add relabel documentation to Containerfile man page

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

common/docs/Containerfile.5.md

@@ -109,7 +109,7 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
 
        e.g.
 
-       mount=type=bind,source=/path/on/host,destination=/path/in/container
+       mount=type=bind,source=/path/on/host,destination=/path/in/container,relabel=shared
 
        mount=type=tmpfs,tmpfs-size=512M,destination=/path/in/container
 
@@ -131,6 +131,18 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
 
 	      · from: stage or image name for the root of the source. Defaults to the build context.
 
+	      · relabel=shared, z: Relabels src content with a shared label.
+
+	      . relabel=private, Z: Relabels src content with a private label.
+
+	      Labeling systems like SELinux require proper labels on the bind mounted content mounted into a container. Without a label, the security system might prevent the processes running in side the container from using the content. By default, container engines do not change the labels set by the OS. The relabel flag tells the engine to relabel file objects on the shared mountz.
+
+	      The relabel=shared and z options tell the engine that two or more containers will share the mount content. The engine labels the content with a shared content label.
+
+	      The relabel=private and Z options tell the engine to label the content with a private unshared label. Only the current container can use a private mount.
+
+	      Relabeling walks the file system under the mount and changes the label on each file, if the mount has thousands of inodes, this process takes a long time, delaying the start of the container.
+	      
 	      · rw, read-write: allows writes on the mount.
 
        Options specific to tmpfs: