Add support for SELinux labeling

Running `firejail --noprofile --private-bin=bash,ls ls -1Za /usr/bin`
shows that the SELinux labels are not correct:
```
user_u:object_r:user_tmpfs_t:s0 .
     system_u:object_r:usr_t:s0 ..
user_u:object_r:user_tmpfs_t:s0 bash
user_u:object_r:user_tmpfs_t:s0 ls
```

After fixing this:
```
       system_u:object_r:bin_t:s0 .
       system_u:object_r:usr_t:s0 ..
system_u:object_r:shell_exec_t:s0 bash
       system_u:object_r:bin_t:s0 ls
```

Most copied files and created directories should now have correct
labels (bind mounted objects keep their labels). This is useful to
avoid having to change the SELinux rules when using Firejail.

1 files changed, 2 insertions, 0 deletions

diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c
index 303d6f9aa..cafe9fa49 100644
--- a/src/firejail/fs_var.c
+++ b/src/firejail/fs_var.c
@@ -223,9 +223,11 @@ void fs_var_cache(void) {
                 }
 
                 mkdir_attr("/var/cache/lighttpd/compress", 0755, uid, gid);
+                selinux_relabel_path("/var/cache/lighttpd/compress", "/var/cache/lighttpd/compress");
                 fs_logger("mkdir /var/cache/lighttpd/compress");
 
                 mkdir_attr("/var/cache/lighttpd/uploads", 0755, uid, gid);
+                selinux_relabel_path("/var/cache/lighttpd/uploads", "/var/cache/lighttpd/uploads");
                 fs_logger("/var/cache/lighttpd/uploads");
         }
 }