#!/bin/bash
#
# Compiles and installs the policies under /opt/stack/selinux-policy.
#
set -eux
set -o pipefail

TMPDIR=$(mktemp -d)
if [ -x /usr/sbin/semanage ]; then
    cd $TMPDIR
    for file in $(ls /opt/stack/selinux-policy/*.te); do
        filename=$(basename $file)
        filename_no_ext=${filename%.*}
        # compile policy
        cp $file $TMPDIR
        make -f /usr/share/selinux/devel/Makefile $filename_no_ext.pp
    done
    # install policies
    semodule -i $TMPDIR/*.pp
    rm -rf $TMPDIR
fi
