diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.8/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py	2006-11-16 17:14:26.000000000 -0500
+++ policycoreutils-1.33.8/semanage/seobject.py	2007-01-04 17:06:25.000000000 -0500
@@ -525,8 +525,12 @@
 				semanage_user_set_prefix(self.sh, u, prefix)
 
 			if len(roles) != 0:
-				for r in roles:
-					semanage_user_add_role(self.sh, u, r)
+                               for r in rlist:
+                                      if r not in roles:
+                                             semanage_user_del_role(u, r)
+                               for r in roles:
+                                      if r not in rlist:
+                                             semanage_user_add_role(self.sh, u, r)
 
 			rc = semanage_begin_transaction(self.sh)
 			if rc < 0: