There was support for SELinux process labels in CRIU but because it was
never tested or verified CRIU only supported the 'unconfined_t' process
label. This was basically no SELinux support.

For successful container checkpoint and restore on a SELinux enabled
host it is necessary that the restored container has the same process
context as before checkpointing.

This commit only removes the check if the label is 'unconfined_t' and
now stores any process label to be restored.

For 'normal' processes started from the command-line which are usually
running in the 'unconfined_t' this just works.

For the container use case this needs additional policies. The latest
container-selinux package on Fedora has the necessary policy to allow
CRIU (running as 'container_runtime_t' when used from Podman) to
transition the restored process to 'container_t'.

Restoring a process running under systemd's control (which means
'unconfined_service_t' without additional policies) will fail because
CRIU will be not allowed to change the context of the restored process.

For each additional CRIU use case on SELinux enabled systems, besides
container processes and command-line/shell processes, additional SELinux
policies are required to allow CRIU to do a 'dyntransition' (change the
Signed-off-by: Adrian Reber <areber@redhat.com>