Fix SELinux installation failures on Debian Stretch
Debian Stretch requires that pathnames be present when calling restorecon,
but this was not a requirement in CentOS 7. We fix this by moving all
SELinux-related changes to the gitlab::selinux recipe so that all the required
files and directories can be made before any SELinux changes are applied. This
makes sense from a code organization standpoint and also has the nice side
effect of removing the need to ignore unknown files (-i option in restorecon)
as well.
On Debian, due to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851760, you
may see libsemanage.add_user: user system_u not in password file. This is only
a cosmetic issue.
Closes #3337
Edited by Stan Hu