Add support for SELinux labeling

Running `firejail --noprofile --private-bin=bash,ls ls -1Za /usr/bin`
shows that the SELinux labels are not correct:
```
user_u:object_r:user_tmpfs_t:s0 .
     system_u:object_r:usr_t:s0 ..
user_u:object_r:user_tmpfs_t:s0 bash
user_u:object_r:user_tmpfs_t:s0 ls
```

After fixing this:
```
       system_u:object_r:bin_t:s0 .
       system_u:object_r:usr_t:s0 ..
system_u:object_r:shell_exec_t:s0 bash
       system_u:object_r:bin_t:s0 ls
```

Most copied files and created directories should now have correct
labels (bind mounted objects keep their labels). This is useful to
avoid having to change the SELinux rules when using Firejail.

1 files changed, 2 insertions, 1 deletions

diff --git a/src/common.mk.in b/src/common.mk.in
index 1464ab9b2..945815a40 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -24,6 +24,7 @@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@
 HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
 HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
 HAVE_GCOV=@HAVE_GCOV@
+HAVE_SELINUX=@HAVE_SELINUX@
 
 H_FILE_LIST       = $(sort $(wildcard *.[h]))
 C_FILE_LIST       = $(sort $(wildcard *.c))
@@ -32,7 +33,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)
 CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'
-CFLAGS += $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST)
+CFLAGS += $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
 CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
 LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
 EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@