diff options
Diffstat (limited to 'src/providers/ipa/selinux_child.c')
-rw-r--r-- | src/providers/ipa/selinux_child.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c index d46703896..2f79dea10 100644 --- a/src/providers/ipa/selinux_child.c +++ b/src/providers/ipa/selinux_child.c @@ -146,7 +146,15 @@ static int sc_set_seuser(const char *login_name, const char *seuser_name, * the directories are created with the expected permissions */ old_mask = umask(0); - ret = set_seuser(login_name, seuser_name, mls); + if (strcmp(seuser_name, "") == 0) { + /* An empty SELinux user should cause SSSD to use the system + * default. We need to remove the SELinux user from the DB + * in that case + */ + ret = del_seuser(login_name); + } else { + ret = set_seuser(login_name, seuser_name, mls); + } umask(old_mask); return ret; } |