SELinux: Ensure we label /var, and fix /etc merge wrt xattrs

First, /var needs to be labeled at least once.  We should probably
rearrange things so that /var is only created (and labeled) on the
first deployment, but this patch adds a /var/.ostree-selabeled file
instead.

Second, when doing the /etc merge, we compare the xattrs of the old
/usr/etc versus the current /etc.  The problem with that is that the
policy has different labels for /usr/etc on disk than the real /etc.

The correct fix for this is a bit invasive - we have to take the
physical content of the old /usr/etc, but compare the labels as if
they were really in /etc.

Instead for now, just ignore changes to xattrs.  If the file
content/mode changes, then we take the new file (including any changed
xattrs).

Bottom line: just doing chcon -t blah_t /etc/foo.conf may be lost on
upgrade (for now).

1 files changed, 1 insertions, 1 deletions

diff --git a/src/ostree/ot-builtin-diff.c b/src/ostree/ot-builtin-diff.c
index 9c26e703..00de8cbb 100644
--- a/src/ostree/ot-builtin-diff.c
+++ b/src/ostree/ot-builtin-diff.c
@@ -170,7 +170,7 @@ ostree_builtin_diff (int argc, char **argv, OstreeRepo *repo, GCancellable *canc
       removed = g_ptr_array_new_with_free_func ((GDestroyNotify)g_object_unref);
       added = g_ptr_array_new_with_free_func ((GDestroyNotify)g_object_unref);
       
-      if (!ostree_diff_dirs (srcf, targetf, modified, removed, added, cancellable, error))
+      if (!ostree_diff_dirs (OSTREE_DIFF_FLAGS_NONE, srcf, targetf, modified, removed, added, cancellable, error))
         goto out;
 
       ostree_diff_print (srcf, targetf, modified, removed, added);