Label prometheus-podman-exporter as container_runtime_exec_t

Without this label, running "prometheus-podman-exporter" as an
SELinux-confined user results in a race condition:

- If "prometheus-podman-exporter" starts before any containers, running
  any Podman commands (even just "podman system info") gives you a
  perplexing error:

      audit[26268]: AVC avc:  denied  { create } for  pid=26268 comm="exe" name="whiteout" scontext=user_u:user_r:user_t:s0-s0:c0.c1023 tcontext=user_u:object_r:container_ro_file_t:s0 tclass=chr_file permissive=0
      prometheus-podman-exporter[26268]: 2025/06/04 22:41:47 configure storage: kernel does not support overlay fs: unable to create kernel-style whiteout: permission denied
      podman[26287]: Error: configure storage: kernel does not support overlay fs: unable to create kernel-style whiteout: permission denied

- If any containers start before "prometheus-podman-exporter", then
  everything is fine, except the "podman_container_mem_usage_bytes"
  metric is oddly missing. But as long as 1 container starts before
  "prometheus-podman-exporter", you're still able to run new containers,
  even after "prometheus-podman-exporter" has started.

Signed-off-by: Max Chernoff <[email protected]>

Author: gucci-on-fleek

container.fc

@@ -48,6 +48,7 @@
 /usr/s?bin/crio.*			--	gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/local/s?bin/crio.*			--	gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/s?bin/ocid.*			--	gen_context(system_u:object_r:container_runtime_exec_t,s0)
+/usr/bin/prometheus-podman-exporter			--	gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/lib/docker/docker-novolume-plugin	--	gen_context(system_u:object_r:container_auth_exec_t,s0)
 /usr/lib/docker/[^/]*plugin	--	gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/local/lib/docker/[^/]*plugin	--	gen_context(system_u:object_r:container_runtime_exec_t,s0)