Merge branch 'eero/fixup-filebeat' into 'master'

fix: [NODE-1428] Allow systemd to relabel journal files

If systemd cannot initially write the journal to var (because it is not set up at boot), it will first start it in a tempfile, then relocate that file to persistent storage when available. After the move, it needs to fixup the label for others to be able to use it properly. 

See merge request dfinity-lab/public/ic!20039

ic-os/components/prep/guestos/systemd-fixes/systemd-fixes.te

@@ -25,6 +25,7 @@ allow syslogd_t syslogd_t : netlink_generic_socket { create ioctl };
 # context.
 require { type var_log_t; }
 filetrans_pattern(syslogd_t, var_t, var_log_t, dir, "log")
+allow systemd_tmpfiles_t var_log_t : file { relabelfrom };
 
 # journald wants to scan the /run/user hierarchy (presumably relating to login sessions)
 require { type user_runtime_root_t, user_runtime_t; }