From dd178aaababba402adf448a267bfd7f198e3a7ff Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Thu, 30 Mar 2023 11:02:44 -0500
Subject: [PATCH] Add semanage.sh script

The `semanage.sh` script starts an interactive shell in an alternate
mount namespace where `/etc/selinux` and `/var/lib/selinux` are
bind-mounted from the target filesystem.  This allows SELinux management
commands like `setsebool`, `semodule, `semanage`, etc. to work on the
target policy, since not all of them directly support working on an
alternate policy.
---
 semanage.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100755 semanage.sh

diff --git a/semanage.sh b/semanage.sh
new file mode 100755
index 0000000..a12026c
--- /dev/null
+++ b/semanage.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+if [ -z ${UNSHARED} ]; then
+	export UNSHARED=1
+	exec unshare -m "$0" "$@"
+fi
+unset UNSHARED
+mount -o bind /mnt/gentoo/etc/selinux /etc/selinux
+mount -o bind /mnt/gentoo/var/lib/selinux /var/lib/selinux
+exec bash