semanage: Do not set default SELinux range

Both semanage and libsemanage actually set the user's mls range to the default of the seuser, which makes more sense and removes a bit of code for usermod and useradd. More fine-grained details must always be set with some other tool (semanage) anyway. Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-03 15:09:19 +01:00
parent b44d7f78e0
commit a5f9ef8b7f
1 changed files with 0 additions and 24 deletions
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -22,10 +22,6 @@

 #include "shadowlog_internal.h"

-#ifndef DEFAULT_SERANGE
-#define DEFAULT_SERANGE "s0"
-#endif
-

 format_attr(printf, 3, 4)
 static void semanage_error_callback (unused void *varg,
@@ -122,16 +118,6 @@ static int semanage_user_mod (semanage_handle_t *handle,
 		goto done;
 	}

-	if (semanage_mls_enabled(handle)) {
-		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-		if (ret != 0) {
-			fprintf (shadow_logfd,
-			         _("Could not set serange for %s\n"), login_name);
-			ret = 1;
-			goto done;
-		}
-	}
-
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
 	if (ret != 0) {
 		fprintf (shadow_logfd,
@@ -181,16 +167,6 @@ static int semanage_user_add (semanage_handle_t *handle,
 		goto done;
 	}

-	if (semanage_mls_enabled(handle)) {
-		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-		if (ret != 0) {
-			fprintf (shadow_logfd,
-			         _("Could not set serange for %s\n"), login_name);
-			ret = 1;
-			goto done;
-		}
-	}
-
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
 	if (ret != 0) {
 		fprintf (shadow_logfd,