Add support for SELinux labeling

Running `firejail --noprofile --private-bin=bash,ls ls -1Za /usr/bin`
shows that the SELinux labels are not correct:
```
user_u:object_r:user_tmpfs_t:s0 .
     system_u:object_r:usr_t:s0 ..
user_u:object_r:user_tmpfs_t:s0 bash
user_u:object_r:user_tmpfs_t:s0 ls
```

After fixing this:
```
       system_u:object_r:bin_t:s0 .
       system_u:object_r:usr_t:s0 ..
system_u:object_r:shell_exec_t:s0 bash
       system_u:object_r:bin_t:s0 ls
```

Most copied files and created directories should now have correct
labels (bind mounted objects keep their labels). This is useful to
avoid having to change the SELinux rules when using Firejail.

1 files changed, 1 insertions, 0 deletions

diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
index 57095a53c..a8fb838ab 100644
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -87,6 +87,7 @@ void pulseaudio_init(void) {
         // create the new user pulseaudio directory
         if (mkdir(RUN_PULSE_DIR, 0700) == -1)
                 errExit("mkdir");
+        selinux_relabel_path(RUN_PULSE_DIR, RUN_PULSE_DIR);
         // mount it nosuid, noexec, nodev
         fs_remount(RUN_PULSE_DIR, MOUNT_NOEXEC, 0);