#!/bin/sh

set_labels() {
    local rootfs
    rootfs="$1"

    sudo sh -evx <<EOF
for p in / $(cd "$rootfs"; pwd -P | sed -e 's/\// /g')
do
    cd "\$p"
    pdpl-file '3:63:-1:CCNRA' .
done
EOF
}

post_process_se() {
    local rootfs
    rootfs="$1"

    install_packages "${rootfs}" libpdp parsec-base parsec-cap parsec-mac parsec-tools parsec-kiosk2
    if [ -f ${rootfs}/lib/systemd/system/auditd.service ]; then
        chroot "${rootfs}" systemctl disable auditd.service
    fi
    if [ -f ${rootfs}/lib/systemd/system/parlogd.service ]; then
        chroot "${rootfs}" systemctl disable parlogd.service
    fi

    if dpkg -l astra-safepolicy >/dev/null 2>&1 && test -f /usr/sbin/astra-modeswitch ; then
        # switch the guest into advanced (smolensk) mode
        install_packages "${rootfs}" astra-safepolicy
        chroot "${rootfs}" astra-modeswitch set 2
    fi

    # mount parsecfs into the guest
    mkdir -p "$rootfs/parsecfs"
    printf "\nlxc.mount.entry = /parsecfs parsecfs none bind 0 0" >> "$path/config"
}

scdir=$(dirname "$0")
. "$scdir"/astra-util.sh

post_process_se "${rootfs}"
set_labels "$rootfs"

