#!/bin/bash

# SELinux Policy Installation Script for Traefik Docker Access
# This script creates and installs a custom SELinux policy module

set -e

POLICY_DIR="/home/jonathan/Coding/HomeAudit/selinux"
MODULE_NAME="traefik_docker"

echo "Installing SELinux policy module for Traefik Docker access..."

# Navigate to policy directory
cd "$POLICY_DIR"

# Compile the policy module
echo "Compiling SELinux policy module..."
make -f /usr/share/selinux/devel/Makefile ${MODULE_NAME}.pp

# Install the policy module
echo "Installing SELinux policy module..."
sudo semodule -i ${MODULE_NAME}.pp

# Verify installation
echo "Verifying policy module installation..."
if semodule -l | grep -q "$MODULE_NAME"; then
    echo "✅ SELinux policy module '$MODULE_NAME' installed successfully"
    semodule -l | grep "$MODULE_NAME"
else
    echo "❌ Failed to install SELinux policy module"
    exit 1
fi

# Restore SELinux to enforcing mode
echo "Setting SELinux to enforcing mode..."
sudo setenforce 1

echo "SELinux policy installation complete!"
echo "Docker socket access should now work in enforcing mode."