useradd: check MLS enablement before setting serange Resolves: https://github.com...

diff --git a/lib/semanage.c b/lib/semanage.c
index 54f9962381b77a826e7347f06089a41a715ff1ea..082a6e8eeadc73b1e6d2dd5200f40bf5ea11264d 100644 (file)
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -122,12 +122,14 @@ static int semanage_user_mod (semanage_handle_t *handle,
                goto done;
        }
 
-       ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-       if (ret != 0) {
-               fprintf (shadow_logfd,
-                        _("Could not set serange for %s\n"), login_name);
-               ret = 1;
-               goto done;
+       if (semanage_mls_enabled(handle)) {
+               ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+               if (ret != 0) {
+                       fprintf (shadow_logfd,
+                                _("Could not set serange for %s\n"), login_name);
+                       ret = 1;
+                       goto done;
+               }
        }
 
        ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
@@ -179,13 +181,14 @@ static int semanage_user_add (semanage_handle_t *handle,
                goto done;
        }
 
-       ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-       if (ret != 0) {
-               fprintf (shadow_logfd,
-                        _("Could not set serange for %s\n"),
-                        login_name);
-               ret = 1;
-               goto done;
+       if (semanage_mls_enabled(handle)) {
+               ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+               if (ret != 0) {
+                       fprintf (shadow_logfd,
+                                _("Could not set serange for %s\n"), login_name);
+                       ret = 1;
+                       goto done;
+               }
        }
 
        ret = semanage_seuser_set_sename (handle, seuser, seuser_name);