Adds file context for runner script with SELinux enabled

[krayon]

When SELinux is Enforcing, the initrc_exec_t context is needed in order for systemd to execute the script and start the runner.

This patch adds the adding and removing of this context from the script for the svc.sh install and svc.sh uninstall commands respectively.

NOTE: A potential alternative to this may be to make the systemd process a user instance instead of a system one however that would require more significant changes and require the system to be configured with lingering user systemd services for the given user (loginctl enable-linger [username])

Fixes #1606
Related: #1193

[istathar]

semanage doesn't appear to be installed on a stock Fedora system

[istathar]

$ sudo chcon -t initrc_exec_t runsvc.sh

has worked locally. Of course that's only a temporary relabelling but wanted to let you know you've got the right context.

[krayon]

Thanks @istathar , how annoying. CentOS and RedHat do ship with semanage. I guess the other option is to check for the context and bail if:

1. Context is wrong; and
2. no semanage is present

[TingluoHuang]

I created a new CentOS 8 Azure VM and it doesn't come with semanage 😢

[TingluoHuang]

should we error if we can't find semanage installed?

[krayon]

Yes, I guess we can either:

• Bail if SELinux is enabled and Enforcing but semanage isn't present; or
• Report the issue to the user but continue to fail (as it does now).

Additionally, we could optionally check the context in case they've done something clever and the file has inherited the correct context anyway. In my tests with CentOS semanage was installed but right now we have more reports of it missing than present so it may have been how I did my installation.

[JAORMX]

Well, you could probably still adjust the context even if SELinux is not enforcing. I'd just check if semanage is installed and try do do the context change.... or use chcon as suggested in a comment above.