bib: Extract what SELinux policy to us from container

Currently we are always hardcoding "targeted", which is not working
for the centos automotive sig that use a custom policy.

Author: alexlarsson

bib/cmd/bootc-image-builder/image.go

@@ -344,8 +344,7 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest
 	img := image.NewBootcDiskImage(containerSource)
 	img.Users = users.UsersFromBP(customizations.GetUsers())
 	img.Groups = users.GroupsFromBP(customizations.GetGroups())
-	// TODO: get from the bootc container instead of hardcoding it
-	img.SELinux = "targeted"
+	img.SELinux = c.SourceInfo.SELinuxPolicy
 
 	img.KernelOptionsAppend = []string{
 		"rw",

bib/internal/source/source.go

@@ -1,6 +1,8 @@
 package source
 
 import (
+	"bufio"
+	"errors"
 	"fmt"
 	"os"
 	"path"
@@ -27,6 +29,7 @@ type OSRelease struct {
 type Info struct {
 	OSRelease          OSRelease
 	UEFIVendor         string
+	SELinuxPolicy      string
 	ImageCustomization *blueprint.Customizations
 }
 
@@ -63,6 +66,39 @@ func uefiVendor(root string) (string, error) {
 	return "", fmt.Errorf("cannot find UEFI vendor in %s", bootupdEfiDir)
 }
 
+func readSelinuxPolicy(root string) (string, error) {
+	configPath := "etc/selinux/config"
+	f, err := os.Open(path.Join(root, configPath))
+	if err != nil {
+		return "", fmt.Errorf("cannot read selinux config %s: %w", configPath, err)
+	}
+	// nolint:errcheck
+	defer f.Close()
+
+	policy := ""
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		if len(line) == 0 {
+			continue
+		}
+		if strings.HasPrefix(line, "#") {
+			continue
+		}
+
+		parts := strings.SplitN(line, "=", 2)
+		if len(parts) != 2 {
+			return "", errors.New("selinux config: invalid input")
+		}
+		key := strings.TrimSpace(parts[0])
+		if key == "SELINUXTYPE" {
+			policy = strings.TrimSpace(parts[1])
+		}
+	}
+
+	return policy, nil
+}
+
 func readImageCustomization(root string) (*blueprint.Customizations, error) {
 	prefix := path.Join(root, bibPathPrefix)
 	config, err := buildconfig.LoadConfig(path.Join(prefix, "config.json"))
@@ -102,6 +138,11 @@ func LoadInfo(root string) (*Info, error) {
 		return nil, err
 	}
 
+	selinuxPolicy, err := readSelinuxPolicy(root)
+	if err != nil {
+		logrus.Debugf("cannot read selinux policy: %v, setting it to none", err)
+	}
+
 	var idLike []string
 	if osrelease["ID_LIKE"] != "" {
 		idLike = strings.Split(osrelease["ID_LIKE"], " ")
@@ -118,6 +159,7 @@ func LoadInfo(root string) (*Info, error) {
 		},
 
 		UEFIVendor:         vendor,
+		SELinuxPolicy:      selinuxPolicy,
 		ImageCustomization: customization,
 	}, nil
 }