selinux/python
Nicolas Iooss f39c0ac637 python/chcat: fix removing categories on users with Fedora default setup
Using Vagrant with fedora/28-cloud-base image, SELinux logins are
configured this way:

    # semanage login -l
    Login Name           SELinux User         MLS/MCS Range        Service

    __default__          unconfined_u         s0-s0:c0.c1023       *
    root                 unconfined_u         s0-s0:c0.c1023       *
    vagrant              unconfined_u         s0-s0:c0.c1023       *

Using "chcat -l +c42 vagrant" successfully adds the category to user
vagrant, but "chcat -l -- -c42 vagrant" fails to remove it.
semanage login -l returns:

    vagrant              unconfined_u         s0-s0:c0.c1023,c42   *

This issue is caused by expandCats(), which refuses to return a list of
more than 25 categories. This causes chcat_user_remove() to work with
cats=['c0.c1023,c42'] instead of cats=['c0.c102','c42'], which leads to
it not been able to remove 'c42' from the list.

Fix this issue by splitting the list of categories before calling
expandCats().

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-12-11 12:39:09 +01:00
..
audit2allow python: add xperms support to audit2allow 2018-06-16 10:36:14 +02:00
chcat python/chcat: fix removing categories on users with Fedora default setup 2018-12-11 12:39:09 +01:00
semanage python/semanage: Start exporting "ibendport" and "ibpkey" entries 2018-12-09 16:09:08 +01:00
sepolgen python: remove semicolon from end of lines 2018-08-19 17:55:19 +02:00
sepolicy python: replace aliases with corresponding type names 2018-11-10 17:26:13 +01:00
COPYING Add COPYING files for new subdirs. 2016-11-16 11:19:51 -05:00
Makefile Move policycoreutils/{sepolicy,audit2allow,semanage,scripts/chcat*} and sepolgen to python. 2016-11-16 11:19:50 -05:00
VERSION Update VERSIONs to 2.8 for release. 2018-05-24 14:21:09 -04:00