#!/bin/sh -efu

# This file is a part of ALT Linux SeLinux policy.
# Copyright (C) 2013 ALT Linux company

# Turn on libshell verbose mode
verbose=1

# Require libshell
. shell-error
. shell-quote
. shell-config
. shell-var
. shell-args

readonly STAGE2_HELPER="slrun2"

show_help()
{
    cat <<EOF
Usage: $PROG -l <LEVEL> -c <COMMAND> [ -- <COMMAND'S ARGS> ]

SeLinux launcher for ALTLinux

Options:

  -c, --cmd=<COMMAND> Command to run;
  -l, --level=<LEVEL> Multi-Level Security context;
  -h, --help          show this text and exit;

Report bugs to http://bugzilla.altlinux.org/

EOF
    exit
}


#
# STAR FROM HERE
#

GETOPT_ALLOW_UNKNOWN=1
TEMP=`getopt -n $PROG -o 'l:c:,h' -l 'level:,cmd:,help' -- "$@"` || show_usage
eval set -- "$TEMP"

CMD=
MLS=
while :; do
    case "$1" in
        -c|--cmd) shift
            CMD="$1"
            ;;
        -l|--level) shift
            MLS="$1"
            ;;
        -h|--help) show_help
            ;;
        --) shift; break
            ;;
    esac
    shift
done

[ -n "$MLS" ] || show_usage
[ -n "$CMD" ] || show_usage

# `newrole' command allows preserve current environment by passing `-p'
# If so, set new few ENV variables.

# Do all preparation at corresponding security context
exec newrole -p -l "$MLS" -- \
  -c "\"$STAGE2_HELPER\" \
        -l \"$MLS\" \
        -c \"$(quote_shell "$CMD")\" \
        -- \
        $(for i in "$@"; do echo -n "\"$(quote_shell "$i")\" " ;done)"

# vim: ai ts=2 sw=2 et sts=2 ft=sh
# vim: autoindent tabstop=2 shiftwidth=2 expandtab softtabstop=2 filetype=sh
