On Wed, May 07, 2008 at 15:46:10 -0400, Stephen Smalley sds@tycho.nsa.gov wrote:
Ok, that's a known deficiency of how seusers is managed; it isn't managed by rpm and there isn't a clean split between base policy definitions and user customizations there.
The switch to unconfined_u came with the merging of strict and targeted policies into one policy, and that happened in F8. I suspect that there was some hackery in the F8 policy package to allow upgrades from F7 to work, but jumping straight from F5 to F9 wouldn't have done the same.
Thanks for the explanation.