Just the dependency may even not be enough, the libvirtd service needs to be restarted, if it is running, and /run/libvirt/common removed *after* selinux-policy update.

The RHEL 8.5 policy package with the support is selinux-policy-3.14.3-71.el8.

This request does not make sense to me. RHEL 8.5 will contain selinux-policy
-71 or even newer, which means users cannot get a combination of new libvirt
and old selinux-policy unless they selectively update libvirt without updating
selinux-policy, which I believe is an unsupported configuration.

(In reply to Jiri Denemark from comment #2)
> This request does not make sense to me. RHEL 8.5 will contain selinux-policy
> -71 or even newer, which means users cannot get a combination of new libvirt
> and old selinux-policy unless they selectively update libvirt without
> updating
> selinux-policy, which I believe is an unsupported configuration.

I don't think so. From https://bugzilla.redhat.com/show_bug.cgi?id=1679569 , the selective update could happen in the customers' env and cause troubles.

Bulk update: Move RHEL-AV bugs to RHEL9. If necessary to resolve in RHEL8, then clone to the current RHEL8 release.

It was pointed out to me this bug should probably not have moved as part of the bulk migration to RHEL9, moving it back to RHEL-AV for now.

I added the Tracking keyword as a mechanism to avoid automated copying from AV by me, but also as a way to make sure we resolve this one way or another

It's not clear what is meant by "selective update" - that appears to me to be "exception to the rule" type operation.

If the expectation is that this needs to be resolved in AV 8.5.0, then set the appropriate flags (exception/blocker) with ITR=8.5.0. If this will still be a problem for 8.6.0, then it could be moved to RHEL 8.6.0. Optionally it could be documented in some way.

(In reply to John Ferlan from comment #5)
> It was pointed out to me this bug should probably not have moved as part of
> the bulk migration to RHEL9, moving it back to RHEL-AV for now.
> 
> I added the Tracking keyword as a mechanism to avoid automated copying from
> AV by me, but also as a way to make sure we resolve this one way or another
> 
> It's not clear what is meant by "selective update" - that appears to me to
> be "exception to the rule" type operation.
"selective update" means only update 'libvirt*' packages.
> 
> If the expectation is that this needs to be resolved in AV 8.5.0, then set
> the appropriate flags (exception/blocker) with ITR=8.5.0. If this will still
> be a problem for 8.6.0, then it could be moved to RHEL 8.6.0. Optionally it
> could be documented in some way.

ITR=8.5.0 is set.

Jiri - is this something that can/will be able to be fixed in the 8.5.0 timeframe (e.g. need an exception)? If not, does resolution belong in RHEL8? or RHEL9?

I'm guessing some bot will come along again and wipe out the ITR since exception/blocker wasn't used.

"selective update" means updating libvirt to the version shipped in RHEL 8.5.0
while keeping selinux-policy in its RHEL 8.4.0 version. I guess normally users
would just update all or nothing.

Anyway, adding the dependency is easy and we can do that just to make sure
such situation does not happen (by accident, misconfiguration or something).
But whether it is important enough to justify an exception is different
question...

So in your opinion then, can the ITR=8.5.0 be removed? or will there a patch generated? 

I agree in principal with your assertion regarding justifying an exception, but would prefer that you make that decision.

Does it make sense to keep this bug open or should it be moved to RHEL?

OK, I don't think this is worth addressing. It only made sense in a small
period of RHEL(-AV) 8.5.0 development and it is not applicable anywhere else.