Now things related to selinux, policy, etc. have been changing so radidly that my memory may be incorrect. IIRC, it used to be that if I logged in from gdm as a sysadm_r user (staff_r and sysadm_r) as defined in users, I would be logged in with sysadm_r. This appears to have changed (or my memory is faulty). The default for a sysadm_r user is to get staff_r and must use newrole -r sysadm_r to get that. Good! That is the way I think it should work. The same is true for root. As far as selinux is concerned, root is just another sysadm_r user and the default role logging in from gdm is staff_r. Is this what should be done. This will certainly be a change for most users. When I login as root from gdm, I do not expect that I will be prompted for root's password when I invoke system-config-users from the menu. I also notice that doing an "su -" to root or another sysadm_r user will default to sysadm_r role for that user. if it is from another sysadm_r user, then I get a choice of sysadm_r (default) or staff_r. If it is from a user_r user, then no choice, I just get sysadm_r. Comments?? Is this how things should work?? This is not criticism, just wondering. Gene
