#!/bin/bash

if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
    set -x
fi
set -eu
set -o pipefail
SETFILES=$(which setfiles || true)
if [ -e /etc/selinux/targeted/contexts/files/file_contexts -a -x "${SETFILES}" ]; then
    # Without fixing selinux file labels, sshd will run in the kernel_t domain
    # instead of the sshd_t domain, making ssh connections fail with
    # "Unable to get valid context for <user>" error message
    setfiles /etc/selinux/targeted/contexts/files/file_contexts /
else
    echo "Skipping SELinux relabel, since setfiles is not available."
    echo "Touching /.autorelabel to schedule a relabel when the image boots."
    touch /.autorelabel
fi