Petr Lautrbach <plautrba@xxxxxxxxxx> writes:
> Nicolas Iooss <nicolas.iooss@xxxxxxx> writes:
>
>> Using Vagrant with fedora/28-cloud-base image, SELinux logins are
>> configured this way:
>>
>> # semanage login -l
>> Login Name SELinux User MLS/MCS Range Service
>>
>> __default__ unconfined_u s0-s0:c0.c1023 *
>> root unconfined_u s0-s0:c0.c1023 *
>> vagrant unconfined_u s0-s0:c0.c1023 *
>>
>> Using "chcat -l +c42 vagrant" successfully adds the category to user
>> vagrant, but "chcat -l -- -c42 vagrant" fails to remove it.
>> semanage login -l returns:
>>
>> vagrant unconfined_u s0-s0:c0.c1023,c42 *
>>
>> This issue is caused by expandCats(), which refuses to return a list of
>> more than 25 categories. This causes chcat_user_remove() to work with
>> cats=['c0.c1023,c42'] instead of cats=['c0.c102','c42'], which leads to
>> it not been able to remove 'c42' from the list.
>>
>> Fix this issue by splitting the list of categories before calling
>> expandCats().
>>
>> Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
>
> Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx>
All 3 chcat patches merged. Thanks!
>
>> ---
>> python/chcat/chcat | 6 ++----
>> 1 file changed, 2 insertions(+), 4 deletions(-)
>>
>> diff --git a/python/chcat/chcat b/python/chcat/chcat
>> index 73f757258807..5bef0073b7a4 100755
>> --- a/python/chcat/chcat
>> +++ b/python/chcat/chcat
>> @@ -82,8 +82,7 @@ def chcat_user_add(newcat, users):
>> if len(serange) > 1:
>> top = serange[1].split(":")
>> if len(top) > 1:
>> - cats.append(top[1])
>> - cats = expandCats(cats)
>> + cats = expandCats(top[1].split(','))
>>
>> for i in newcat[1:]:
>> if i not in cats:
>> @@ -163,8 +162,7 @@ def chcat_user_remove(newcat, users):
>> if len(serange) > 1:
>> top = serange[1].split(":")
>> if len(top) > 1:
>> - cats.append(top[1])
>> - cats = expandCats(cats)
>> + cats = expandCats(top[1].split(','))
>>
>> for i in newcat[1:]:
>> if i in cats:
