-
Bug
-
Resolution: Done
-
Major
-
rhel-9.6
-
selinux-policy-38.1.55-2.el9
-
None
-
Important
-
ZStream
-
1
-
rhel-security-selinux
-
ssg_security
-
0.5
-
QE ack, Dev ack
-
False
-
No
-
SELINUX 250806: 10
-
Approved Blocker
-
-
Pass
-
Automated
-
Release Note Not Required
-
None
What were you trying to do that didn't work?
Installing selinux-policy-automotive pulls in additional dependencies compared to selinux-policy-targeted, extending the footprint of all automotive deployments.
What is the impact of this issue to you?
As a result, Python is also pulled in, significantly expanding automotive safety scope and, potentially, attack surface.
Please provide the package NVR for which the bug is seen:
selinux-policy-38.1.53-2.el9
How reproducible is this bug?:
Always
Steps to reproduce
- Install selinux-policy-automotive in a minimal automotive environment, compare the resulting installed package set to that of installing selinux-policy targeted instead.
- Notice the difference, notably policycoreutils-python-utils and its dependencies being pulled in.
Expected results
policycoreutils-python-utils and its dependencies are installed.
Actual results
policycoreutils-python-utils and its dependencies are NOT installed.
- links to
