Environment build SELinux compatibility

The current way we build environments is not compatible with certain SELinux policies. The issue arises when we chown the user home directory during the build, which includes the ~/shared mount (which is mounted to a folder on the host system). This raises a permission denied error.

Example traceback:

Sep 09 11:47:05 juice01.orangebox.lan juice-default-build[11685]: STEP 16/24: RUN groupadd --gid $USER_GID $USERNAME     && useradd --uid $USER_UID --gid $USER_GID -m -d $HOME_DIR $USERNAME     && chown -R $USERNAME:$USERNAME $HOME_DIR     && chown -R $USERNAME:$USERNAME $ENV_DIR     && git config --global --add safe.directory $SHARED_DIR/lib
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: useradd: warning: the home directory /home/user already exists.
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: useradd: Not copying any file from skel directory into it.
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: chown: changing ownership of '/home/user/shared/lib/lab/src/lab/__pycache__': Permission denied
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: chown: changing ownership of '/home/user/shared/lib/lab/src/lab/config/10-example.toml': Permission denied
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: chown: changing ownership of '/home/user/shared/lib/lab/src/lab/config': Permission denied
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: chown: changing ownership of '/home/user/shared/lib/lab/src/lab/__init__.py': Permission denied
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: chown: changing ownership of '/home/user/shared/lib/lab/src/lab': Permission denied
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: chown: changing ownership of '/home/user/shared/lib/lab/src': Permission denied
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: chown: changing ownership of '/home/user/shared/lib/lab/pyproject.toml': Permission denied
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: chown: changing ownership of '/home/user/shared/lib/lab': Permission denied
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: chown: changing ownership of '/home/user/shared/lib': Permission denied
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[12175]: chown: changing ownership of '/home/user/shared': Permission denied
Sep 09 11:47:06 juice01.orangebox.lan podman[11685]: 2025-09-09 11:47:06.396812815 +0200 CEST m=+1.469543262 image build
Sep 09 11:47:06 juice01.orangebox.lan juice-default-build[11685]: Error: building at STEP "RUN groupadd --gid $USER_GID $USERNAME     && useradd --uid $USER_UID --gid $USER_GID -m -d $HOME_DIR $USERNAME     && chown -R $USERNAME:$USERNAME $HOME_DIR     && chown -R $USERNAME:$USERNAME $ENV_DIR     && git config --global --add safe.directory $SHARED_DIR/lib": while running runtime: exit status 1
Sep 09 11:47:06 juice01.orangebox.lan systemd[1]: juice-default-build.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://wiki.almalinux.org/Help-and-Support
░░
░░ An ExecStart= process belonging to unit juice-default-build.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Sep 09 11:47:06 juice01.orangebox.lan systemd[1]: juice-default-build.service: Failed with result 'exit-code'.

Output of sestatus on that machine:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33