Bug 1373297 - openssh can't be installed without selinux-policy
Summary: openssh can't be installed without selinux-policy
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openssh
Version: 7.3
Hardware: All
OS: Linux
Target Milestone: rc
: 7.3
Assignee: Jakub Jelen
QA Contact: Stanislav Zidek
Depends On:
TreeView+ depends on / blocked
Reported: 2016-09-05 21:34 UTC by Petr Lautrbach
Modified: 2016-11-03 20:20 UTC (History)
4 users (show)

Fixed In Version: openssh-6.6.1p1-31.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-11-03 20:20:42 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2588 0 normal SHIPPED_LIVE Moderate: openssh security, bug fix, and enhancement update 2016-11-03 12:09:45 UTC

Description Petr Lautrbach 2016-09-05 21:34:18 UTC
Description of problem:

Since 6.6.1p1-29.el7 release, openssh can't be installed without selinux-policy. This is a regression against rhel-7.2 where openssh package doesn't require selinux-policy at all.

The problem is in this patch:

+Requires: selinux-policy >= 3.13.1-92
 Requires: libselinux >= 1.27.7

Given that openssh is always compiled with SELinux support, it brings a hard requirement on selinux-policy. However, openssh can be used without SELinux and selinux-policy. I believe that the correct change would be:

-Requires: selinux-policy >= 3.13.1-92
+Conflicts: selinux-policy < 3.13.1-92
 Requires: libselinux >= 1.27.7

Comment 4 Jakub Jelen 2016-09-06 09:23:47 UTC
Related Fedora Packaging Guidelines (that I missed) for future reference:

Comment 9 errata-xmlrpc 2016-11-03 20:20:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.