#!/bin/bash

set -ex

emerge-webrsync
eselect profile set hardened/linux/amd64/no-multilib/selinux
emerge sys-kernel/hardened-sources
echo reboot required here?
source /etc/profile
emerge -1 checkpolicy policycoreutils
echo another reboot?
FEATURES="-selinux" emerge -1 selinux-base
FEATURES="-selinux" emerge selinux-base-policy
echo and another reboot?
rlpkg -a -r
rc-update add selinux_gentoo boot
echo yet another reboot maybe?
setsebool -P global_ssp on
semanage login -a -s staff_u vagrant
restorecon -R -F /home/vagrant
semanage user -m -R "staff_r sysadm_r system_r" root
semanage user -m -R "staff_r sysadm_r system_r" staff_u