deploy: SELinux-relabel installed kernel/initramfs data

[cgwalters]

When we changed around the kernel location in rpm-ostree, we
started installing the kernel into /boot as modules_object_t,
and the current policy didn't permit that. For maximum compatibility,
relabel installed kernel/initramfs/dtb as boot_t.

https://bugzilla.redhat.com/show_bug.cgi?id=1536991

[jlebon]

Looks sane, though:

+ ls -al bootlsz.txt
-rw-r--r--. 1 root root 144 Feb  2 18:58 bootlsz.txt
+ sed -e 's/^/# /'
# system_u:object_r:modules_object_t:s0 initramfs-4.14.8-300.fc27.x86_64.img
# system_u:object_r:modules_object_t:s0 vmlinuz-4.14.8-300.fc27.x86_64
+ fatal 'File '\''bootlsz.txt'\'' doesn'\''t match fixed string list '\''system_u:object_r:boot_t:s0 vmlinuz-'\'''
+ echo File ''\''bootlsz.txt'\''' 'doesn'\''t' match fixed string list ''\''system_u:object_r:boot_t:s0' 'vmlinuz-'\'''
File 'bootlsz.txt' doesn't match fixed string list 'system_u:object_r:boot_t:s0 vmlinuz-'
+ exit 1
### EXITED WITH CODE 1 AFTER 27s

Hmm, I suppose this is because we'd need to create a new deployment that has a new kernel to properly test this?

[jlebon]

@rh-atomic-bot r+ 7412fba

[rh-atomic-bot]

⚡ Test exempted: pull fully rebased and already tested.