SELinux: Allow Podman to relabel any file

The default SELinux policy for Podman only allows it to relabel certain
files, such as `user_home_t`, to `container_file_t`.  This effectively
precludes mounting arbitrary directories from `/var` into containers.

repos/aimee-os/sec-policy/selinux-aimee-os/files/aimee-os.te

@@ -238,3 +238,12 @@ gen_require(`
 	type sysadm_t;
 ')
 init_use_fds(sysadm_t)
+
+# Allow podman to relabel any file (to container_file_t)
+optional_policy(`
+	gen_require(`
+		type podman_t;
+	')
+	files_relabel_non_security_dirs(podman_t)
+	files_relabel_non_security_files(podman_t)
+')