#!/bin/bash
#
# Compiles and installs the policies under /opt/stack/selinux-policy.
#
set -eux
set -o pipefail

if [ -x /usr/sbin/semanage ]; then
    for file in $(ls /opt/stack/selinux-policy/*.te); do
        filename=$(basename $file)
        filename_no_ext=${filename%.*}
        # compile policy
        checkmodule -M -m -o "/tmp/$filename_no_ext.mod" \
           "/opt/stack/selinux-policy/$filename"
        semodule_package -o "/tmp/$filename_no_ext.pp" \
            -m "/tmp/$filename_no_ext.mod"
        # install policy
        semodule -i "/tmp/$filename_no_ext.pp"
    done
fi
