base_image: trigger SELinux relabeling for Fedora guests on first boot

Fedora guest images created on Debian hosts fail to boot because the filesystem
lacks proper SELinux contexts. All binaries fail with exit code 127 (command not
found) as SELinux blocks execution of files with unlabeled_t context.

Creating the /.autorelabel file triggers Fedora's automatic SELinux relabeling
on first boot, ensuring all files receive correct contexts before systemd starts
services. This allows Fedora guests to boot successfully when provisioned from
non-SELinux hosts.

Generated-by: Claude AI
Signed-off-by: Daniel Gomez <[email protected]>

Author: dkruces

playbooks/roles/base_image/templates/virt-builder.j2

@@ -86,3 +86,11 @@ firstboot-command systemctl start ssh
 
 {% endif %}
 {% endif %}
+
+{% if guestfs_fedora is defined and guestfs_fedora %}
+{# Fedora uses SELinux in enforcing mode by default. When creating a Fedora #}
+{# guest image on a non-SELinux host (like Debian), the filesystem will not #}
+{# have proper SELinux contexts, causing boot failures with "command not found" #}
+{# errors (exit 127) for all binaries. Trigger automatic relabeling on first boot. #}
+write /.autorelabel:
+{% endif %}