Support semanage.mods

Aimee OS variants can now supply a `semange.mods` file in their
configuration directories.  This file contains SELinux customizations,
in the format produced by `semanage export`.  Variants can use this
mechanism to set SELinux booleans, change user/login mappings, and other
SELinux policy customization.  At build time, the base `selinux.mods`
file in the source directory is combined with the variant's file, if it
exists, and the resultant customizations are applied in a single
transaction.

build-rootfs.sh

@@ -5,6 +5,8 @@ set -e
 
 . "${CONFIGDIR:=${PWD}}"/config
 
+O="${1}"
+
 mkdir -p \
     /mnt/gentoo/usr/bin \
     /mnt/gentoo/usr/lib \
@@ -97,10 +99,7 @@ fi
 unshare -m sh -e <<EOF
 mount -o bind /mnt/gentoo/var/lib/selinux /var/lib/selinux
 mount -o bind /mnt/gentoo/etc/selinux /etc/selinux
-semanage boolean -N -m --on systemd_tmpfiles_manage_all
-semanage boolean -N -m --on ssh_sysadm_login
-semanage login -N -m -s root root
-semanage user -N -m -R sysadm_r root
+semanage import -N -f "${O}"/semanage.mods
 EOF
 
 setfiles \