Review SELinux user context handling after authentication (#1269072)
    
    The previous required to have for all SELInux user contexts with setexec capability. Otherwise user would not be able to change password if it is expired. This patch sets correct context and cleans up the exec context.
    
    When doing chroot, copy_selinux_context is called twice