selinux/python/chcat
Nicolas Iooss f39c0ac637 python/chcat: fix removing categories on users with Fedora default setup
Using Vagrant with fedora/28-cloud-base image, SELinux logins are
configured this way:

    # semanage login -l
    Login Name           SELinux User         MLS/MCS Range        Service

    __default__          unconfined_u         s0-s0:c0.c1023       *
    root                 unconfined_u         s0-s0:c0.c1023       *
    vagrant              unconfined_u         s0-s0:c0.c1023       *

Using "chcat -l +c42 vagrant" successfully adds the category to user
vagrant, but "chcat -l -- -c42 vagrant" fails to remove it.
semanage login -l returns:

    vagrant              unconfined_u         s0-s0:c0.c1023,c42   *

This issue is caused by expandCats(), which refuses to return a list of
more than 25 categories. This causes chcat_user_remove() to work with
cats=['c0.c1023,c42'] instead of cats=['c0.c102','c42'], which leads to
it not been able to remove 'c42' from the list.

Fix this issue by splitting the list of categories before calling
expandCats().

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-12-11 12:39:09 +01:00
..
chcat python/chcat: fix removing categories on users with Fedora default setup 2018-12-11 12:39:09 +01:00
chcat.8 Move policycoreutils/{sepolicy,audit2allow,semanage,scripts/chcat*} and sepolgen to python. 2016-11-16 11:19:50 -05:00
Makefile python: build: follow standard semantics for DESTDIR and PREFIX 2018-02-14 20:02:01 +01:00