Bug #49034
closedloosen or drop selinux-policy version requirement
0%
Description
The ceph-selinux subpackage always requires the latest version of CentOS or RHEL that we built against.
Requires(post): selinux-policy-base >= %{_selinux_policy_version}
Many other projects that ship their own SELinux policy subpackage cargo-cult this same thing. In fact Fedora has a packaging draft that recommends it, https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft (the Fedora Packaging Committee was never ratified it).
This causes problems in two scenarios:
- If we build Ceph on CentOS Stream, the ceph-selinux package will be uninstallable on RHEL.
- If we build Ceph on the latest RHEL 8, the ceph-selinux package package will be uninstallable on RHEL EUS.
I'm opening this ticket to see how we can loosen or drop the exact version requirement on selinux-policy-base.
Updated by Ken Dreyer over 3 years ago
This is actually codified in Fedora's %selinux_requires macro, https://github.com/fedora-selinux/selinux-policy-macros/commit/4a39c29c0dee97af122eed447de21f4592393567 , added as a result of this discussion: https://pagure.io/packaging-committee/issue/726#comment-480966
Updated by Ken Dreyer about 3 years ago
After discussion on the Fedora devel list with the SELinux developers, this does not sound like something we can support. https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/ZMY7Y4EPU2ACPFZBKP7KCQFUA3VJ2YOQ/