r/vmhost: Work around libvirt SELinux policy bug

With the transition to modular _libvirt_ daemons, the SELinux policy is
a bit more granular.  Unfortunately, the new policy has a funny [bug]: it
assumes directories named `storage` under `/run/libvirt` must be for
_virtstoraged_ and labels them as such, which prevents _virtnetworkd_
from managing a virtual network named `storage`.

To work around this, we need to give `/run/libvirt/network` a special
label so that its children do not match the file transition pattern for
_virtstoraged_ and thus keep their `virtnetworkd_var_run_t` label.

[bug]: https://bugzilla.redhat.com/show_bug.cgi?id=2362040

roles/vmhost/files/fix-run-libvirt-network.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStartPre=+/bin/mkdir -p %t/libvirt/network
+ExecStartPre=+/bin/chcon -t virtnetworkd_var_run_t %t/libvirt/network

roles/vmhost/tasks/main.yml

@@ -40,6 +40,31 @@
   tags:
   - log-dir
 
+- name: ensure virtnetworkd.service drop-in directory exists
+  file:
+    path: /etc/systemd/system/virtnetworkd.service.d
+    owner: root
+    group: root
+    mode: u=rwx,go=rx
+    state: directory
+  tags:
+  - systemd
+  - virtnetworkd-selinux-bug
+  - 'rhbz#2362040'
+- name: 'ensure virtnetworkd selinux bug work-around is in place (rhbz#2362040)'
+  copy:
+    src: fix-run-libvirt-network.conf
+    dest: /etc/systemd/system/virtnetworkd.service.d/
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+  - reload systemd
+  tags:
+  - systemd
+  - virtnetworkd-selinux-bug
+  - 'rhbz#2362040'
+
 - name: ensure libvirtd starts at boot
   service:
     name: '{{ item }}'