@@ -85,7 +85,7 @@
#define TEMPLATE_USERID "%{USERID}"
#define FALLBACK_SENAME "user_u"
-#define FALLBACK_PREFIX "user"
+#define FALLBACK_PREFIX "object_r"
#define FALLBACK_LEVEL "s0"
#define FALLBACK_NAME "[^/]+"
#define FALLBACK_UIDGID "[0-9]+"
@@ -240,7 +240,7 @@ int semanage_user_create(semanage_handle_t * handle,
goto err;
/* Initialize the prefix for migration purposes */
- if (semanage_user_extra_set_prefix(handle, tmp_user->extra, "user") < 0)
+ if (semanage_user_extra_set_prefix(handle, tmp_user->extra, "object_r") < 0)
goto err;
*user_ptr = tmp_user;
@@ -349,7 +349,7 @@ hidden int semanage_user_join(semanage_handle_t * handle,
< 0)
goto err;
if (semanage_user_extra_set_prefix
- (handle, tmp_user->extra, "user") < 0)
+ (handle, tmp_user->extra, "object_r") < 0)
goto err;
}
There are a few references to the "user" prefix that have to be changed to a valid role so that cil_resolve_userprefix can be made to validate the given role. Fortunately object_r is alway's there. I do not like to hard-code identifiers but I see no other option. Signed-off-by: Dominick Grift <dac.override@gmail.com> --- libsemanage/src/genhomedircon.c | 2 +- libsemanage/src/user_record.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)