#!/bin/sh

set_labels() {
    local rootfs
    rootfs="$1"

    sudo sh -evx <<EOF
for p in / $(cd "$rootfs"; pwd -P | sed -e 's/\// /g')
do
    cd "\$p"
    pdpl-file '3:63:-1:CCNRA' .
done
EOF
}

post_process_se() {
    local rootfs
    rootfs="$1"

    install_packages "${rootfs}" libpdp parsec-base parsec-cap parsec-mac parsec-tools parsec-kiosk2
    chroot "${rootfs}" systemctl disable parlogd.service

    # switch the guest into advanced (smolensk) mode
    install_packages "${rootfs}" astra-safepolicy
    chroot "${rootfs}" astra-modeswitch set 2

    # mount parsecfs into the guest
    mkdir -p "$rootfs/parsecfs"
    printf "\nlxc.mount.entry = /parsecfs parsecfs none bind 0 0" >> "$path/config"
}

scdir=$(dirname "$0")
. "$scdir"/astra-util.sh

post_process_se "${rootfs}"
set_labels "$rootfs"

