Update sebool template for bootable containers

[matusmarhefka]

Add an SCE check to the sebool template for bootable containers. OVAL can't be used in this case because selinuxboolean probe as currently implemented won't work inside a container as it uses security_get_boolean_names from libselinux which checks runtime status and that is not possible in a container build environment. The new SCE check uses seinfo binary (from setools-console RPM) which checks static configuration (/etc/selinux/targeted/policy/policy.33 policy file) to obtain SELinux booleans values which will be used once a container is booted.

Related PR in openscap - https://github.com/OpenSCAP/openscap/pull/2171

[openshift-ci[bot]]

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

[github-actions[bot]]

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment

Oracle Linux 8 Environment

[codeclimate[bot]]

Code Climate has analyzed commit 6e1a694b and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (0.0% change).

View more on Code Climate.