Ensure targeted policy is installed by default

When installing [a package requiring] selinux-policy/-base/
rpm-plugin-selinux, selinux-policy-minimum is always chosen (based on
alphabetical order). This is not desirable and we'd like -targeted to be
picked as the default choice.

Since selinux-policy and selinux-policy-base are glued together because
of rpm-plugins-selinux, just have selinu-policy provide
selinux-policy-base, use a new metapackage selinux-policy-any to
represent "any of -targeted, -mls, or -minimum", and have selinux-policy
require -any.

Then adding "Suggests: selinux-policy-targeted" to selinux-policy has
the effect that -targeted is picked by default when any of
selinux-policy/-base/rpm-plugin-selinux is installed via "dnf install"
on a clean system.

This patch combines the ideas of Petr Lautrbach, Vit Mojzis, and myself.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
This commit is contained in:
Ondrej Mosnacek 2020-09-30 10:00:25 +02:00 committed by zpytela
parent e042be0581
commit 4d9a7e555f

View File

@ -75,6 +75,9 @@ BuildRequires: gcc
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(post): /bin/awk /usr/bin/sha512sum
Requires: rpm-plugin-selinux
Requires: selinux-policy-any = %{version}-%{release}
Provides: selinux-policy-base = %{version}-%{release}
Suggests: selinux-policy-targeted
%description
SELinux Base package for SELinux Reference Policy - modular.
@ -543,7 +546,7 @@ exit 0
%if %{BUILD_TARGETED}
%package targeted
Summary: SELinux targeted base policy
Provides: selinux-policy-base = %{version}-%{release}
Provides: selinux-policy-any = %{version}-%{release}
Obsoletes: selinux-policy-targeted-sources < 2
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils
@ -629,7 +632,7 @@ exit 0
%if %{BUILD_MINIMUM}
%package minimum
Summary: SELinux minimum base policy
Provides: selinux-policy-base = %{version}-%{release}
Provides: selinux-policy-any = %{version}-%{release}
Requires(post): policycoreutils-python-utils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils
Requires(pre): selinux-policy = %{version}-%{release}
@ -731,7 +734,7 @@ exit 0
%if %{BUILD_MLS}
%package mls
Summary: SELinux mls base policy
Provides: selinux-policy-base = %{version}-%{release}
Provides: selinux-policy-any = %{version}-%{release}
Obsoletes: selinux-policy-mls-sources < 2
Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}