From 23634d8de7d01ed65bd70e316d4da4fe4d9b370d Mon Sep 17 00:00:00 2001
From: genBTC <genBTC@gmx.com>
Date: Tue, 23 Aug 2022 10:25:51 -0400
Subject: [PATCH] useradd: check MLS enablement before setting serange
 Resolves: https://github.com/shadow-maint/shadow/issues/552

---
 lib/semanage.c | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/lib/semanage.c b/lib/semanage.c
index 54f99623..082a6e8e 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -122,12 +122,14 @@ static int semanage_user_mod (semanage_handle_t *handle,
 		goto done;
 	}
 
-	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-	if (ret != 0) {
-		fprintf (shadow_logfd,
-		         _("Could not set serange for %s\n"), login_name);
-		ret = 1;
-		goto done;
+	if (semanage_mls_enabled(handle)) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+		if (ret != 0) {
+			fprintf (shadow_logfd,
+			         _("Could not set serange for %s\n"), login_name);
+			ret = 1;
+			goto done;
+		}
 	}
 
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
@@ -179,13 +181,14 @@ static int semanage_user_add (semanage_handle_t *handle,
 		goto done;
 	}
 
-	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-	if (ret != 0) {
-		fprintf (shadow_logfd,
-		         _("Could not set serange for %s\n"),
-		         login_name);
-		ret = 1;
-		goto done;
+	if (semanage_mls_enabled(handle)) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+		if (ret != 0) {
+			fprintf (shadow_logfd,
+			         _("Could not set serange for %s\n"), login_name);
+			ret = 1;
+			goto done;
+		}
 	}
 
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);