--- nsapolicycoreutils/semanage/seobject.py	2006-11-16 17:14:26.000000000 -0500
+++ policycoreutils-1.33.6/semanage/seobject.py	2006-12-20 14:59:04.000000000 -0500
@@ -94,23 +94,25 @@
 	return re.search("^" + reg +"$",raw)
 
 def translate(raw, prepend = 1):
-	if prepend == 1:
-		context = "a:b:c:%s" % raw
+        filler="a:b:c:"
+        if prepend == 1:
+		context = "%s%s" % (filler,raw)
 	else:
 		context = raw
-	(rc, trans) = selinux.selinux_raw_to_trans_context(context)
+ 	(rc, trans) = selinux.selinux_raw_to_trans_context(context)
 	if rc != 0:
 		return raw
 	if prepend:
-		trans = trans.strip("a:b:c")
+		trans = trans[len(filler):]
 	if trans == "":
 		return raw
 	else:
 		return trans
 	
 def untranslate(trans, prepend = 1):
+        filler="a:b:c:"
  	if prepend == 1:
-		context = "a:b:c:%s" % trans
+		context = "%s%s" % (filler,trans)
 	else:
 		context = trans
 
@@ -118,7 +120,7 @@
 	if rc != 0:
 		return trans
 	if prepend:
-		raw = raw.strip("a:b:c")	
+		raw = raw[len(filler):]
 	if raw == "":
 		return trans
 	else:
@@ -157,7 +159,7 @@
 	def out(self):
 		rec = ""
 		for c in self.comments:
-			rec += c +"\n"
+			rec += c
 		keys = self.ddict.keys()
 		keys.sort()
 		for k in keys:
@@ -204,7 +206,8 @@
 		os.write(fd, self.out())
 		os.close(fd)
 		os.rename(newfilename, self.filename)
-
+                os.system("/sbin/service mcstrans reload > /dev/null")
+                
 class semanageRecords:
 	def __init__(self):
 		self.sh = semanage_handle_create()
@@ -456,7 +460,8 @@
 				rc = semanage_user_set_mlslevel(self.sh, u, selevel)
 				if rc < 0:
 					raise ValueError(_("Could not set MLS level for %s") % name)
-
+                        if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0:
+                               raise ValueError(_("Invalid prefix %s") % prefix)
 			rc = semanage_user_set_prefix(self.sh, u, prefix)
 			if rc < 0:
 				raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@@ -522,11 +527,17 @@
 				semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
 
 			if prefix != "":
-				semanage_user_set_prefix(self.sh, u, prefix)
+                               if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
+                                      raise ValueError(_("Invalid prefix %s") % prefix)
+                               semanage_user_set_prefix(self.sh, u, prefix)
 
 			if len(roles) != 0:
-				for r in roles:
-					semanage_user_add_role(self.sh, u, r)
+                               for r in rlist:
+                                      if r not in roles:
+                                             semanage_user_del_role(u, r)
+                               for r in roles:
+                                      if r not in rlist:
+                                             semanage_user_add_role(self.sh, u, r)
 
 			rc = semanage_begin_transaction(self.sh)
 			if rc < 0: