SElinux settings different for upgrade vs full-install

On Tue, 2008-07-22 at 10:00 -0400, max wrote:
> Douglas Otis wrote:
> > When logging in as root on an upgraded system,  the desktop would not load
> > (gconf related errors), and there appeared to be no way to shutdown or
> > escape beyond hitting the system reset while seeing mostly a blank screen.
> > 
> > There was a difference noticed between a full-install and the upgrade from
> > Fedora 8.  User Mapping for "root" had been "root", whereas the full-install
> > had this set to "unconfined_u" (which is also the default).  Making this
> > change seems to have fixed the problem noticed when starting a graphical
> > logon as root.
> > 
> Logging in graphically as root is discouraged. I am not sure if there is 
> a question here.

Agreed.  This was done to investigate why the Panel System Monitor had
the View of All and My processes grayed out. : (

> > After making this change, the system Default Policy Type also changed to
> > "targeted".  Being new to SElinux, it is hard to know the risk this may
> Default policy is targeted, this is normal.
> > represent, if any.  Does anyone know?  Should the policy exceptions be used
> > to modify SElinux instead?
> I am not sure what you mean by this question. The policy defines what is 
> allowed. If its not allowed in policy then its denied.
> This should help answer some of your questions. Flip back to the first 
> entry. Be patient and read all of it. I need to reread it all myself.

This helps, thank you.  The upgrade had a silent problem with Python
which also affected Yum.  If the "triggers" described in the journal
depend upon Python or Yum, this might explain why the completion fixup
had not been made.  This was mentioned as a common problem, but is not
found in the wiki.  There appears to be a dependency gap in the RPM
packages for python as mentioned a few days ago.  These issues make
upgrading less inviting.

I just managed to replace the logon images which appear to emulate
Leopard mixed with Aurora. Unfortunately, the concentric ovals are not
at a reasonable perspective, are unnatural and, well, ugly.  The logon
image changing colors slightly every hour is hardly such a desired
feature to make up for the poor appearance IMHO.


