Added selinux support to sysfs mount

Author: schreiberstein

bubblewrap.c

@@ -1199,6 +1199,7 @@ setup_newroot (bool unshare_pid,
 {
   SetupOp *op;
   int tmp_overlay_idx = 0;
+  struct stat sbuf;
 
   for (op = ops; op != NULL; op = op->next)
     {
@@ -1461,6 +1462,16 @@ setup_newroot (bool unshare_pid,
               privileged_op (privileged_op_socket,
                              PRIV_SEP_OP_SYS_MOUNT, 0, 0, 0,
                              dest, NULL);
+
+              /* In case the host utilizes SELinux, /sys/fs/selinux should be shared with the sandbox */
+              char *selinux_src_dir = "oldroot/sys/fs/selinux";
+              cleanup_free char *selinux_dest_dir = strconcat (dest, "/fs/selinux");
+              if (stat (selinux_src_dir, &sbuf) == 0 && stat (selinux_dest_dir, &sbuf) == 0)
+                {
+                  privileged_op (privileged_op_socket,
+                                 PRIV_SEP_OP_BIND_MOUNT, 0, 0, 0,
+                                 selinux_src_dir, selinux_dest_dir);
+                }
             }
           else
             {