selinux: Use fd_path instead of /dev/tap* to get context

/dev/tap* is an invalid path but it works with lax policy.
Make it work with more accurate policy as well
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Signed-off-by: NDominick Grift <dac.override@gmail.com>

src/security/security_selinux.c

@@ -3251,7 +3251,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr,
         goto cleanup;
     }
 
-    /* Label /dev/tap.* devices only. Leave /dev/net/tun alone! */
+    /* Label /dev/tap([0-9]+)? devices only. Leave /dev/net/tun alone! */
     proc = g_strdup_printf("/proc/self/fd/%d", fd);
 
     if (virFileResolveLink(proc, &fd_path) < 0) {
@@ -3267,7 +3267,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr,
         goto cleanup;
     }
 
-    if (getContext(mgr, "/dev/tap*", buf.st_mode, &fcon) < 0) {
+    if (getContext(mgr, fd_path, buf.st_mode, &fcon) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("cannot lookup default selinux label for tap fd %d"), fd);
         goto cleanup;