From a5f9ef8b7fa7dd108270459325092a2be3847331 Mon Sep 17 00:00:00 2001
From: Martin Kletzander <mkletzan@redhat.com>
Date: Fri, 3 Mar 2023 15:09:19 +0100
Subject: [PATCH] semanage: Do not set default SELinux range

Both semanage and libsemanage actually set the user's mls range to the
default of the seuser, which makes more sense and removes a bit of code
for usermod and useradd.  More fine-grained details must always be set
with some other tool
(semanage) anyway.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
 lib/semanage.c | 24 ------------------------
 1 file changed, 24 deletions(-)

diff --git a/lib/semanage.c b/lib/semanage.c
index 3f21b3ee..bbb3f993 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -22,10 +22,6 @@
 
 #include "shadowlog_internal.h"
 
-#ifndef DEFAULT_SERANGE
-#define DEFAULT_SERANGE "s0"
-#endif
-
 
 format_attr(printf, 3, 4)
 static void semanage_error_callback (unused void *varg,
@@ -122,16 +118,6 @@ static int semanage_user_mod (semanage_handle_t *handle,
 		goto done;
 	}
 
-	if (semanage_mls_enabled(handle)) {
-		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-		if (ret != 0) {
-			fprintf (shadow_logfd,
-			         _("Could not set serange for %s\n"), login_name);
-			ret = 1;
-			goto done;
-		}
-	}
-
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
 	if (ret != 0) {
 		fprintf (shadow_logfd,
@@ -181,16 +167,6 @@ static int semanage_user_add (semanage_handle_t *handle,
 		goto done;
 	}
 
-	if (semanage_mls_enabled(handle)) {
-		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-		if (ret != 0) {
-			fprintf (shadow_logfd,
-			         _("Could not set serange for %s\n"), login_name);
-			ret = 1;
-			goto done;
-		}
-	}
-
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
 	if (ret != 0) {
 		fprintf (shadow_logfd,