ENT-10429: Guarded against race condition in install scriptlets with restorecon

[craigcomstock]

Try to run restorecon with the least number of processes/services running that might
make changes to /var/cfengine and /opt/cfengine

restorecon seems to gather a list of files up-front and then process which can take more
than a few seconds.

When services such as database or cf-execd/cf-agent/etc are running files can change
causing restorecon to error out when files are removed.

The files being removed doesn't create a risk of bad SELinux labels since they are gone.

Ticket: ENT-10429
Changelog: title

[craigcomstock]

@cf-bottom jenkins please

[cf-bottom]

Sure, I triggered a build:

Jenkins: https://ci.cfengine.com/job/pr-pipeline/9896/

Packages: http://buildcache.cfengine.com/packages/testing-pr/jenkins-pr-pipeline-9896/

[craigcomstock]

waiting on #1303 to be merged, then will rebase and re-run CI here.

[craigcomstock]

@cf-bottom jenkins

[cf-bottom]

Sure, I triggered a build:

Jenkins: https://ci.cfengine.com/job/pr-pipeline/9905/

Packages: http://buildcache.cfengine.com/packages/testing-pr/jenkins-pr-pipeline-9905/

[craigcomstock]

sequential test failure has the following issues

• exit value 52 from trying an API call in 99-cfbs-init test, known: https://northerntech.atlassian.net/browse/ENT-10431

3	:	1695970697.290	     2.322	0	25	52	0	curl -k -i --show-error --fail -u admin:admin -H "content-type: application/json" -X POST -d @.31343.project_info https://54.195.6.54/api/build/projects && echo
54.195.6.54	curl: (52) Empty reply from server

• upgrade-minor test, known issue with ubuntu 16 which I will investigate this morning https://northerntech.atlassian.net/browse/ENT-10710

3.250.169.0	==> /var/cfengine/state/pg/data/pg_upgrade_output.d/20230929T070442.162/log/pg_upgrade_internal.log <==
3.250.169.0	-----------------------------------------------------------------
3.250.169.0	  pg_upgrade run on Fri Sep 29 07:04:42 2023
3.250.169.0	-----------------------------------------------------------------
3.250.169.0	
3.250.169.0	check for "/var/cfengine/state/pg/backup/bin/postgres" failed: cannot execute

• upgrade-patch failure, restorecon! ;) but this is in 3.21.2 where the bug still exists, so OK

54.246.129.115	warning: %post(cfengine-nova-hub-3.21.2-1.el8.x86_64) scriptlet failed, exit status 255

---

+ restorecon -iR /var/cfengine /opt/cfengine
restorecon: Could not set context for /var/cfengine/state/pg/data/base/16386/pg_internal.init:  No such file or directory
+ return 1

So I think this is "good to go" @nickanderson ack?

[vpodzime]

Nice! 🤞

[craigcomstock]

cherry picks
#1310
#1309