diff --git a/.papr.sh b/.papr.sh
index 2695a9b43..c7f410e65 100755
--- a/.papr.sh
+++ b/.papr.sh
@@ -23,6 +23,7 @@ dnf install -y \
   libselinux-devel \
   libselinux-utils \
   make \
+  openssl \
   ostree-devel \
   which
 
diff --git a/run.go b/run.go
index c8ef2a183..e7a8a7ad1 100644
--- a/run.go
+++ b/run.go
@@ -12,6 +12,7 @@ import (
 	digest "github.com/opencontainers/go-digest"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/crypto/ssh/terminal"
@@ -134,6 +135,9 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, optionMounts
 			if err = os.MkdirAll(volumePath, 0755); err != nil {
 				return errors.Wrapf(err, "error creating directory %q for volume %q in container %q", volumePath, volume, b.ContainerID)
 			}
+			if err = label.Relabel(volumePath, b.MountLabel, false); err != nil {
+				return errors.Wrapf(err, "error relabeling directory %q for volume %q in container %q", volumePath, volume, b.ContainerID)
+			}
 			srcPath := filepath.Join(mountPoint, volume)
 			if err = copyFileWithTar(srcPath, volumePath); err != nil && !os.IsNotExist(err) {
 				return errors.Wrapf(err, "error populating directory %q for volume %q in container %q using contents of %q", volumePath, volume, b.ContainerID, srcPath)