From 4143b4dd35fb79dac22364f6b5218fbe44175e36 Mon Sep 17 00:00:00 2001
From: Dan Buch <daniel.buch@gmail.com>
Date: Tue, 30 Dec 2014 19:45:05 -0500
Subject: [PATCH] boom selinux wow

---
 selinux/.vagrant-provision-as-vagrant.sh |  4 ++++
 selinux/.vagrant-provision.sh            | 22 ++++++++++++++++++++++
 selinux/Vagrantfile                      | 10 ++++++++++
 3 files changed, 36 insertions(+)
 create mode 100644 selinux/.vagrant-provision-as-vagrant.sh
 create mode 100644 selinux/.vagrant-provision.sh
 create mode 100644 selinux/Vagrantfile

diff --git a/selinux/.vagrant-provision-as-vagrant.sh b/selinux/.vagrant-provision-as-vagrant.sh
new file mode 100644
index 0000000..a6d8326
--- /dev/null
+++ b/selinux/.vagrant-provision-as-vagrant.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+whoami
+echo woop
diff --git a/selinux/.vagrant-provision.sh b/selinux/.vagrant-provision.sh
new file mode 100644
index 0000000..833971c
--- /dev/null
+++ b/selinux/.vagrant-provision.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -ex
+
+emerge-webrsync
+eselect profile set hardened/linux/amd64/no-multilib/selinux
+emerge sys-kernel/hardened-sources
+echo reboot required here?
+source /etc/profile
+emerge -1 checkpolicy policycoreutils
+echo another reboot?
+FEATURES="-selinux" emerge -1 selinux-base
+FEATURES="-selinux" emerge selinux-base-policy
+echo and another reboot?
+rlpkg -a -r
+rc-update add selinux_gentoo boot
+echo yet another reboot maybe?
+setsebool -P global_ssp on
+semanage login -a -s staff_u vagrant
+restorecon -R -F /home/vagrant
+semanage user -m -R "staff_r sysadm_r system_r" root
+semanage user -m -R "staff_r sysadm_r system_r" staff_u
diff --git a/selinux/Vagrantfile b/selinux/Vagrantfile
new file mode 100644
index 0000000..de47028
--- /dev/null
+++ b/selinux/Vagrantfile
@@ -0,0 +1,10 @@
+Vagrant.configure('2') do |config|
+  config.vm.box = 'meatballhat/gentoo-amd64'
+  config.vm.provision 'shell', path: '.vagrant-provision.sh'
+  config.vm.provision 'shell', path: '.vagrant-provision-as-vagrant.sh', privileged: false
+
+  config.vm.provider 'virtualbox' do |vbox|
+    vbox.cpus = 4
+    vbox.memory = 2048
+  end
+end