Bug ID 1223538
Summary [SELinux] Installing selinux-policy-targeted with recommends enabled brings in 600 packages
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter alex.bradatan85@yahoo.it
QA Contact security-team@suse.de
Target Milestone ---
Found By ---
Blocker --- 

Created attachment 874561 [details]
Zypper output from a fresh distrobox container

Operating System: openSUSE Tumbleweed
SELinux status, mode and policy name: Enabled, Enforcing, Targeted
SELinux policy version and repository: 20240321-1.2



When trying to install selinux-policy-targeted on fresh installation with
recommends turned ON, zypper wants to install ~600 packages, some of which are:

- CMake
- Jupyter
- pandoc-cli (with all ghc-* requirements it has)
- Qt 6

Did some digging and found that one of the problematic chain is the following:

1. selinux requires policycoreutils >= 3.6
2. policycoreutils recommends setools-console
3. setools-console requires python3-setools = 4.5.0
4. python3-setools requires python3-networkx
5. python3-networkx seems to be the problematic dependency

Another is the following:

1. Any package providing a policy using %{selinux_requires} will require
   policycoreutils-python-utils
2. policycoreutils-python-utils requires python3-policycoreutils
3. python3-policycoreutils requires python3-setools
4. python3-setools requires python3-networkx
5. python3-networkx seems to be the problematic dependency

This happens also when running DUP on a box with Tumbleweed and SElinux already
installed (last update was ~2 weeks ago).

You are receiving this mail because: