deletions

diff --git a/libpod/container.go b/libpod/container.go
index 9f9d4ef3e..7c2f921f3 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -95,6 +95,7 @@ type containerConfig struct {
 	// Information on the image used for the root filesystem
 	RootfsImageID   string `json:"rootfsImageID,omitempty"`
 	RootfsImageName string `json:"rootfsImageName,omitempty"`
+	MountLabel      string `json:"MountLabel,omitempty"`
 	UseImageConfig  bool   `json:"useImageConfig"`
 	// Whether to keep container STDIN open
 	Stdin bool
@@ -223,8 +224,7 @@ func (c *Container) setupImageRootfs() error {
 		return errors.Wrapf(ErrInvalidArg, "must provide image ID and image name to use an image")
 	}
 
-	// TODO SELinux mount label
-	containerInfo, err := c.runtime.storageService.CreateContainerStorage(c.runtime.imageContext, c.config.RootfsImageName, c.config.RootfsImageID, c.config.Name, c.config.ID, "")
+	containerInfo, err := c.runtime.storageService.CreateContainerStorage(c.runtime.imageContext, c.config.RootfsImageName, c.config.RootfsImageID, c.config.Name, c.config.ID, c.config.MountLabel)
 	if err != nil {
 		return errors.Wrapf(err, "error creating container storage")
 	}
diff --git a/libpod/options.go b/libpod/options.go
index 982655fc0..10cb605c2 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -255,6 +255,18 @@ func WithRootFSFromPath(path string) CtrCreateOption {
 	}
 }
 
+// WithSELinuxMountLabel sets the mount label for SELinux
+func WithSELinuxMountLabel(mountLabel string) CtrCreateOption {
+	return func(ctr *Container) error {
+		if ctr.valid {
+			return ErrCtrFinalized
+		}
+
+		ctr.config.MountLabel = mountLabel
+		return nil
+	}
+}
+
 // WithRootFSFromImage sets up a fresh root filesystem using the given image
 // If useImageConfig is specified, image volumes, environment variables, and
 // other configuration from the image will be added to the config