selinux: enhance test to cover nfs label failure

Daniel Berrange (correctly) pointed out that we should do a better
job of testing selinux labeling fallbacks on NFS disks that lack
labeling support.

* tests/securityselinuxhelper.c (includes): Makefile already
guaranteed xattr support.  Add additional headers.
(init_syms): New function, borrowing from vircgroupmock.c.
(setfilecon_raw, getfilecon_raw): Fake NFS failure.
(statfs): Fake an NFS mount point.
(security_getenforce, security_get_boolean_active): Don't let host
environment affect test.
* tests/securityselinuxlabeldata/nfs.data: New file.
* tests/securityselinuxlabeldata/nfs.xml: New file.
* tests/securityselinuxlabeltest.c (testSELinuxCreateDisks)
(testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount.
(testSELinuxCheckLabels): Test handling of SELinux NFS denial.
Fix memory leak.
(testSELinuxLabeling): Avoid infinite loop on dirty tree.
(mymain): Add new test.

tests/securityselinuxlabeldata/nfs.txt

@@ -0,0 +1 @@
+/nfs/plain.raw;EOPNOTSUPP

tests/securityselinuxlabeldata/nfs.xml

@@ -0,0 +1,24 @@
+<domain type='kvm'>
+  <name>vm1</name>
+  <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
+  <memory unit='KiB'>219200</memory>
+  <os>
+    <type arch='i686' machine='pc-1.0'>hvm</type>
+    <boot dev='cdrom'/>
+  </os>
+  <devices>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/nfs/plain.raw'/>
+      <target dev='vda' bus='virtio'/>
+    </disk>
+    <input type='mouse' bus='ps2'/>
+    <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
+      <listen type='address' address='0.0.0.0'/>
+    </graphics>
+  </devices>
+  <seclabel model="selinux" type="dynamic" relabel="yes">
+    <label>system_u:system_r:svirt_t:s0:c41,c264</label>
+    <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
+  </seclabel>
+</domain>