Dave Airlie wrote:
disabling root login just seems like the wrong answer, a hack to
workaround the fact that we can't fully enable selinux.
Crippling root with SELinux so it is practically no longer root isn't any
more useful than just disallowing it (they're both bad ideas).
Kevin Kofler