#!/bin/bash

set -eux
set -o pipefail

CONFIGURED_SELINUX=$(grep ^SELINUX= /etc/selinux/config | awk -F = '{print $2}')

if [ "$CONFIGURED_SELINUX" == "enforcing" ]; then
    # Without fixing selinux file labels, sshd will run in the kernel_t domain
    # instead of the sshd_t domain, making ssh connections fail with
    # "Unable to get valid context for <user>" error message
    setfiles /etc/selinux/targeted/contexts/files/file_contexts /
else
    echo "Skipping SELinux relabel, since it is not Enforcing."
    echo "To relabel once the image is running, use:"
    echo "setfiles /etc/selinux/targeted/contexts/files/file_contexts /"
    echo "fixfiles restore"
fi
