diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude Makefile old/libsepol/src/user_record.c new/libsepol/src/user_record.c
--- old/libsepol/src/user_record.c	2005-10-31 05:49:40.000000000 -0500
+++ new/libsepol/src/user_record.c	2005-10-31 06:01:54.000000000 -0500
@@ -209,37 +209,41 @@ int sepol_user_set_roles(
 	size_t num_roles) {
 
 	size_t i;
+	char** tmp_roles = NULL;
+	char* tmp_def_role = NULL;
 
-	/* First, make a copy */
-	char** tmp_roles = (char**) calloc(1, sizeof(char*) * num_roles);
-	if (!tmp_roles) 
-		goto omem;
+	if (num_roles > 0) {
 
-	for (i = 0; i < num_roles; i++) {
-		tmp_roles[i] = strdup(roles_arr[i]); 
-		if (!tmp_roles[i])
-			goto omem;	
-	}
+		/* First, make a copy */
+		tmp_roles = (char**) calloc(1, sizeof(char*) * num_roles);
+		if (!tmp_roles) 
+			goto omem;
 
-	/* Try to set defrole - there should be no failures following
-	 * this call, since the old def role is not saved */
-	if (sepol_user_set_defrole(handle, user, tmp_roles[0]) < 0)
-		goto err;
+		for (i = 0; i < num_roles; i++) {
+			tmp_roles[i] = strdup(roles_arr[i]); 
+			if (!tmp_roles[i])
+				goto omem;	
+		}
 
+		tmp_def_role = strdup(tmp_roles[0]);
+		if (!tmp_def_role) 
+			goto omem;
+	}
+	
 	/* Apply other changes */
 	for (i = 0; i < user->num_roles; i++)
 		free(user->roles[i]);
 	free(user->roles);
+	free(user->def_role);
 	user->roles = tmp_roles;
 	user->num_roles = num_roles;
+	user->def_role = tmp_def_role;
+
 	return STATUS_SUCCESS;
 
 	omem:
-	ERR(handle, "out of memory");
-
-	err:
-	ERR(handle, "could not "
-		"allocate roles array for user %s", user->name);
+	ERR(handle, "out of memory, could not allocate roles array for"
+		"user %s", user->name);
 
 	if (tmp_roles) {
 		for (i = 0; i < num_roles; i++ ) {
@@ -247,8 +251,9 @@ int sepol_user_set_roles(
 				break;
 			free(tmp_roles[i]);
 		}
-		free(tmp_roles);
 	}
+	free(tmp_roles);
+	free(tmp_def_role);
 	return STATUS_ERR;	
 }