build_sysexts: Relabel sysexts too

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>

build_sysext

@@ -237,9 +237,9 @@ done
 # Make squashfs generation more reproducible.
 export SOURCE_DATE_EPOCH=$(stat -c '%Y' "${BUILD_DIR}/fs-root/usr/lib/os-release")
 
-# Unmount in order to get rid of the overlay
+# Unmount in order to get rid of the overlay, but keep fs-root for
+# now, so we can use selinux file contexts.
 umount "${BUILD_DIR}/${FLAGS_install_root_basename}"
-umount "${BUILD_DIR}/fs-root"
 
 if [[ "$FLAGS_generate_pkginfo" = "${FLAGS_TRUE}" ]] ; then
   info "  Creating pkginfo squashfs '${BUILD_DIR}/${SYSEXTNAME}_pkginfo.raw'"
@@ -324,6 +324,10 @@ if [[ -n "${invalid_files}" ]]; then
   die "Invalid file ownership: ${invalid_files}"
 fi
 
+info "Relabeling sysext contents"
+setfiles -D -E -F -r "${BUILD_DIR}/${FLAGS_install_root_basename}" -v -T 0 "${BUILD_DIR}/fs-root/usr/share/flatcar/etc/selinux/mcs/contexts/files/file_contexts" "${BUILD_DIR}/${FLAGS_install_root_basename}"
+umount "${BUILD_DIR}/fs-root"
+
 # Set up EROFS compression options based on compression type
 if [[ "${FLAGS_compression}" != "none" ]]; then
   export SYSTEMD_REPART_MKFS_OPTIONS_EROFS="-z${FLAGS_compression}"
@@ -352,7 +356,7 @@ systemd-repart \
 
 rm -rf "${BUILD_DIR}"/{fs-root,"${FLAGS_install_root_basename}",workdir}
 
-# Generate reports
+info "Generating reports"
 mkdir "${BUILD_DIR}/img-rootfs"
 systemd-dissect --read-only \
   --mount \