image-info: changes related to reading SELinux labels unknown to host

When `image-info` inspects ostree images, the `/usr/etc` is bind-mounted
to `/etc`. This results in conflicting SELinux policy specification for
these files and makes the outcome dependent on the `setfiles` build.
All the files in `/etc` have mismatch in the expected vs. actual SELinux
context.

Exclude `/etc` from the check of SELinux ctx mismatches in case the
analysed tree is from an ostree-based image.

Sort the list returned `read_selinux_ctx_mismatch()` based on the item's
`filename` key, to make the result consistent across runs.

`image-info` can not read SELinux labels from the images, which are not
known to the host. This makes the report content depend on the host
environment. As a temporary workaround, relabel the image-info script with
osbuild_exec_t label to allow it to read unknown SELinux labels.

Modify documentation in `test/README.md` to explain the issue with
`image-info` and unknown SELinux labels.

Modify the `generate-all-test-cases` to relabel `image-info` before
generating test cases.

Modify the `image_tests.sh` to relabel `image-info` before running image
test cases.

Add 'tar' image for 'rhel-8' on 's390x' back to the matrix of generated
test cases, as it was removed by mistake. Regenerate the image test
case. Remove 'tar' image from 'rhel-84' on 's390x' from the matrix of
generated test cases, as it is not supported.

Regenerate all affected image test cases.

Signed-off-by: Tomas Hozza <thozza@redhat.com>

tools/image-info

@@ -835,7 +835,7 @@ def read_locale(tree):
             return parse_environment_vars(f.read())
 
 
-def read_selinux_info(tree):
+def read_selinux_info(tree, is_ostree):
     """
     Read information related to SELinux.
 
@@ -872,7 +872,7 @@ def read_selinux_info(tree):
         result["policy"] = policy
 
     with contextlib.suppress(subprocess.CalledProcessError):
-        ctx_mismatch = read_selinux_ctx_mismatch(tree)
+        ctx_mismatch = read_selinux_ctx_mismatch(tree, is_ostree)
         if ctx_mismatch:
             result["context-mismatch"] = ctx_mismatch
 
@@ -897,7 +897,7 @@ def read_selinux_conf(tree):
             return parse_environment_vars(f.read())
 
 
-def read_selinux_ctx_mismatch(tree):
+def read_selinux_ctx_mismatch(tree, is_ostree):
     """
     Read any mismatch in selinux context of files on the image.
 
@@ -905,6 +905,11 @@ def read_selinux_ctx_mismatch(tree):
     are no mismatches between used and expected selinux context,
     then an empty list is returned.
 
+    If the checked 'tree' is ostree, then the path '/etc' is
+    excluded from the check. This is beause it is bind-mounted
+    from /usr/etc and therefore has incorrect selinux context
+    for its filesystem path.
+
     An example of returned value:
     [
         {
@@ -937,6 +942,12 @@ def read_selinux_ctx_mismatch(tree):
             f"{tree}"
         ]
 
+        if is_ostree:
+            # exclude /etc from being checked when the tree is ostree, because
+            # it is just bind-mounted from /usr/etc and has incorrect selinux
+            # context for /etc path
+            CMD.extend(["-e", f"{tree}/etc"])
+
         output = subprocess.check_output(CMD).decode()
 
         # output are lines such as:
@@ -959,6 +970,9 @@ def read_selinux_ctx_mismatch(tree):
             }
             result.append(parsed_line)
 
+        # sort the list to make it consistent across runs
+        result.sort(key=lambda x: x.get("filename"))
+
     return result
 
 
@@ -1742,7 +1756,7 @@ def append_filesystem(report, tree, *, is_ostree=False):
         if rhsm:
             report["rhsm"] = rhsm
 
-        selinux = read_selinux_info(tree)
+        selinux = read_selinux_info(tree, is_ostree)
         if selinux:
             report["selinux"] = selinux