1212083 – Update selinux related packages to latest version

Bug 1212083 - Update selinux related packages to latest version

Summary: Update selinux related packages to latest version

Status:	RESOLVED INVALID

Alias:	None

Product:	PUBLIC SUSE Linux Enterprise Server 15 SP4
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	unspecified
Hardware:	S/390-64 SLES 15

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-06-07 05:22 UTC by Prabhav Thali
Modified:	2023-06-07 07:00 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Prabhav Thali 2023-06-07 05:22:00 UTC

Hello team,

##Observation:
While building docker-ce binaries for s390x on SLES 15.4, faced below issue:

Problem: the to be installed selinux-policy-20230214-150400.182.1.noarch requires 'policycoreutils >= 3.5', but this requirement cannot be provided.

In SUSE repositories, policycoreutils v3.1 is available.

Policycoreutils is needed as we need to install container-selinux as mentioned here(https://github.com/docker/docker-ce-packaging/blob/e43fbd37e48fde49d907b9195f23b13537521b94/rpm/SPECS/docker-ce.spec#L18). 

And following is the dependency tree of container-selinux:
# curl -O https://ftp.gwdg.de/pub/opensuse/repositories/security:/SELinux/15.4/noarch/container-selinux-2.215.0-150400.1.3.noarch.rpm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 60756  100 60756    0     0  87648      0 --:--:-- --:--:-- --:--:-- 87544
# rpm -qpR ./container-selinux-2.215.0-150400.1.3.noarch.rpm
warning: ./container-selinux-2.215.0-150400.1.3.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID 93b832ee: NOKEY
/bin/sh
/bin/sh
/bin/sh
/bin/sh
/usr/bin/sed
policycoreutils
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsXz) <= 5.2-1
selinux-policy >= 20230425-150400.194.8
selinux-policy-base >= 20230425
selinux-policy-targeted >= 20230425
selinux-tools

##Details:
As container-selinux requires selinux-policy >= 20230425-150400.194.8 and selinux-policy requires policycoreutils >= 3.5, it fails. However, in SUSE repositories selinux related packages are having v3.1(which is quite old). 

Will it be possible to upgrade the selinux-related packages(libselinux1, libsemanage, libsepol, policycoreutils) in SUSE repositories whenever a new release is out for selinux-policy?

Comment 1 Johannes Segitz 2023-06-07 07:00:39 UTC

Please have a look at the SLES documentation. If you want to use the unofficial policy provided you need to use the https://build.opensuse.org/project/show/security:SELinux_legacy repository. If you use security:SELinux you also need to use the updated toolchain in there.

Updating the toolchain packages in 15.4 is tricky and would require an ECO