2 files changed, 16 insertions, 0 deletions

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index e5e871d6f..c88794212 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -926,6 +926,9 @@ func (c *Container) makeBindMounts() error {
 	if err != nil {
 		return errors.Wrapf(err, "error creating resolv.conf for container %s", c.ID())
 	}
+	if err = label.Relabel(newResolv, c.config.MountLabel, false); err != nil {
+		return errors.Wrapf(err, "error relabeling %q for container %q", newResolv, c.ID)
+	}
 	c.state.BindMounts["/etc/resolv.conf"] = newResolv
 
 	// Make /etc/hosts
@@ -937,6 +940,9 @@ func (c *Container) makeBindMounts() error {
 	if err != nil {
 		return errors.Wrapf(err, "error creating hosts file for container %s", c.ID())
 	}
+	if err = label.Relabel(newHosts, c.config.MountLabel, false); err != nil {
+		return errors.Wrapf(err, "error relabeling %q for container %q", newHosts, c.ID)
+	}
 	c.state.BindMounts["/etc/hosts"] = newHosts
 
 	// Make /etc/hostname
@@ -946,6 +952,9 @@ func (c *Container) makeBindMounts() error {
 		if err != nil {
 			return errors.Wrapf(err, "error creating hostname file for container %s", c.ID())
 		}
+		if err = label.Relabel(hostnamePath, c.config.MountLabel, false); err != nil {
+			return errors.Wrapf(err, "error relabeling %q for container %q", hostnamePath, c.ID)
+		}
 		c.state.BindMounts["/etc/hostname"] = hostnamePath
 	}
 
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index b77beaf64..553a612b3 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -283,6 +283,13 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 	mounts := sortMounts(g.Mounts())
 	g.ClearMounts()
 	for _, m := range mounts {
+		switch m.Type {
+		case "tmpfs", "devpts":
+			o := label.FormatMountLabel("", c.config.MountLabel)
+			if o != "" {
+				m.Options = append(m.Options, o)
+			}
+		}
 		g.AddMount(m)
 	}
 	return g.Config, nil