#!/bin/bash

if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
    set -x
fi
set -eu
set -o pipefail

SETFILES=$(which setfiles || true)
if [ -e /etc/selinux/targeted/contexts/files/file_contexts -a -x "${SETFILES}" ]; then
    # get all mounpoints in the system
    IFS='|' read -ra SPLIT_MOUNTS <<< "$DIB_MOUNTPOINTS"
    for MOUNTPOINT in "${SPLIT_MOUNTS[@]}"; do
        # Without fixing selinux file labels, sshd will run in the kernel_t domain
        # instead of the sshd_t domain, making ssh connections fail with
        # "Unable to get valid context for <user>" error message
        if [ "${MOUNTPOINT}" != "/tmp/in_target.d" ] && [ "${MOUNTPOINT}" != "/dev" ]; then
            $SETFILES /etc/selinux/targeted/contexts/files/file_contexts ${MOUNTPOINT}
        fi
    done
else
    echo "Skipping SELinux relabel, since setfiles is not available."
    echo "Touching /.autorelabel to schedule a relabel when the image boots."
    touch /.autorelabel
fi