Add support for SELinux labeling

Running `firejail --noprofile --private-bin=bash,ls ls -1Za /usr/bin`
shows that the SELinux labels are not correct:
```
user_u:object_r:user_tmpfs_t:s0 .
     system_u:object_r:usr_t:s0 ..
user_u:object_r:user_tmpfs_t:s0 bash
user_u:object_r:user_tmpfs_t:s0 ls
```

After fixing this:
```
       system_u:object_r:bin_t:s0 .
       system_u:object_r:usr_t:s0 ..
system_u:object_r:shell_exec_t:s0 bash
       system_u:object_r:bin_t:s0 ls
```

Most copied files and created directories should now have correct
labels (bind mounted objects keep their labels). This is useful to
avoid having to change the SELinux rules when using Firejail.

1 files changed, 4 insertions, 0 deletions

diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index 63911ab9e..500b6bf1b 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -167,6 +167,7 @@ static void create_link(const char *oldpath, const char *newpath) {
 static void empty_dev_shm(void) {
         // create an empty /dev/shm directory
         mkdir_attr("/dev/shm", 01777, 0, 0);
+        selinux_relabel_path("/dev/shm", "/dev/shm");
         fs_logger("mkdir /dev/shm");
         fs_logger("create /dev/shm");
 }
@@ -276,10 +277,13 @@ void fs_private_dev(void){
         // pseudo-terminal
         mkdir_attr("/dev/pts", 0755, 0, 0);
         fs_logger("mkdir /dev/pts");
+        selinux_relabel_path("/dev/pts", "/dev/pts");
         fs_logger("create /dev/pts");
         create_char_dev("/dev/pts/ptmx", 0666, 5, 2); //"mknod -m 666 /dev/pts/ptmx c 5 2");
+        selinux_relabel_path("/dev/pts/ptmx", "/dev/pts/ptmx");
         fs_logger("mknod /dev/pts/ptmx");
         create_link("/dev/pts/ptmx", "/dev/ptmx");
+        selinux_relabel_path("/dev/ptmx", "/dev/ptmx");
 
 // code before github issue #351
         // mount -vt devpts -o newinstance -o ptmxmode=0666 devpts //dev/pts