#!/usr/bin/bash
set +e

TMP=$(mktemp -t katello-selinux-enable.XXXXXXXXXX)
TMP_PORTS=$(mktemp -t katello-selinux-enable-ports.XXXXX)
trap "rm -rf '$TMP' '$TMP_PORTS'" EXIT INT TERM
LOG=/var/log/foreman-selinux-install.log

selinuxvariant=targeted
if /usr/sbin/semodule -s $selinuxvariant -l >/dev/null; then
  # Load policy
  /usr/sbin/semanage module -S $selinuxvariant \
    -a /usr/share/selinux/${selinuxvariant}/katello.pp.bz2

  # Create port list cache
  /usr/sbin/semanage port -E > $TMP_PORTS

  # Assign katello custom ports
  grep -qE 'tcp 23443' $TMP_PORTS || \
    echo "port -a -t katello_candlepin_port_t -p tcp 23443" >> $TMP
  grep -qE 'tcp 24443' $TMP_PORTS || \
    echo "port -a -t katello_iop_advisor_engine_port_t -p tcp 24443" >> $TMP

  # Append to log file
  echo "$(date) $0" >> $LOG
  cat $TMP >> $LOG

  # Commit the changes
  if test -s $TMP; then
    /usr/sbin/semanage -S $selinuxvariant -i $TMP | tee -a $LOG
  fi
fi
