Correct label for /run/libvirt

The former label (virt_var_run_t) was in fact the one set by fcontext:
/var/run/libvirt(/.*)?                             all files          system_u:object_r:virt_var_run_t:s0

While it makes sense when libvirt is running on the host, it has no
actual value in containerized services.

More over, it was already relabeled to container_file_t from within the
migration-target container, since that one bind-mounts the location with
the "z" flag.

In order to stop seeing the label flapping upon deploy and day-2
operations, the best thing to do is to stop using the virt_var_run_t
label and just ensure containers are relabeling this location.

Resolves: rhbz#2122656
Change-Id: I64f7e5d5f7dab8e59c6a48f01d636880e429d2f2
(cherry picked from commit 96c9eb7a34)

deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml

@@ -105,7 +105,7 @@ outputs:
                 - {get_attr: [ContainersCommon, volumes]}
                 - - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/ceilometer:/var/lib/kolla/config_files/src:ro
-                  - /run/libvirt:/run/libvirt:shared
+                  - /run/libvirt:/run/libvirt:shared,z
                   - /var/log/containers/ceilometer:/var/log/ceilometer:z
             environment:
               KOLLA_CONFIG_STRATEGY: COPY_ALWAYS

deployment/deprecated/nova/nova-libvirt-container-puppet.yaml

@@ -573,7 +573,7 @@ outputs:
                           - /dev:/dev
                           - /run:/run
                           - /sys/fs/cgroup:/sys/fs/cgroup
-                          - /run/libvirt:/run/libvirt:shared
+                          - /run/libvirt:/run/libvirt:shared,z
                           - /var/lib/libvirt:/var/lib/libvirt
                           - /etc/libvirt/qemu:/etc/libvirt/qemu:ro
                           - /var/lib/nova:/var/lib/nova:shared
@@ -624,7 +624,7 @@ outputs:
                       - /run:/run
                       - /sys/fs/cgroup:/sys/fs/cgroup
                       - /etc/libvirt:/etc/libvirt
-                      - /run/libvirt:/run/libvirt:shared
+                      - /run/libvirt:/run/libvirt:shared,z
                       - /var/lib/libvirt:/var/lib/libvirt:shared
                       - /var/cache/libvirt:/var/cache/libvirt:shared
                       - /var/lib/vhost_sockets:/var/lib/vhost_sockets
@@ -661,7 +661,7 @@ outputs:
                     - {get_attr: [ContainersCommon, volumes]}
                     - - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova
                       - /etc/libvirt:/etc/libvirt
-                      - /run/libvirt:/run/libvirt:shared
+                      - /run/libvirt:/run/libvirt:shared,z
                       - /var/lib/libvirt:/var/lib/libvirt:shared
                       - /var/lib/container-config-scripts/nova_libvirt_init_secret.sh:/nova_libvirt_init_secret.sh:ro
                       - str_replace:
@@ -884,8 +884,8 @@ outputs:
                 - { 'path': /var/lib/libvirt, 'setype': container_file_t }
                 - { 'path': /var/cache/libvirt }
                 - { 'path': /var/lib/nova, 'setype': container_file_t }
-                - { 'path': /run/libvirt, 'setype': virt_var_run_t }
-            # qemu user on host will be cretaed by libvirt package install, ensure
+                - { 'path': /run/libvirt}
+            # qemu user on host will be created by libvirt package install, ensure
             # the qemu user created with same uid/gid as like libvirt package.
             # These specific values are required since ovs is running on host.
             # Once ovs with DPDK is containerized, we could modify this uid/gid

deployment/nova/nova-libvirt-common.yaml

@@ -151,7 +151,7 @@ outputs:
           - /etc/selinux/config:/etc/selinux/config:ro
           - /etc/libvirt:/etc/libvirt:shared
           - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
-          - /run/libvirt:/run/libvirt:shared
+          - /run/libvirt:/run/libvirt:shared,z
           - /var/lib/nova:/var/lib/nova:shared
           - /var/lib/libvirt:/var/lib/libvirt:shared
           - /var/cache/libvirt:/var/cache/libvirt:shared

deployment/nova/nova-modular-libvirt-container-puppet.yaml

@@ -716,7 +716,7 @@ outputs:
                     - {get_attr: [ContainersCommon, volumes]}
                     - - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova
                       - /etc/libvirt:/etc/libvirt
-                      - /run/libvirt:/run/libvirt:shared
+                      - /run/libvirt:/run/libvirt:shared,z
                       - /var/lib/libvirt:/var/lib/libvirt:shared
                       - /var/lib/container-config-scripts/nova_libvirt_init_secret.sh:/nova_libvirt_init_secret.sh:ro
                       - str_replace:
@@ -929,7 +929,7 @@ outputs:
                 - { 'path': /var/lib/libvirt, 'setype': container_file_t }
                 - { 'path': /var/cache/libvirt }
                 - { 'path': /var/lib/nova, 'setype': container_file_t }
-                - { 'path': /run/libvirt, 'setype': virt_var_run_t }
+                - { 'path': /run/libvirt }
                 - { 'path': /var/log/libvirt, 'setype': container_file_t }
                 - { 'path': /var/log/libvirt/qemu, 'setype': container_file_t }
                 - { 'path': /var/log/containers/libvirt/swtpm, 'setype': container_file_t, 'mode': '0750' }