SELinux: Ensure we label /var, and fix /etc merge wrt xattrs

First, /var needs to be labeled at least once.  We should probably
rearrange things so that /var is only created (and labeled) on the
first deployment, but this patch adds a /var/.ostree-selabeled file
instead.

Second, when doing the /etc merge, we compare the xattrs of the old
/usr/etc versus the current /etc.  The problem with that is that the
policy has different labels for /usr/etc on disk than the real /etc.

The correct fix for this is a bit invasive - we have to take the
physical content of the old /usr/etc, but compare the labels as if
they were really in /etc.

Instead for now, just ignore changes to xattrs.  If the file
content/mode changes, then we take the new file (including any changed
xattrs).

Bottom line: just doing chcon -t blah_t /etc/foo.conf may be lost on
upgrade (for now).

1 files changed, 7 insertions, 1 deletions

diff --git a/src/libostree/ostree-diff.h b/src/libostree/ostree-diff.h
index 35e99f97..6a56e3ab 100644
--- a/src/libostree/ostree-diff.h
+++ b/src/libostree/ostree-diff.h
@@ -27,6 +27,11 @@
 
 G_BEGIN_DECLS
 
+typedef enum {
+  OSTREE_DIFF_FLAGS_NONE = 0,
+  OSTREE_DIFF_FLAGS_IGNORE_XATTRS = (1 << 0)
+} OstreeDiffFlags;
+
 typedef struct _OstreeDiffItem OstreeDiffItem;
 struct _OstreeDiffItem
 {
@@ -47,7 +52,8 @@ void ostree_diff_item_unref (OstreeDiffItem *diffitem);
 
 GType ostree_diff_item_get_type (void);
 
-gboolean ostree_diff_dirs (GFile          *a,
+gboolean ostree_diff_dirs (OstreeDiffFlags flags,
+                           GFile          *a,
                            GFile          *b,
                            GPtrArray      *modified,
                            GPtrArray      *removed,