SElinux settings different for upgrade vs full-install

[max]

Douglas Otis wrote:
> When logging in as root on an upgraded system,  the desktop would not load
> (gconf related errors), and there appeared to be no way to shutdown or
> escape beyond hitting the system reset while seeing mostly a blank screen.
> 
> There was a difference noticed between a full-install and the upgrade from
> Fedora 8.  User Mapping for "root" had been "root", whereas the full-install
> had this set to "unconfined_u" (which is also the default).  Making this
> change seems to have fixed the problem noticed when starting a graphical
> logon as root.
> 

Logging in graphically as root is discouraged. I am not sure if there is 
a question here.
Upgrades are often screwy. I don't generally do upgrades so I can't help 
you much here.

> After making this change, the system Default Policy Type also changed to
> "targeted".  Being new to SElinux, it is hard to know the risk this may

Default policy is targeted, this is normal.

> represent, if any.  Does anyone know?  Should the policy exceptions be used
> to modify SElinux instead?

I am not sure what you mean by this question. The policy defines what is 
allowed. If its not allowed in policy then its denied.

This should help answer some of your questions. Flip back to the first 
entry. Be patient and read all of it. I need to reread it all myself.

http://danwalsh.livejournal.com/

This is just one source of information. If you want more let me know.

So much information so little time.

-Max

-- 
Fortune favors the BOLD