Bug ID | 1223538 |
---|---|
Summary | [SELinux] Installing selinux-policy-targeted with recommends enabled brings in 600 packages |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | alex.bradatan85@yahoo.it |
QA Contact | security-team@suse.de |
Target Milestone | --- |
Found By | --- |
Blocker | --- |
Created attachment 874561 [details]
Zypper output from a fresh distrobox container
Operating System: openSUSE Tumbleweed
SELinux status, mode and policy name: Enabled, Enforcing, Targeted
SELinux policy version and repository: 20240321-1.2
When trying to install selinux-policy-targeted on fresh installation with
recommends turned ON, zypper wants to install ~600 packages, some of which are:
- CMake
- Jupyter
- pandoc-cli (with all ghc-* requirements it has)
- Qt 6
Did some digging and found that one of the problematic chain is the following:
1. selinux requires policycoreutils >= 3.6
2. policycoreutils recommends setools-console
3. setools-console requires python3-setools = 4.5.0
4. python3-setools requires python3-networkx
5. python3-networkx seems to be the problematic dependency
Another is the following:
1. Any package providing a policy using %{selinux_requires} will require
policycoreutils-python-utils
2. policycoreutils-python-utils requires python3-policycoreutils
3. python3-policycoreutils requires python3-setools
4. python3-setools requires python3-networkx
5. python3-networkx seems to be the problematic dependency
This happens also when running DUP on a box with Tumbleweed and SElinux already
installed (last update was ~2 weeks ago).