guestfs: disable virt-sysprep SELinux relabeling for Fedora on Debian

virt-sysprep attempts automatic SELinux relabeling which fails silently on
non-SELinux hosts like Debian, overwriting the correct labels already applied
by virt-customize to the base image.

The workflow is:
1. virt-builder creates base image (no SELinux labels)
2. virt-customize --selinux-relabel fixes base image (correct labels)
3. cp copies base to root.raw (labels preserved)
4. virt-sysprep tries to relabel root.raw, fails on Debian, creates /.autorelabel

This final step breaks the boot process with the chicken-and-egg problem where
the relabeling service cannot execute due to SELinux blocking unlabeled files.

Add --no-selinux-relabel flag to virt-sysprep when building Fedora guests on
Debian/Ubuntu hosts. This prevents virt-sysprep from attempting relabeling and
preserves the correct labels already applied by virt-customize.

Generated-by: Claude AI
Signed-off-by: Daniel Gomez <[email protected]>

Author: dkruces

playbooks/roles/guestfs/tasks/bringup/main.yml

@@ -91,6 +91,10 @@
                 "--firstboot-command", "if command -v ufw >/dev/null 2>&1 && systemctl is-active ufw >/dev/null 2>&1; then ufw allow " + (ansible_cfg_ssh_port | string) + "/tcp; fi"
               ]
               if ansible_cfg_ssh_port | int != 22 else []
+            ) + (
+              ["--no-selinux-relabel"]
+              if (guestfs_fedora is defined and guestfs_fedora|bool and ansible_distribution|lower in ['debian', 'ubuntu'])
+              else []
             )
           }}