The following SELinux el6 build which has almost all the gluster-SELinux fixes in RHEL-6.7 is what I see as a possible candidate for setting this dependency: 

#####
https://brewweb.devel.redhat.com/buildinfo?buildID=443534
#####

Miroslav/Milos, please confirm if this is the case.

This decision is wrong. The right thing to do is to check for and use the selinux command line tools during %posttrans and a %triggerpostin for selinux-policy-targeted.

I already have a build ready for verification, just need the right flags on this BZ.

With the latest build of samba: samba-4.1.17-10.el6rhs
As discussed and raised regarding the dependencies for selinux package to be created for ctdb , the specific version of selinux package: selinux-policy-targeted-3.7.19-279.el6.noarch should have been made dependent.

As per brew logs it seems we have a generic dependency on following package:
selinux-policy-targeted Which may cause issues in certain scenarios where the booleans which we are trying to set are not available in the older selinux package and someone doesn't upgrade the selinux package.

Even though we recommend to do yum update and pull in all latest package but in case if only ctdb and samba packages are updated and not selinux package then the booleans will not get set and the issue will still persist, so as discussed and decided  let's have the dependency on specific verison of selinux so that while doing install/upgrade of samba and ctdb package , the selinux is up-to-date and we don't hit any AVC's or issues.

Moving the BZ to assigned.

Verified with latest samba build samba-4.1.17-12.el6rhs that it has dependency on selinux package selinux-policy-targeted >= 3.7.19-279 and it sets the required boolean when samba is installed /updated.

Steps performed:

1.Check the boolean:
getsebool samba_load_libgfapi
Error getting active value for samba_load_libgfapi

2. Install/update samba without having repo for latest selinux package , it fails because of dependencies:


--> Running transaction check
---> Package samba-vfs-glusterfs.x86_64 0:4.1.17-12.el6rhs will be installed
--> Processing Dependency: selinux-policy-targeted >= 3.7.19-279 for package: samba-vfs-glusterfs-4.1.17-12.el6rhs.x86_64
--> Finished Dependency Resolution
Error: Package: samba-vfs-glusterfs-4.1.17-12.el6rhs.x86_64 (RH-Gluster-3-Samba-)
           Requires: selinux-policy-targeted >= 3.7.19-279
           Available: selinux-policy-targeted-3.7.19-54.el6.noarch (rhel-6-server-rpms)
               selinux-policy-targeted = 3.7.19-54.el6
           Available: selinux-policy-targeted-3.7.19-54.el6_0.3.noarch (rhel-6-server-rpms)
               selinux-policy-targeted = 3.7.19-54.el6_0.3
           Available: selinux-policy-targeted-3.7.19-54.el6_0.5.noarch (rhel-6-server-rpms)
               selinux-policy-targeted = 3.7.19-54.el6_0.5
           Available: selinux-policy-targeted-3.7.19-93.el6.noarch (rhel-6-server-rpms)

3. Add the repo for latest selinux package and then do yum install/update samba,
the required selinux package gets installed and boolean is set successfully.

4. Check teh boolean again:

getsebool samba_load_libgfapi
samba_load_libgfapi --> 

5. No AVC's seen.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1495.html